Microsoft Pop Up Tell Me I Have a Virus

**hopthwoks** · #1 3rd Jul 2009, 00:31

I had microsoft pop up telling me I had a virus Ran malwarebyts nothing . Ran super anti virus showed 16 problem .then remembered that I had Drweb scanner in computer and ran it . But i noticed that the same so called trojan keeps coming up.

aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe;Adware.Gdow n;;
aolcinst.exe;C:\Program Files\Common Files\aolback\Comps\coach;Archive contains infected objects;Moved.;
TSSetup.exe\data002;C:\Program Files\Common Files\aolback\Comps\tpspd\TSSetup.exe;Probably DLOADER.Trojan;;
TSSetup.exe;C:\Program Files\Common Files\aolback\Comps\tpspd;Archive contains infected objects;Moved.;
ppctl.dll;C:\Program Files\Common Files\Scanner;Probably DLOADER.Trojan;Moved.;
AIM.exe\data090;C:\AOL Instant Messenger\AIM.exe;Adware.Aws;;
AIM.exe;C:\AOL Instant Messenger;Archive contains infected objects;Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4381.3.4;Probably BACKDOOR.Trojan;Moved.;
A0089111.ocx;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP212;Adware.Gdown;Moved.;
A0089113.exe;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP212;Probably BACKDOOR.Trojan;Moved.;
A0101519.exe\data090;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP217\A0101519.exe;Adware.Aws;;
A0101519.exe;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP217;Archive contains infected objects;Moved.;
A0122098.bat;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP257;Probably BATCH.Virus;Moved.;
A0122542.bat;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP265;Probably BATCH.Virus;Moved.;
A0122632.bat;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP265;Probably BATCH.Virus;Moved.;
A0138379.exe\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP292\A0138379.exe;Adware.Gdown;;
A0138379.exe;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP292;Archive contains infected objects;Moved.;
A0139338.exe\data090;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP293\A0139338.exe;Adware.Aws;;
A0139338.exe;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP293;Archive contains infected objects;Moved.;
A0139364.exe\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP293\A0139364.exe;Adware.Gdown;;
A0139364.exe;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP293;Archive contains infected objects;Moved.;
A0139386.exe\data002;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP293\A0139386.exe;Probably DLOADER.Trojan;;
A0139386.exe;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP293;Archive contains infected objects;Moved.;
A0139531.DLL;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP296;Probably DLOADER.Trojan;Moved.;
A0156077.exe\data090;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP315\A0156077.exe;Adware.Aws;;
A0156077.exe;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP315;Archive contains infected objects;Moved.;
A0156103.exe\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP315\A0156103.exe;Adware.Gdown;;
A0156103.exe;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP315;Archive contains infected objects;Moved.;
A0156125.exe\data002;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP315\A0156125.exe;Probably DLOADER.Trojan;;
A0156125.exe;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP315;Archive contains infected objects;Moved.;
A0156545.DLL;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP317;Probably DLOADER.Trojan;Moved.;
A0157937.exe\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP327\A0157937.exe;Adware.Gdown;;
A0157937.exe;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP327;Archive contains infected objects;Moved.;
A0157938.exe\data002;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP327\A0157938.exe;Probably DLOADER.Trojan;;
A0157938.exe;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP327;Archive contains infected objects;Moved.;
A0157939.exe\data090;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP327\A0157939.exe;Adware.Aws;;
A0157939.exe;C:\System Volume Information\_restore{D9C30710-440A-4B3A-837F-765DA7B6372B}\RP327;Archive contains infected objects;Moved.;
And it will not fix the problem just move it.
What should I use to get that trojan off the computer once and for all?
Right now I have no anti virus running for this reason everyone I have tryed no matter if paid for or free keeps pulling Aol.( My ISP) as a virus.

**evilfantasy** · #2 3rd Jul 2009, 10:09

Update Malwarebytes and run a full scan then post the log please.

**hopthwoks** · #3 3rd Jul 2009, 13:29

updated malwarebytes
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2
7/2/2009 3:06:04 PM
mbam-log-2009-07-02 (15-06-04).txt
Scan type: Full Scan (C:\|)
Objects scanned: 168556
Time elapsed: 17 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

But after this scan was over a window poped up telling me there was an error and windows needed to close.

**evilfantasy** · #4 3rd Jul 2009, 14:52

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

----------

Download Rooter.exe to your desktop

* Double click Rooter.exe to start the tool.* A DOS window will appear and show the scan progress.
* Once complete a notepad file containing the report will open.
* Copy & paste the results in your next reply.
* Close notepad and Rooter will close.

A log will also save at %systemdrive%\Rooter.txt (Where %systemdrive% is usually C: or the drive that you have Windows installed).

**hopthwoks** · #5 3rd Jul 2009, 17:13

DDS (Ver_09-06-26.01) - FAT32x86
Run by Windows User at 19:43:32.90 on Fri 07/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.788 [GMT -4:00]

============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\Common Files\AOL\1246084174\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Jet Screenshot\jetScreenshot.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\WINDOW~1\MYDOCU~1\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.aol.com/
uWindow Title = Internet Explorer provided by epix®
mWindow Title = Internet Explorer provided by epix®
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} -
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
uRun: [Jet Screenshot] "c:\program files\jet screenshot\jetScreenshot.exe"
mRun: [Lexmark 5200 series] "c:\program files\lexmark 5200 series\lxbtbmgr.exe"
mRun: [LXBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBTtim e.dll,_RunDLLEntry@16
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HostManager] c:\program files\common files\aol\1246084174\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm
IE: &AIM Search
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: FarLsp.dll
Trusted Zone: 88sears.com\www
Trusted Zone: aol.com\www
Trusted Zone: comodo.com\www
Trusted Zone: computer-juice.com\www
Trusted Zone: giveawayoftheday.com\www
Trusted Zone: newegg.com\www
Trusted Zone: pchelpforum.com\www
Trusted Zone: searscard.com\www
Trusted Zone: statefarm.com\www
Trusted Zone: winpatrol.com\www
DPF: DirectAnimation Java Classes
DPF: Internet Explorer Classes for Java
DPF: Microsoft XML Parser for Java
DPF: Win32 Classes
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - hxxp://w4s2.work4sure.com/c/ge/w4sgeen9.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181748806125
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223016488385
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab
AppInit_DLLs: c:\windows\system32\cssdll32.dll
LSA: Notification Packages = scecli
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R3 Winacusb;Winacusb;c:\windows\system32\drivers\wina cusb.sys [2008-3-25 902860]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloservicemanager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloservicemanager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;c:\win dows\system32\drivers\FarDrive.sys [2003-4-2 140256]
S3 ousb2hub;OrangeWare USB 2.0 Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2008-2-27 53248]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavs rk.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavt pk.sys --> c:\windows\system32\PavTPK.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2008-4-9 48480]
============== File Associations ===============
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
=============== Created Last 30 ================
2009-07-03 02:49 <DIR> --d----- c:\docume~1\window~1\applic~1\licenses
2009-07-03 02:49 <DIR> --d----- c:\docume~1\window~1\applic~1\PCMM2009
2009-07-03 02:48 <DIR> --d----- c:\program files\PC MightyMax 2009
2009-07-01 09:43 <DIR> --d----- c:\docume~1\window~1\applic~1\ArcticLine
2009-07-01 09:43 <DIR> --d----- c:\program files\Jet Screenshot
2009-06-27 02:36 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-06-27 02:30 <DIR> --d----- C:\Install iTunes
2009-06-27 02:30 <DIR> --d----- C:\Install ICQ
2009-06-27 02:30 <DIR> --d----- C:\AOL Instant Messenger
2009-06-27 02:30 <DIR> --d----- C:\MAV
2009-06-27 02:29 <DIR> --d----- c:\program files\common files\aolshare
2009-06-27 02:29 <DIR> --d----- c:\program files\America Online 9.0
2009-06-24 22:33 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-24 22:05 <DIR> --d----- c:\windows\system32\scripting
2009-06-24 22:05 <DIR> --d----- c:\windows\l2schemas
2009-06-24 22:05 <DIR> --d----- c:\windows\system32\en
2009-06-24 22:05 <DIR> --d----- c:\windows\system32\bits
2009-06-24 21:56 67,584 a------- c:\windows\system32\drivers\sdbus.sys
2009-06-24 21:56 36,096 a------- c:\windows\system32\drivers\intelppm.sys
2009-06-24 21:56 15,488 a------- c:\windows\system32\drivers\mssmbios.sys
2009-06-24 21:56 12,416 a------- c:\windows\system32\drivers\tunmp.sys
2009-06-24 21:56 11,136 a------- c:\windows\system32\drivers\sffdisk.sys
2009-06-24 21:56 10,240 a------- c:\windows\system32\drivers\sffp_sd.sys
2009-06-24 21:56 262,784 a------- c:\windows\system32\drivers\http.sys
2009-06-24 21:54 2,012,670 a------- c:\windows\system32\dllcache\nt5.cat
2009-06-24 21:53 114,688 a------- c:\windows\system32\dllcache\wscript.exe
2009-06-24 21:50 <DIR> --d----- c:\windows\EHome
2009-06-24 02:10 <DIR> --d----- c:\program files\S.N.Safe&Software
2009-06-24 02:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\S.N.Safe&Software
2009-06-20 20:46 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-20 20:46 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-17 20:32 <DIR> --dsh--- C:\FOUND.020
2009-06-17 10:03 <DIR> --d-h--- c:\windows\ie8
2009-06-16 19:54 <DIR> --d----- c:\docume~1\window~1\applic~1\AVS4YOU
2009-06-16 19:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-06-16 19:53 <DIR> --d----- c:\program files\common files\AVSMedia
2009-06-16 19:53 1,700,352 a------- c:\windows\system32\GdiPlus.dll
2009-06-16 19:53 974,848 a------- c:\windows\system32\mfc70.dll
2009-06-16 19:53 487,424 a------- c:\windows\system32\msvcp70.dll
2009-06-16 19:53 344,064 a------- c:\windows\system32\msvcr70.dll
2009-06-16 19:53 <DIR> --d----- c:\program files\AVS4YOU
2009-06-12 21:45 3,120 a------- c:\windows\MF_C426.lfa
2009-06-11 16:27 <DIR> --d----- c:\program files\Fresh RAM
2009-06-11 16:21 <DIR> --dsh--- C:\FOUND.019
2009-06-11 11:55 5,465,088 a------- C:\Fresh RAM.msi
2009-06-09 02:29 <DIR> --d----- c:\docume~1\window~1\applic~1\Blitware
2009-06-09 02:29 <DIR> --d----- c:\program files\Driver Robot
2009-06-08 22:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-06-07 23:00 <DIR> --d----- c:\docume~1\window~1\applic~1\GetRightToGo
2009-06-07 19:38 7,680 a------- c:\windows\system32\spdwnwxp.exe
2009-06-07 19:38 19,569 a------- c:\windows\002865_.tmp
2009-06-06 23:57 <DIR> --dsh--- C:\Recycled
2009-06-06 10:46 <DIR> --d----- c:\program files\filehippo.com
2009-06-04 23:59 <DIR> --d----- c:\program files\DrWeb
2009-06-03 23:57 <DIR> a-dshr-- C:\cmdcons
2009-06-03 23:28 161,792 a------- c:\windows\SWREG.exe
2009-06-03 23:28 98,816 a------- c:\windows\sed.exe
==================== Find3M ====================
2009-06-27 02:16 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-11 18:43 1,744 a------- c:\windows\system32\d3d9caps.dat
2009-05-27 11:21 372 a------- c:\program files\ujhonz.txt
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 01:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-12 01:11 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-07 11:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-07 11:44 344,064 a------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 17:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 17:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 17:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 17:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 17:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 07:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-22 00:07 253,688 a------- c:\windows\system32\cssdll32.dll
2009-04-17 05:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-17 05:58 1,846,656 a------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 11:26 583,168 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 11:26 583,168 a------- c:\windows\system32\dllcache\rpcrt4.dll
2008-03-18 03:11 332 a------- c:\docume~1\window~1\applic~1\wklnhst.dat
2007-06-10 23:19 11,079 a------- c:\program files\folder.htt
2007-06-10 23:19 266 ---sh--- c:\program files\desktop.ini
============= FINISH: 19:43:58.97 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/13/2007 12:27:51 AM
System Uptime: 7/3/2009 6:50:56 PM (1 hours ago)
Motherboard: ECS | | K7S5A
Processor: AMD Athlon(tm) XP 1900+ | Socket-A | 1593/66mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (FAT32) - 112 GiB total, 90.479 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP205: 3/27/2009 3:00:16 AM - Software Distribution Service 3.0
RP206: 3/27/2009 3:38:07 AM - Software Distribution Service 3.0
RP207: 3/28/2009 3:52:35 AM - System Checkpoint
RP208: 3/29/2009 10:01:09 PM - Software Distribution Service 3.0
RP209: 6/6/2009 10:52:13 PM - Installed Mavis Beacon Teaches Typing 15
RP210: 6/6/2009 10:52:30 PM - Removed Mavis Beacon Teaches Typing 15
RP211: 6/6/2009 10:52:49 PM - Installed Panda Internet Security 2007
RP212: 6/6/2009 10:53:06 PM - Removed Panda Internet Security 2007
RP213: 5/16/2009 12:48:17 PM - Software Distribution Service 3.0
RP214: 5/17/2009 4:49:29 PM - Software Distribution Service 3.0
RP215: 5/17/2009 5:35:08 PM - Software Distribution Service 3.0
RP216: 5/18/2009 8:44:14 AM - Software Distribution Service 3.0
RP217: 5/18/2009 8:51:46 AM - Software Distribution Service 3.0
RP218: 5/19/2009 12:10:32 PM - Software Distribution Service 3.0
RP219: 5/19/2009 1:35:25 PM - Software Distribution Service 3.0
RP220: 5/20/2009 8:09:36 AM - Software Distribution Service 3.0
RP221: 5/20/2009 9:17:11 AM - Software Distribution Service 3.0
RP222: 5/21/2009 8:36:45 AM - Software Distribution Service 3.0
RP223: 5/21/2009 9:24:15 AM - Software Distribution Service 3.0
RP224: 5/21/2009 3:40:47 PM - Software Distribution Service 3.0
RP225: 5/21/2009 11:38:45 PM - Software Distribution Service 3.0
RP226: 5/22/2009 7:54:23 PM - Software Distribution Service 3.0
RP227: 5/22/2009 10:48:21 PM - Software Distribution Service 3.0
RP228: 5/23/2009 7:15:10 PM - Software Distribution Service 3.0
RP229: 5/24/2009 4:32:34 PM - Software Distribution Service 3.0
RP230: 5/24/2009 6:46:46 PM - Software Distribution Service 3.0
RP231: 5/24/2009 8:21:48 PM - Software Distribution Service 3.0
RP232: 5/24/2009 11:47:56 PM - Software Distribution Service 3.0
RP233: 5/25/2009 8:18:22 AM - Software Distribution Service 3.0
RP234: 5/25/2009 8:39:45 AM - Software Distribution Service 3.0
RP235: 5/25/2009 11:41:13 PM - Software Distribution Service 3.0
RP236: 5/26/2009 10:33:23 AM - Software Distribution Service 3.0
RP237: 5/27/2009 8:13:50 AM - Software Distribution Service 3.0
RP238: 5/27/2009 8:45:24 AM - Software Distribution Service 3.0
RP239: 5/27/2009 7:16:04 PM - Software Distribution Service 3.0
RP240: 5/28/2009 4:52:25 PM - Software Distribution Service 3.0
RP241: 5/28/2009 4:58:56 PM - Software Distribution Service 3.0
RP242: 5/28/2009 5:05:35 PM - Installed Windows Internet Explorer 8.
RP243: 5/28/2009 5:06:37 PM - Software Distribution Service 3.0
RP244: 5/29/2009 8:39:44 AM - Software Distribution Service 3.0
RP245: 5/29/2009 8:52:41 AM - Software Distribution Service 3.0
RP246: 5/30/2009 5:01:53 AM - Software Distribution Service 3.0
RP247: 5/31/2009 9:08:55 PM - Software Distribution Service 3.0
RP248: 6/1/2009 12:30:50 AM - Installed Windows Internet Explorer 8.
RP249: 6/1/2009 12:31:29 AM - Software Distribution Service 3.0
RP250: 6/1/2009 1:01:01 AM - Software Distribution Service 3.0
RP251: 6/1/2009 9:59:00 AM - Software Distribution Service 3.0
RP252: 6/2/2009 1:25:10 AM - Software Distribution Service 3.0
RP253: 6/2/2009 1:44:44 PM - Software Distribution Service 3.0
RP254: 6/2/2009 9:42:45 PM - Software Distribution Service 3.0
RP255: 6/3/2009 2:52:20 AM - Software Distribution Service 3.0
RP256: 6/3/2009 10:07:30 AM - Software Distribution Service 3.0
RP257: 6/3/2009 9:03:54 PM - Software Distribution Service 3.0
RP258: 6/4/2009 1:16:16 AM - Installed MSXML 4.0 SP2 (KB925672)
RP259: 6/4/2009 3:00:13 AM - Software Distribution Service 3.0
RP260: 6/4/2009 3:13:34 AM - Software Distribution Service 3.0
RP261: 6/4/2009 11:59:13 PM - Installed Dr.Web anti-virus for Windows 5.0.
RP262: 6/5/2009 12:36:30 AM - Removed Dr.Web anti-virus for Windows 5.0.
RP263: 6/5/2009 12:38:54 AM - Removed Dr.Web anti-virus for Windows 5.0.
RP264: 6/5/2009 2:22:38 AM - Software Distribution Service 3.0
RP265: 6/6/2009 3:00:14 AM - Software Distribution Service 3.0
RP266: 6/6/2009 10:51:09 AM - Software Distribution Service 3.0
RP267: 6/7/2009 12:10:12 AM - Software Distribution Service 3.0
RP268: 6/8/2009 12:20:37 AM - Software Distribution Service 3.0
RP269: 6/8/2009 10:03:39 AM - Software Distribution Service 3.0
RP270: 6/8/2009 10:23:28 PM - Installed Driver Detective
RP271: 6/8/2009 10:41:57 PM - Software Distribution Service 3.0
RP272: 6/9/2009 2:32:24 AM - Software Distribution Service 3.0
RP273: 6/9/2009 8:29:05 AM - Software Distribution Service 3.0
RP274: 6/9/2009 1:25:29 PM - Software Distribution Service 3.0
RP275: 6/9/2009 11:06:13 PM - Software Distribution Service 3.0
RP276: 6/10/2009 8:56:06 AM - Software Distribution Service 3.0
RP277: 6/10/2009 9:40:44 AM - Software Distribution Service 3.0
RP278: 6/11/2009 1:45:31 AM - Software Distribution Service 3.0
RP279: 6/11/2009 4:27:14 PM - Installed Fresh RAM
RP280: 6/11/2009 6:45:39 PM - Configured Driver Detective
RP281: 6/12/2009 1:51:36 AM - Software Distribution Service 3.0
RP282: 6/12/2009 8:55:19 AM - Software Distribution Service 3.0
RP283: 6/13/2009 11:02:27 AM - Software Distribution Service 3.0
RP284: 6/13/2009 11:13:50 AM - Software Distribution Service 3.0
RP285: 6/14/2009 10:49:45 PM - Software Distribution Service 3.0
RP286: 6/15/2009 9:16:53 AM - Software Distribution Service 3.0
RP287: 6/15/2009 11:09:18 PM - Software Distribution Service 3.0
RP288: 6/16/2009 10:07:34 AM - Software Distribution Service 3.0
RP289: 6/17/2009 9:01:20 AM - Software Distribution Service 3.0
RP290: 6/17/2009 10:05:33 AM - Installed Windows Internet Explorer 8.
RP291: 6/18/2009 10:16:10 AM - Software Distribution Service 3.0
RP292: 6/18/2009 10:41:06 AM - Installed Windows Media Format 9 Series Runtime Setup
RP293: 6/18/2009 1:11:48 PM - Installed Windows Media Format 9 Series Runtime Setup
RP294: 6/18/2009 1:29:13 PM - Software Distribution Service 3.0
RP295: 6/19/2009 3:01:54 AM - Software Distribution Service 3.0
RP296: 6/19/2009 9:29:35 AM - Software Distribution Service 3.0
RP297: 6/19/2009 5:47:01 PM - Software Distribution Service 3.0
RP298: 6/20/2009 6:59:50 PM - Software Distribution Service 3.0
RP299: 6/20/2009 7:05:46 PM - Installed Java(TM) 6 Update 14
RP300: 6/21/2009 4:07:26 PM - Software Distribution Service 3.0
RP301: 6/21/2009 4:14:22 PM - Software Distribution Service 3.0
RP302: 6/22/2009 9:44:00 AM - Software Distribution Service 3.0
RP303: 6/22/2009 11:31:38 AM - Software Distribution Service 3.0
RP304: 6/23/2009 3:00:23 AM - Software Distribution Service 3.0
RP305: 6/24/2009 9:44:31 AM - Software Distribution Service 3.0
RP306: 6/24/2009 9:55:45 AM - Software Distribution Service 3.0
RP307: 6/24/2009 10:14:50 AM - Software Distribution Service 3.0
RP308: 6/24/2009 9:41:13 PM - Software Distribution Service 3.0
RP309: 6/25/2009 2:52:04 AM - Software Distribution Service 3.0
RP310: 6/25/2009 12:17:49 PM - Software Distribution Service 3.0
RP311: 6/26/2009 9:27:47 PM - Software Distribution Service 3.0
RP312: 6/27/2009 12:41:14 AM - Restore Operation
RP313: 6/27/2009 1:35:40 AM - Restore Operation
RP314: 6/27/2009 2:25:58 AM - Software Distribution Service 3.0
RP315: 6/27/2009 2:30:41 AM - Installed Windows Media Format 9 Series Runtime Setup
RP316: 6/28/2009 8:31:27 AM - Software Distribution Service 3.0
RP317: 6/29/2009 10:03:24 AM - Software Distribution Service 3.0
RP318: 6/29/2009 6:35:12 PM - Software Distribution Service 3.0
RP319: 6/29/2009 9:00:14 PM - Software Distribution Service 3.0
RP320: 6/30/2009 3:32:09 AM - Software Distribution Service 3.0
RP321: 6/30/2009 11:45:20 AM - Software Distribution Service 3.0
RP322: 7/1/2009 9:15:52 AM - Software Distribution Service 3.0
RP323: 7/1/2009 11:21:44 AM - Software Distribution Service 3.0
RP324: 7/1/2009 10:38:39 PM - Software Distribution Service 3.0
RP325: 7/2/2009 3:16:53 AM - Software Distribution Service 3.0
RP326: 7/2/2009 12:22:35 PM - Software Distribution Service 3.0
RP327: 7/2/2009 7:09:25 PM - Software Distribution Service 3.0
RP328: 7/3/2009 4:04:54 AM - Software Distribution Service 3.0
==== Installed Programs ======================

ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player 10 ActiveX
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Deskbar
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
C-Media Audio
C-Media WDM Audio Driver
COMODO SafeSurf
Compatibility Pack for the 2007 Office system
Cool PDF Reader 1.0
Driver Robot 1.0.6.0
filehippo.com Update Checker
Fresh RAM
HackerSmacker
HijackThis 2.0.2
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
IncrediMail Xe
Java(TM) 6 Update 14
Jet Screenshot v 2.0
Lexmark 5200 Series
Macromedia Shockwave Player
Magentic
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SiS 900 PCI Fast Ethernet Adapter Driver
SIW version 2008-04-02
SUPERAntiSpyware Free Edition
The Print Shop 21
U.S. Robotics 56K Faxmodem USB
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Uninstall
WinPatrol 2009
Zoom V.92 PCI Voice Faxmodem
Zoom V92 PC Card Voice Faxmodem
==== Event Viewer Messages From Past Week ========
7/3/2009 4:23:49 PM, error: System Error [1003] - Error code 00000077, parameter1 c000000e, parameter2 c000000e, parameter3 00000000, parameter4 01422000.
7/3/2009 2:33:40 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 86cdb430, parameter3 86cdb5a4, parameter4 805fa1f0.
7/1/2009 10:39:09 PM, error: Service Control Manager [7034] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 6 time(s).
6/30/2009 5:05:18 PM, error: Print [6161] - The document Syslog - Notepad owned by Windows User failed to print on printer Lexmark 5200 Series. Data type: LEMF. Size of the spool file in bytes: 1208022. Number of bytes printed: 1208022. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\SUNPORCH. Win32 error code returned by the print processor: 126 (0x7e).
6/29/2009 11:36:01 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
6/27/2009 2:24:45 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
6/27/2009 2:24:37 AM, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared.
6/27/2009 2:08:32 AM, error: SnsCore [20] -
6/27/2009 2:08:24 AM, error: Service Control Manager [7000] - The iolo FileInfoList Service service failed to start due to the following error: The system cannot find the file specified.
6/27/2009 1:41:24 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.
6/27/2009 1:41:24 AM, error: Service Control Manager [7000] - The iolo System Service service failed to start due to the following error: The system cannot find the file specified.
6/27/2009 1:36:19 AM, error: Service Control Manager [7034] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 5 time(s).
6/27/2009 1:36:09 AM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
6/27/2009 1:36:01 AM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
6/27/2009 1:35:53 AM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
6/27/2009 1:35:35 AM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
6/27/2009 1:32:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/27/2009 1:30:38 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SnsCore Tcpip WS2IFSL
6/27/2009 1:30:38 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/27/2009 1:30:38 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/27/2009 1:30:38 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/27/2009 1:30:38 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/27/2009 1:29:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/27/2009 1:19:01 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
6/27/2009 1:19:01 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/27/2009 1:16:56 AM, error: Service Control Manager [7023] - The Terminal Services service terminated with the following error: Invalid access to memory location.
6/27/2009 1:16:56 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%3228369023
6/27/2009 1:16:56 AM, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: Invalid access to memory location.
6/27/2009 1:05:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/26/2009 9:29:28 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.
==== End Of File ===========================
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 2
[32_bits] - x86 Family 6 Model 6 Stepping 2, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
.
A:\ [Removable]
C:\ [Fixed-FAT32] .. ( Total:112 Go - Free:90 Go )
D:\ [CD_Rom]
.
Scan : 19:57.51
Path : C:\Documents and Settings\Windows User\Local Settings\Temporary Internet Files\Content.IE5\EI7LBMQF\Rooter[1].exe
User : Windows User ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (292)
______ \??\C:\WINDOWS\system32\csrss.exe (348)
______ \??\C:\WINDOWS\SYSTEM32\winlogon.exe (372)
______ C:\WINDOWS\system32\services.exe (416)
______ C:\WINDOWS\system32\lsass.exe (428)
______ C:\WINDOWS\system32\svchost.exe (576)
______ C:\WINDOWS\system32\svchost.exe (620)
______ C:\WINDOWS\System32\svchost.exe (664)
______ C:\WINDOWS\system32\svchost.exe (708)
______ C:\WINDOWS\system32\svchost.exe (804)
______ C:\WINDOWS\system32\spoolsv.exe (900)
______ C:\WINDOWS\system32\svchost.exe (980)
______ C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (1012)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1056)
______ C:\WINDOWS\System32\snmp.exe (1148)
______ C:\WINDOWS\system32\svchost.exe (1180)
______ C:\WINDOWS\System32\alg.exe (1900)
______ C:\WINDOWS\Explorer.EXE (1124)
______ C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe (528)
______ C:\Program Files\Java\jre6\bin\jusched.exe (1736)
______ C:\Program Files\Lexmark 5200 series\lxbtbmon.exe (1468)
______ C:\Program Files\Common Files\AOL\1246084174\ee\AOLSoftware.exe (1316)
______ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (1572)
______ C:\WINDOWS\system32\ctfmon.exe (1648)
______ C:\Program Files\Jet Screenshot\jetScreenshot.exe (1216)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (2148)
______ C:\WINDOWS\system32\wuauclt.exe (2428)
______ C:\Program Files\America Online 9.0\waol.exe (596)
______ C:\Program Files\America Online 9.0\shellmon.exe (756)
______ C:\Documents and Settings\Windows User\Local Settings\Temporary Internet Files\Content.IE5\EI7LBMQF\Rooter[1].exe (3388)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:120681275904)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\DESKTOP.INI
C:\WINDOWS\Tasks\Driver Robot.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\DOCUME~1\WINDOW~1\APPLIC~1\PrivacyControl
==> Rogues <==
.
----------------------\\ Scan completed at 19:57.56
.
C:\Rooter$\Rooter_1.txt - (03/07/2009 | 19:57.56)

**evilfantasy** · #6 3rd Jul 2009, 19:01

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

DDS::
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Folder::
c:\docume~1\window~1\applic~1\licenses
c:\docume~1\window~1\applic~1\PCMM2009
c:\program files\PC MightyMax 2009
c:\program files\askbardis
c:\program files\messenger

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

**hopthwoks** · #7 5th Jul 2009, 14:04

Just need to reload ComboFix. It seems that the file wes delrtrd All i have is text files of combofix.

**evilfantasy** · #8 5th Jul 2009, 14:28

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

**hopthwoks** · #9 5th Jul 2009, 21:33

Sorry it took so long . Got bite by spider and was spending most of the time searching to see if I could find out what bit me.
Here is the scan.
ComboFix 09-07-05.01 - Windows User 07/06/2009 0:04.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.742 [GMT -4:00]
Running from: c:\documents and settings\Windows User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Windows User\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\window~1\applic~1\licenses
c:\docume~1\window~1\applic~1\licenses\PCMightyMax c27fe264-0186-4910-8a97-50c383296a11
c:\docume~1\window~1\applic~1\PCMM2009
c:\docume~1\window~1\applic~1\PCMM2009\diagnostic\ last-scan
c:\docume~1\window~1\applic~1\PCMM2009\pcmm2009-configuration
c:\program files\askbardis
c:\program files\askbardis\bar\bin\askBar.dll
c:\program files\askbardis\bar\bin\askPopStp.dll
c:\program files\askbardis\bar\bin\psvince.dll
c:\program files\askbardis\bar\Cache\files.ini
c:\program files\askbardis\bar\History\search
c:\program files\askbardis\bar\Settings\config.dat
c:\program files\askbardis\bar\Settings\config.dat.bak
c:\program files\askbardis\unins000.dat
c:\program files\askbardis\unins000.exe
c:\program files\messenger
c:\program files\messenger\custsat.dll
c:\program files\messenger\logowin.gif
c:\program files\messenger\lvback.gif
c:\program files\messenger\msgsc.dll
c:\program files\messenger\msgslang.dll
c:\program files\messenger\msmsgs.exe
c:\program files\messenger\newalert.wav
c:\program files\messenger\newemail.wav
c:\program files\messenger\online.wav
c:\program files\messenger\type.wav
c:\program files\messenger\xpmsgr.chm
c:\program files\PC MightyMax 2009
c:\program files\PC MightyMax 2009\pcmm2009.error.log
.
((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.
2009-07-06 02:18 . 2008-12-03 16:09 59184 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4381.3.4\toolbarsud.exe
2009-07-06 02:18 . 2006-04-06 15:33 81000 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4381.3.4\ProgUpd.dll
2009-07-06 02:18 . 2006-04-06 15:33 33896 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4381.3.4\postproc.exe
2009-07-06 02:18 . 2006-04-06 15:33 156264 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4381.3.4\setup.exe
2009-07-06 02:18 . 2008-12-02 18:34 2316392 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4381.3.4\ocpinst.exe
2009-07-06 02:18 . 2008-11-12 21:12 1370528 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4381.3.4\msvc9rt.exe
2009-07-06 02:18 . 2008-11-06 14:42 2100984 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4381.3.4\aol_toolbar_dual.exe
2009-07-06 02:18 . 2008-07-23 18:35 62248 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4381.3.4\ocpgc.exe
2009-07-06 02:18 . 2008-07-23 18:35 15144 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4381.3.4\ocpchk.dll
2009-07-06 02:18 . 2008-07-23 18:35 74536 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4381.3.4\instSup.dll
2009-07-06 02:18 . 2006-07-31 18:41 474184 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4381.3.4\gui.dll
2009-07-06 02:18 . 2006-04-06 15:33 25088 ------w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4381.3.4\EEStart.exe
2009-07-03 23:57 . 2009-07-03 23:57 -------- d-----w- C:\Rooter$
2009-07-01 13:43 . 2009-07-01 13:43 -------- d-----w- c:\documents and settings\Windows User\Application Data\ArcticLine
2009-07-01 13:43 . 2009-07-01 13:43 -------- d-----w- c:\program files\Jet Screenshot
2009-06-30 03:17 . 2006-10-12 16:29 83504 ----a-w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\TEMP\ProgUpd.dll
2009-06-30 03:11 . 2009-06-30 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-06-30 03:11 . 2009-06-30 03:11 -------- d-----w- c:\documents and settings\Windows User\Local Settings\Application Data\AOL OCP
2009-06-30 03:05 . 2009-06-30 03:07 370496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\CC UInst.exe
2009-06-30 03:05 . 2009-06-30 03:05 94256 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\in stph.dll
2009-06-30 02:57 . 2009-06-30 03:05 2439824 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\oc pinsti.exe
2009-06-30 02:56 . 2009-06-30 02:57 260040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\ec uinst.exe
2009-06-30 02:55 . 2009-06-30 02:56 237616 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\gu i.dll
2009-06-30 02:55 . 2009-06-30 02:55 127224 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\af ixlang.exe
2009-06-30 02:55 . 2009-06-30 02:55 83504 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\Pr ogUpd.dll
2009-06-30 02:54 . 2009-06-30 02:55 223152 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\ws finst.exe
2009-06-30 02:53 . 2009-06-30 02:54 355592 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\af ixinst.exe
2009-06-30 02:52 . 2009-06-30 02:52 11056 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\CC NdInst.dll
2009-06-30 02:52 . 2009-06-30 02:52 11312 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\ec uchk.dll
2009-06-30 02:52 . 2009-06-30 02:52 11568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\tb inst.dll
2009-06-30 02:52 . 2009-06-30 02:52 170544 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\se tup.exe
2009-06-30 02:51 . 2009-06-30 02:52 98992 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\sm instlp.exe
2009-06-30 02:51 . 2009-06-30 02:51 11568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\oc fcheck.dll
2009-06-30 02:51 . 2009-06-30 02:51 15920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\oc pchk.dll
2009-06-30 02:49 . 2009-06-30 02:51 580136 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\mu inst.exe
2009-06-30 02:48 . 2009-06-30 02:49 282056 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\cc ulang.exe
2009-06-30 02:48 . 2009-06-30 02:48 36912 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\po stproc.exe
2009-06-30 02:47 . 2009-06-30 02:48 359184 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\tb setup.exe
2009-06-30 02:36 . 2009-06-30 02:47 3147256 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\oc pinsts.exe
2009-06-30 02:36 . 2009-06-30 02:36 10800 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\ws fixchk.dll
2009-06-30 02:35 . 2009-06-30 02:36 174752 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\st mninst.exe
2009-06-30 02:35 . 2009-06-30 02:35 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\al setup.exe
2009-06-30 02:34 . 2009-06-30 02:34 67120 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite\4.3.38.1\ccu_suite_4.3.38.1\in stSup.dll
2009-06-27 06:36 . 2009-06-27 06:36 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-06-27 06:31 . 2009-06-27 06:31 167999 ----a-w- c:\documents and settings\All Users\Application Data\AOL\C_America Online 9.0\aolEULanPack\cswitch.exe
2009-06-27 06:31 . 2009-06-27 06:31 3298040 ----a-w- c:\documents and settings\All Users\Application Data\AOL\C_America Online 9.0\aolEULanPack\langpack.exe
2009-06-27 06:30 . 2009-06-27 06:30 -------- d-----w- C:\Install iTunes
2009-06-27 06:30 . 2009-06-27 06:30 -------- d-----w- C:\Install ICQ
2009-06-27 06:30 . 2009-06-27 06:30 -------- d-----w- C:\AOL Instant Messenger
2009-06-27 06:30 . 2009-06-27 06:30 -------- d-----w- C:\MAV
2009-06-27 06:29 . 2009-06-27 06:29 -------- d-----w- c:\program files\Common Files\aolshare
2009-06-27 06:29 . 2009-06-27 06:29 -------- d-----w- c:\program files\America Online 9.0
2009-06-27 05:04 . 2009-06-27 05:04 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-27 05:03 . 2007-12-04 03:49 487323 ----a-w- c:\documents and settings\Administrator\Application Data\IE7Pro\prosetup.exe
2009-06-27 05:03 . 2007-12-04 03:43 -------- d---a-w- c:\documents and settings\Administrator\Application Data\IE7Pro
2009-06-27 05:03 . 2009-06-27 05:03 -------- d-----w- c:\documents and settings\Administrator
2009-06-27 05:03 . 2007-12-04 03:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SITEguard
2009-06-27 05:03 . 2007-06-13 04:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2009-06-25 02:33 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-25 02:05 . 2009-06-25 02:05 -------- d-----w- c:\windows\system32\scripting
2009-06-25 02:05 . 2009-06-25 02:05 -------- d-----w- c:\windows\l2schemas
2009-06-25 02:05 . 2009-06-25 02:05 -------- d-----w- c:\windows\system32\en
2009-06-25 02:05 . 2009-06-25 02:05 -------- d-----w- c:\windows\system32\bits
2009-06-25 01:56 . 2006-02-28 16:00 67584 ----a-w- c:\windows\system32\drivers\sdbus.sys
2009-06-25 01:56 . 2006-02-28 16:00 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2009-06-25 01:56 . 2006-02-28 16:00 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2009-06-25 01:56 . 2006-02-28 16:00 12416 ----a-w- c:\windows\system32\drivers\tunmp.sys
2009-06-25 01:56 . 2006-02-28 16:00 11136 ----a-w- c:\windows\system32\drivers\sffdisk.sys
2009-06-25 01:56 . 2006-02-28 16:00 10240 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2009-06-25 01:56 . 2006-03-17 00:33 262784 ----a-w- c:\windows\system32\drivers\http.sys
2009-06-25 01:54 . 2006-02-28 16:00 15360 ----a-w- c:\windows\system32\dllcache\nppagent.exe
2009-06-25 01:53 . 2006-02-28 16:00 82944 ----a-w- c:\windows\system32\dllcache\ws2_32.dll
2009-06-25 01:50 . 2009-06-25 01:51 -------- d-----w- c:\windows\EHome
2009-06-24 06:11 . 2009-06-24 06:11 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-24 06:10 . 2009-06-24 06:10 -------- d-----w- c:\program files\S.N.Safe&Software
2009-06-24 06:10 . 2009-06-24 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\S.N.Safe&Software
2009-06-21 00:46 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-21 00:46 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-20 23:05 . 2009-06-20 23:05 152576 ----a-w- c:\documents and settings\Windows User\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-18 00:32 . 2009-06-18 00:32 -------- d-sh--w- C:\FOUND.020
2009-06-17 14:03 . 2009-06-17 14:03 -------- d--h--w- c:\windows\ie8
2009-06-16 23:54 . 2009-06-16 23:54 -------- d-----w- c:\documents and settings\Windows User\Application Data\AVS4YOU
2009-06-16 23:54 . 2009-06-16 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-16 23:53 . 2009-06-16 23:53 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-16 23:53 . 2007-02-27 22:36 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-06-16 23:53 . 2007-02-27 22:36 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-16 23:53 . 2007-02-27 22:36 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-06-16 23:53 . 2007-02-27 22:36 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-06-16 23:53 . 2009-06-16 23:53 -------- d-----w- c:\program files\AVS4YOU
2009-06-12 05:15 . 2009-06-12 05:15 -------- d-----w- c:\program files\Alwil Software
2009-06-11 20:27 . 2009-06-11 20:27 18942 ----a-r- c:\documents and settings\Windows User\Application Data\Microsoft\Installer\{334A33C2-B9A5-4322-AB83-EBF42BFCC470}\_2ce7ed6.exe
2009-06-11 20:27 . 2009-06-11 20:27 18942 ----a-r- c:\documents and settings\Windows User\Application Data\Microsoft\Installer\{334A33C2-B9A5-4322-AB83-EBF42BFCC470}\_2447235c.exe
2009-06-11 20:27 . 2009-06-11 20:27 -------- d-----w- c:\program files\Fresh RAM
2009-06-11 20:21 . 2009-06-11 20:21 -------- d-sh--w- C:\FOUND.019
2009-06-11 15:55 . 2009-06-10 17:39 5465088 ----a-w- C:\Fresh RAM.msi
2009-06-09 06:29 . 2009-06-09 06:29 -------- d-----w- c:\documents and settings\Windows User\Application Data\Blitware
2009-06-09 06:29 . 2009-06-09 06:29 -------- d-----w- c:\program files\Driver Robot
2009-06-09 02:24 . 2009-06-09 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-06-09 02:23 . 2009-06-09 02:23 -------- d-----w- c:\documents and settings\Windows User\Local Settings\Application Data\Downloaded Installations
2009-06-08 03:00 . 2009-06-08 03:00 -------- d-----w- c:\documents and settings\Windows User\Application Data\GetRightToGo
2009-06-07 23:38 . 2008-04-14 00:12 7680 ----a-w- c:\windows\system32\spdwnwxp.exe
2009-06-06 14:46 . 2009-06-06 14:46 -------- d-----w- c:\program files\filehippo.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-03 06:49 . 2007-06-16 18:55 302080 ----a-w- c:\documents and settings\Windows User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-30 03:32 . 2009-05-21 02:29 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-27 06:16 . 2007-06-13 04:18 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-17 15:27 . 2009-05-21 02:17 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-05-21 02:17 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 22:43 . 2007-06-21 02:45 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-05 03:59 . 2009-06-05 03:59 -------- d-----w- c:\program files\DrWeb
2009-05-28 23:14 . 2009-05-28 23:14 -------- d-----w- c:\program files\Java
2009-05-28 23:14 . 2009-05-28 23:14 152576 ----a-w- c:\documents and settings\Windows User\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-27 15:21 . 2009-05-27 15:21 372 ----a-w- c:\program files\ujhonz.txt
2009-05-21 15:33 . 2009-05-28 23:15 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-21 02:17 . 2009-05-21 02:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-17 00:04 . 2009-05-17 00:04 -------- d-----w- c:\documents and settings\Windows User\Application Data\WinPatrol
2009-05-17 00:03 . 2009-05-17 00:03 -------- d-----w- c:\program files\BillP Studios
2009-05-13 05:15 . 2007-06-13 03:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:44 . 2009-06-25 01:53 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-22 04:07 . 2009-04-22 04:07 253688 ----a-w- c:\windows\system32\cssdll32.dll
2009-04-17 09:58 . 2009-06-25 01:53 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2007-06-13 03:55 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2007-06-11 03:19 . 2007-06-07 04:37 11079 ----a-w- c:\program files\folder.htt
.
((((((((((((((((((((((((((((( SnapShot_2009-07-06_03.59.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-06 04:08 . 2009-07-06 04:08 16384 c:\windows\temp\Perflib_Perfdata_468.dat
+ 2009-07-06 04:08 . 2009-07-06 04:08 16384 c:\windows\temp\Perflib_Perfdata_430.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Sl owFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-07-03 13:03 8460800 ----a-w- c:\windows\SYSTEM32\shell32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" [2005-07-12 50776]
"Jet Screenshot"="c:\program files\Jet Screenshot\jetScreenshot.exe" [2009-05-10 3804160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Lexmark 5200 series"="c:\program files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344]
"LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X 86\3\LXBTtime.dll" [2004-03-17 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"HostManager"="c:\program files\Common Files\AOL\1246084174\ee\AOLSoftware.exe" [2007-04-12 42032]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-20 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SYSTEM32\cssdll32.dl l
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\Windows User\Application Data\iolo\
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\setup\disabledrunkeys]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"nwiz"=nwiz.exe /install
"RegistrySmart"="c:\program files\RegistrySmart\RegistrySmart.exe" -boot
"<NO NAME>"=
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\BillP Studios\\WinPatrol\\WinPatrol.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\1246084174\\EE\\AOLServiceHost.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 32256]
R3 Winacusb;Winacusb;c:\windows\SYSTEM32\DRIVERS\wina cusb.sys [3/25/2008 6:57 AM 902860]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;c:\win dows\SYSTEM32\DRIVERS\FarDrive.sys [4/2/2003 2:36 PM 140256]
S3 ousb2hub;OrangeWare USB 2.0 Hub Support;c:\windows\SYSTEM32\DRIVERS\ousb2hub.sys [2/27/2008 7:17 AM 53248]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavS RK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavT PK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\SYSTEM32\DRIVERS\SIVX32.sys [4/9/2008 9:47 AM 48480]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
2009-06-09 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.0.6.0\DriverRobot.exe [2009-06-09 13:02]
.
- - - - ORPHANS REMOVED - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.aol.com/
mWindow Title = Internet Explorer provided by epix�
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: &AIM Search
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
LSP: FarLsp.dll
Trusted Zone: 88sears.com\www
Trusted Zone: aol.com\www
Trusted Zone: comodo.com\www
Trusted Zone: computer-juice.com\www
Trusted Zone: giveawayoftheday.com\www
Trusted Zone: newegg.com\www
Trusted Zone: pchelpforum.com\www
Trusted Zone: searscard.com\www
Trusted Zone: statefarm.com\www
Trusted Zone: winpatrol.com\www
TCP: {68589BEF-2503-4090-B404-9FB7D2105BB4} = 205.188.146.145
DPF: DirectAnimation Java Classes
DPF: Internet Explorer Classes for Java
DPF: Microsoft XML Parser for Java
DPF: Win32 Classes
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 00:08
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\$$$\Software\Microsoft\SystemCertificat es\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(428)
c:\windows\system32\FarLsp.dll
- - - - - - - > 'explorer.exe'(2420)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\program files\AOL Deskbar\deskbar.dll
c:\program files\Common Files\AOL\AOL Toolbar\AOLHelper.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMMON FILES\AOL\ACS\AOLACSD.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\windows\SYSTEM32\SNMP.EXE
c:\program files\LEXMARK 5200 SERIES\LXBTBMON.EXE
c:\program files\AMERICA ONLINE 9.0\WAOL.EXE
c:\program files\AMERICA ONLINE 9.0\SHELLMON.EXE
.
************************************************** ************************
.
Completion time: 2009-07-06 0:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-06 04:10
ComboFix2.txt 2009-07-06 04:01
ComboFix3.txt 2009-06-06 14:20
ComboFix4.txt 2009-06-04 04:03
Pre-Run: 97,549,156,352 bytes free
Post-Run: 97,532,772,352 bytes free
320 --- E O F --- 2009-07-05 21:28

**evilfantasy** · #10 6th Jul 2009, 09:43

Scan Suspicious File(s)

Please go to VirusTotal.com
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy the file path in the below Code box:

Code:

c:\documents and settings\Windows User\Application Data\Microsoft\Installer\{334A33C2-B9A5-4322-AB83-EBF42BFCC470}\_2ce7ed6.exe

2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Next click Send File
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
This will perform a scan across multiple different virus scanning engines.
Important: Wait for all of the scanning engines to complete.
5. Copy and then Paste the link to the results in the next reply