Getting a Stop: 0x00000050 error. I was getting other blue screen errors. I was able to successfully run Combofix. Posting the log and looking for any guidance.


ComboFix 08-07-01.5 - corpstan 2008-07-03 15:41:43.5 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\corpstan\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))
.

2008-07-02 17:30 . 2008-07-02 17:30 <DIR> d-------- C:\Documents and Settings\corpstan\Application Data\Lavasoft
2008-07-02 08:35 . 2008-07-02 08:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-02 08:35 . 2008-07-02 08:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-02 08:09 . 2008-07-02 08:09 <DIR> d---s---- C:\Documents and Settings\dstablow\UserData
2008-06-24 15:01 . 2008-06-24 15:01 <DIR> d-------- C:\Program Files\Citrix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 18:55 --------- d-----w C:\Documents and Settings\dstablow\Application Data\AdobeUM
2008-05-16 01:00 --------- d-----w C:\Program Files\Qwest VPN Client Software
2007-03-05 21:35 557,056 ----a-w C:\Documents and Settings\jyoung.BFYOUNG-XP\GoToAssist_phone__317_en.exe
2006-05-08 14:02 557,056 ----a-w C:\Documents and Settings\jyoung.BFYOUNG-XP\chatlnk.exe
2005-10-12 14:30 557,056 ----a-w C:\Documents and Settings\jyoung\chatlnk.exe
2005-07-13 20:57 15,224,832 ----a-w C:\Program Files\FrmSampl.mdb
2005-04-11 15:44 102,400 ----a-w C:\Program Files\PCS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-02_22.43.16.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-03 02:38:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-03 19:46:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 22:32 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 22:10 339968]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-05-16 21:18 528384]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 18:32 86016]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 11:18 28672]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 13:28 684032]
"NDPS"="C:\WINDOWS\system32\dpmw32.exe" [2004-05-17 14:27 32859]
"Realtime Monitor"="C:\Program Files\CA\eTrustITM\realmon.exe" [2007-01-16 21:27 407632]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 10:37 28672 C:\windows\system32\nwtray.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 00:37:56 217194]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-10-19 03:12:52 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\2002\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-02-18 10:25:45 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-12 07:55 110592 C:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"C:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"C:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"C:\\Novell\\GroupWise\\GrpWise.exe"=
"C:\\Novell\\GroupWise\\Notify.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"C:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"C:\\windows\\system32\\dpmw32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S1 nipplpt2;Novell iCapture Lpt Redirector 2;C:\WINDOWS\system32\drivers\nipplpt.sys [2005-10-24 11:27]
S2 ATS Time;ATS Time;C:\paychex\tibtime.exe [2007-02-26 13:09]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-08-22 15:56]
S2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe [2007-07-26 14:19]
S2 WNTHW;WNTHW;C:\WINDOWS\system32\DRIVERS\WNTHW.SYS [2007-07-26 14:19]
S3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2002-04-22 14:50]
S3 ExtranetAccess;Contivity VPN Service;"C:\Program Files\Qwest VPN Client Software\Extranet_serv.exe" [2002-08-22 15:40]
S3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-08-22 15:56]
S3 NWRDR;NetWare Rdr;C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 06:23]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;C:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 20:34]
S3 rexesvr;BeyondLogic RmtExec Server;C:\WINDOWS\System32\rexesvr.exe [2006-10-17 14:18]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 15:49:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\windows\system32\ZCfgSvc.exe
.
**************************************************************************
.
Completion time: 2008-07-03 15:52:50 - machine was rebooted [corpstan]
ComboFix-quarantined-files.txt 2008-07-03 19:52:46
ComboFix2.txt 2008-07-03 18:51:42
ComboFix3.txt 2008-07-03 02:43:39

Pre-Run: 40,750,292,992 bytes free
Post-Run: 40,736,051,200 bytes free

114

Hello jfranc,

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I infected? What do I do? forum, explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff/TMacK