Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft HOme Xp problems / Combofix log


  • This topic is locked This topic is locked
11 replies to this topic

#1 bobcat123

bobcat123

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 18 January 2010 - 04:34 PM

I have been having problems with my computer freezing up if more than one program is running. IE:media file;office document;pictures;internet.. Then it makes this really loud BEEEP and I have to manually turn the computer off with the power on the CPU. I ran Combo Fix and this is the log I received after it was finished:

"Tosha Smith" - 2010-01-18 14:58:31 Service Pack 3
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Tosha Smith\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\41.exe"
"C:\install.log"


((((((((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 ))))))))))))))))))))))))))))))))))


2010-01-18 14:54 <DIR> d-------- C:\32788R22FWJFW
2010-01-15 19:59 <DIR> d-------- C:\DOCUME~1\HELPAS~1\WINDOWS
2010-01-15 19:59 <DIR> d-------- C:\DOCUME~1\HELPAS~1\UserData
2010-01-15 19:58 <DIR> d-------- C:\DOCUME~1\HELPAS~1\Shared
2010-01-15 19:58 <DIR> d-------- C:\DOCUME~1\HELPAS~1\PrivacIE
2010-01-15 19:49 555 --a------ C:\DOCUME~1\HELPAS~1\APPLIC~1\internaldb8467.dat
2010-01-15 19:49 374 --a------ C:\DOCUME~1\HELPAS~1\APPLIC~1\internaldb6334.dat
2010-01-15 19:49 18,432 --a------ C:\DOCUME~1\HELPAS~1\APPLIC~1\internaldb41.dat
2010-01-15 19:49 103,720 --a------ C:\DOCUME~1\HELPAS~1\GoToAssistDownloadHelper.exe
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\Incomplete
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\IETldCache
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\IECompatCache
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\Yahoo!
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\Windows Desktop Search
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\vlc
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\U3
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\SealedMedia
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\Real
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\MySpace
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\MozillaControl
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\LimeWire
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\ICAClient
2010-01-15 19:48 4,460,544 --ah----- C:\DOCUME~1\HELPAS~1\NTUSER.DAT
2010-01-15 19:48 4 --a------ C:\DOCUME~1\HELPAS~1\APPLIC~1\avdrn.dat
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\Roxio
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\InstallShield
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\GTek
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\Google
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\FxFotoDB
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\funkitron
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\DellFaxCtr
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\CyberLink
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\Corel Photo Album
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\Corel
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\ArcSoft
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\Apple Computer
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\AdobeUM
2010-01-14 16:14 <DIR> d--hs---- C:\Documents and Settings\TOSHAS~1\IECompatCache
2010-01-14 16:14 <DIR> d--hs---- C:\DOCUME~1\TOSHAS~1\IECompatCache
2010-01-14 11:18 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(2)
2010-01-14 11:00 0 --a------ C:\WINDOWS\system32\IS15.exe
2010-01-14 11:00 0 --a------ C:\WINDOWS\system32\helper32.dll
2009-12-22 10:46 4 --a------ C:\DOCUME~1\TOSHAS~1\APPLIC~1\avdrn.dat
2009-12-22 10:46 28 --a------ C:\DOCUME~1\LOCALS~1\APPLIC~1\fvgqad.dat
2009-12-21 11:03 <DIR> d-------- C:\spoolerlogs


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2010-01-18 20:52:56 -------- d-----w C:\Program Files\Dl_cats
2010-01-15 20:58:50 -------- d-----w C:\Program Files\Dell
2010-01-13 18:40:19 -------- d-----w C:\DOCUME~1\TOSHAS~1\APPLIC~1\Apple Computer
2009-12-22 16:50:32 0 -c--a-w C:\WINDOWS\Usojihepal.bin
2009-12-22 16:50:31 120 ----a-w C:\WINDOWS\Rqesamikumipob.dat
2009-12-21 18:28:10 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2009-12-21 18:28:08 104 --sh--r C:\WINDOWS\system32\B771B24066.sys
2009-12-08 20:10:53 -------- d-----w C:\DOCUME~1\TOSHAS~1\APPLIC~1\FxFotoDB
2009-12-08 16:17:28 -------- d--h--w C:\Program Files\InstallShield Installation Information
2009-12-08 16:12:55 -------- d-----w C:\Program Files\AVG
2009-12-08 15:31:03 -------- d-----w C:\Program Files\softendo.com
2009-12-08 15:23:43 -------- d-----w C:\Program Files\Yahoo!
2009-12-08 14:59:23 -------- d-----w C:\Program Files\DigitalPersona
2009-12-08 14:05:42 -------- d-----w C:\Program Files\Dell Wireless
2009-12-08 14:04:19 -------- d-----w C:\Program Files\Common Files\ArcSoft
2009-12-08 14:04:19 -------- d-----w C:\Program Files\ArcSoft
2009-12-08 14:04:18 -------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2009-12-08 14:04:13 -------- d-----w C:\Program Files\FxFoto
2009-12-08 14:04:07 -------- d-----w C:\Program Files\ValuSoft
2009-12-07 19:36:21 -------- d-----w C:\Program Files\eGames
2009-11-23 17:46:16 -------- d-----w C:\DOCUME~1\TOSHAS~1\APPLIC~1\ArcSoft
2009-11-23 17:15:17 -------- d-----w C:\Program Files\VideoLAN
2009-11-23 17:06:51 -------- d-----w C:\Program Files\Common Files\InstallShield
2009-11-16 15:37:39 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2009-10-21 05:38:36 75,776 ----a-w C:\WINDOWS\system32\strmfilt.dll
2009-10-21 05:38:36 25,088 ----a-w C:\WINDOWS\system32\httpapi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}=C:\Program Files\AVG\AVG9\avgssie.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 03:27]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 03:27]
"RTHDCPL"="RTHDCPL.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 08:00]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 16:23]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24]
"PayClockServer"="C:\PAYCLOCK\PCSCMGR.EXE" [2007-03-01 09:45]
"TouchStationServer"="C:\PAYCLOCK\PC50\PCTSCMGR.EXE" [2007-03-01 09:46]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 10:57]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 16:04]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 16:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-01-05 15:18]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 09:55]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-11-16 09:37]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 13:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 18:12]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 09:55]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 18:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; yie8)" -"http://www.cartoonnetwork.com/games/courage/creeptv/index.html"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 14:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
%SystemRoot%\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli mswimcri.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
napagent


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\DPFMate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\LaunchU3.exe -a


********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 15:11:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


********************************************************************

Completion time: 2010-01-18 15:12:59
C:\ComboFix-quarantined-files.txt ... 2010-01-18 15:12

--- E O F ---

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 bobcat123

bobcat123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 20 January 2010 - 11:18 AM

I am still having problems with my virus. I believe it is Agent2. I don't really know how to determine what kind of virus it is. But I ran the combo fix again, and it is still freezing my computer, and making a very loud constant BEEP. PLEASE HELP!

"Tosha Smith" - 2010-01-18 14:58:31 Service Pack 3
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Tosha Smith\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\41.exe"
"C:\install.log"


((((((((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 ))))))))))))))))))))))))))))))))))


2010-01-18 14:54 <DIR> d-------- C:\32788R22FWJFW
2010-01-15 19:59 <DIR> d-------- C:\DOCUME~1\HELPAS~1\WINDOWS
2010-01-15 19:59 <DIR> d-------- C:\DOCUME~1\HELPAS~1\UserData
2010-01-15 19:58 <DIR> d-------- C:\DOCUME~1\HELPAS~1\Shared
2010-01-15 19:58 <DIR> d-------- C:\DOCUME~1\HELPAS~1\PrivacIE
2010-01-15 19:49 555 --a------ C:\DOCUME~1\HELPAS~1\APPLIC~1\internaldb8467.dat
2010-01-15 19:49 374 --a------ C:\DOCUME~1\HELPAS~1\APPLIC~1\internaldb6334.dat
2010-01-15 19:49 18,432 --a------ C:\DOCUME~1\HELPAS~1\APPLIC~1\internaldb41.dat
2010-01-15 19:49 103,720 --a------ C:\DOCUME~1\HELPAS~1\GoToAssistDownloadHelper.exe
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\Incomplete
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\IETldCache
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\IECompatCache
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\Yahoo!
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\Windows Desktop Search
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\vlc
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\U3
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\SealedMedia
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\Real
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\MySpace
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\MozillaControl
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\LimeWire
2010-01-15 19:49 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\ICAClient
2010-01-15 19:48 4,460,544 --ah----- C:\DOCUME~1\HELPAS~1\NTUSER.DAT
2010-01-15 19:48 4 --a------ C:\DOCUME~1\HELPAS~1\APPLIC~1\avdrn.dat
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\Roxio
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\InstallShield
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\GTek
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\Google
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\FxFotoDB
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\funkitron
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\DellFaxCtr
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\CyberLink
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\Corel Photo Album
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\Corel
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\ArcSoft
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\Apple Computer
2010-01-15 19:48 <DIR> d-------- C:\DOCUME~1\HELPAS~1\APPLIC~1\AdobeUM
2010-01-14 16:14 <DIR> d--hs---- C:\Documents and Settings\TOSHAS~1\IECompatCache
2010-01-14 16:14 <DIR> d--hs---- C:\DOCUME~1\TOSHAS~1\IECompatCache
2010-01-14 11:18 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(2)
2010-01-14 11:00 0 --a------ C:\WINDOWS\system32\IS15.exe
2010-01-14 11:00 0 --a------ C:\WINDOWS\system32\helper32.dll
2009-12-22 10:46 4 --a------ C:\DOCUME~1\TOSHAS~1\APPLIC~1\avdrn.dat
2009-12-22 10:46 28 --a------ C:\DOCUME~1\LOCALS~1\APPLIC~1\fvgqad.dat
2009-12-21 11:03 <DIR> d-------- C:\spoolerlogs


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2010-01-18 20:52:56 -------- d-----w C:\Program Files\Dl_cats
2010-01-15 20:58:50 -------- d-----w C:\Program Files\Dell
2010-01-13 18:40:19 -------- d-----w C:\DOCUME~1\TOSHAS~1\APPLIC~1\Apple Computer
2009-12-22 16:50:32 0 -c--a-w C:\WINDOWS\Usojihepal.bin
2009-12-22 16:50:31 120 ----a-w C:\WINDOWS\Rqesamikumipob.dat
2009-12-21 18:28:10 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2009-12-21 18:28:08 104 --sh--r C:\WINDOWS\system32\B771B24066.sys
2009-12-08 20:10:53 -------- d-----w C:\DOCUME~1\TOSHAS~1\APPLIC~1\FxFotoDB
2009-12-08 16:17:28 -------- d--h--w C:\Program Files\InstallShield Installation Information
2009-12-08 16:12:55 -------- d-----w C:\Program Files\AVG
2009-12-08 15:31:03 -------- d-----w C:\Program Files\softendo.com
2009-12-08 15:23:43 -------- d-----w C:\Program Files\Yahoo!
2009-12-08 14:59:23 -------- d-----w C:\Program Files\DigitalPersona
2009-12-08 14:05:42 -------- d-----w C:\Program Files\Dell Wireless
2009-12-08 14:04:19 -------- d-----w C:\Program Files\Common Files\ArcSoft
2009-12-08 14:04:19 -------- d-----w C:\Program Files\ArcSoft
2009-12-08 14:04:18 -------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2009-12-08 14:04:13 -------- d-----w C:\Program Files\FxFoto
2009-12-08 14:04:07 -------- d-----w C:\Program Files\ValuSoft
2009-12-07 19:36:21 -------- d-----w C:\Program Files\eGames
2009-11-23 17:46:16 -------- d-----w C:\DOCUME~1\TOSHAS~1\APPLIC~1\ArcSoft
2009-11-23 17:15:17 -------- d-----w C:\Program Files\VideoLAN
2009-11-23 17:06:51 -------- d-----w C:\Program Files\Common Files\InstallShield
2009-11-16 15:37:39 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2009-10-21 05:38:36 75,776 ----a-w C:\WINDOWS\system32\strmfilt.dll
2009-10-21 05:38:36 25,088 ----a-w C:\WINDOWS\system32\httpapi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}=C:\Program Files\AVG\AVG9\avgssie.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 03:27]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 03:27]
"RTHDCPL"="RTHDCPL.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 08:00]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 16:23]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24]
"PayClockServer"="C:\PAYCLOCK\PCSCMGR.EXE" [2007-03-01 09:45]
"TouchStationServer"="C:\PAYCLOCK\PC50\PCTSCMGR.EXE" [2007-03-01 09:46]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 10:57]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 16:04]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 16:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-01-05 15:18]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 09:55]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-11-16 09:37]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 13:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 18:12]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 09:55]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 18:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; yie8)" -"http://www.cartoonnetwork.com/games/courage/creeptv/index.html"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 14:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
%SystemRoot%\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli mswimcri.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
napagent


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\DPFMate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\LaunchU3.exe -a


********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 15:11:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


********************************************************************

Completion time: 2010-01-18 15:12:59
C:\ComboFix-quarantined-files.txt ... 2010-01-18 15:12

--- E O F ---


===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to more than a week, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Elise - forum moderator

Edited by elise025, 22 January 2010 - 09:18 AM.


#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:01:45 PM

Posted 25 January 2010 - 08:06 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#4 bobcat123

bobcat123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 25 January 2010 - 09:37 AM

Ok, this is what I got:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Tosha Smith at 8:30:18.32 on Mon 01/25/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.443 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bobcat\BATS\BatsService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PAYCLOCK\BTENG32M.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\PAYCLOCK\PC50\BTENG32M.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PAYCLOCK\PCSCMGR.EXE
C:\PAYCLOCK\PC50\PCTSCMGR.EXE
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\SearchProtocolHost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Tosha Smith\Desktop\dds.scr

============== Pseudo HJT Report ===============

mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; yie8)" -"http://www.cartoonnetwork.com/games/courage/creeptv/index.html"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PayClockServer] c:\payclock\PCSCMGR.EXE
mRun: [TouchStationServer] c:\payclock\pc50\PCTSCMGR.EXE
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: localhost
Trusted Zone: myspace.com\www
Trusted Zone: pandora.com\www
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli mswimcri.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 78.159.110.46 www.google.com
Hosts: 78.159.110.46 www.google.de
Hosts: 78.159.110.46 www.google.fr
Hosts: 78.159.110.46 www.google.co.uk
Hosts: 78.159.110.46 www.google.com.br

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R2 BatsWebService;BatsWebService;c:\program files\bobcat\bats\BatsService.exe [2007-3-20 28672]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 PayClockServer;PayClock Database Service;c:\payclock\Bteng32m.exe [2007-9-19 200763]
R2 TouchStationServer;PayClock TouchStation Service;c:\payclock\pc50\Bteng32m.exe [2007-9-19 200763]
R3 TOUCHDSP;TouchStation LCD/LED USB driver;c:\windows\system32\drivers\TOUCHDSP.sys [2007-9-19 49152]
R3 TOUCHSTA;TOUCHSTA;c:\windows\system32\drivers\TouchSta.SYS [2007-9-19 20224]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2009-9-30 57344]

=============== Created Last 30 ================

2010-01-20 16:42:40 0 ----a-w- c:\documents and settings\tosha smith\defogger_reenable
2010-01-18 21:13:01 428032 ----a-w- c:\windows\system32\swreg.exe
2010-01-18 21:13:00 87040 ----a-w- c:\windows\catchme.exe
2010-01-18 21:13:00 49152 ----a-w- c:\windows\system32\vfind.exe
2010-01-18 21:13:00 38400 ----a-w- c:\windows\system32\moveex.exe
2010-01-18 21:12:59 212480 ----a-w- c:\windows\system32\swxcacls.exe
2010-01-15 20:59:42 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-14 22:14:57 0 d-sh--w- c:\documents and settings\tosha smith\IECompatCache
2010-01-14 17:18:38 0 d-----w- c:\windows\system32\drivers\Avg(2)
2010-01-14 17:00:15 0 ----a-w- c:\windows\system32\IS15.exe
2010-01-14 17:00:08 0 ----a-w- c:\windows\system32\helper32.dll
2010-01-14 16:59:40 2931 ----a-w- c:\windows\system32\warning.html
2010-01-12 19:03:43 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-01-21 14:11:47 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-22 16:46:22 4 ----a-w- c:\docume~1\toshas~1\applic~1\avdrn.dat
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-11-16 15:37:39 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-03 15:23:13 572 --sha-w- c:\windows\system32\GroupPolicy000.dat
2009-08-06 14:13:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009080620090807\index.dat

============= FINISH: 8:30:49.28 ===============

Attached Files



#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 AM

Posted 25 January 2010 - 12:48 PM

Hi,

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

Please run a scan with gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 bobcat123

bobcat123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 26 January 2010 - 11:59 AM

This is what I got:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-25 16:57:27
Windows 5.1.2600 Service Pack 3
Running: x2nt6dz9.exe; Driver: C:\DOCUME~1\TOSHAS~1\LOCALS~1\Temp\uxtdipow.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\TouchSta.sys entry point in "init" section [0xF79FB590]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[140] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00F21B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[140] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0BF928F5
.text C:\WINDOWS\system32\SearchIndexer.exe[140] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0BF92781
.text C:\WINDOWS\system32\SearchIndexer.exe[140] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0BF92873
.text C:\WINDOWS\system32\SearchIndexer.exe[140] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0BF927B9
.text C:\WINDOWS\system32\SearchIndexer.exe[140] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0BF927F1
.text C:\Program Files\Bobcat\BATS\BatsService.exe[1444] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A428F5
.text C:\Program Files\Bobcat\BATS\BatsService.exe[1444] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A42781
.text C:\Program Files\Bobcat\BATS\BatsService.exe[1444] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A42873
.text C:\Program Files\Bobcat\BATS\BatsService.exe[1444] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A427B9
.text C:\Program Files\Bobcat\BATS\BatsService.exe[1444] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A427F1
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C828F5
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C82781
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C82873
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C827B9
.text C:\Program Files\Bonjour\mDNSResponder.exe[1472] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C827F1
.text C:\WINDOWS\system32\dlcxcoms.exe[1488] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 011D28F5
.text C:\WINDOWS\system32\dlcxcoms.exe[1488] ws2_32.dll!send 71AB4C27 5 Bytes JMP 011D2781
.text C:\WINDOWS\system32\dlcxcoms.exe[1488] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 011D2873
.text C:\WINDOWS\system32\dlcxcoms.exe[1488] ws2_32.dll!recv 71AB676F 5 Bytes JMP 011D27B9
.text C:\WINDOWS\system32\dlcxcoms.exe[1488] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 011D27F1
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1608] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010A28F5
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1608] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010A2781
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1608] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010A2873
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1608] WS2_32.dll!recv 71AB676F 5 Bytes JMP 010A27B9
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[1608] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010A27F1
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1684] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 020828F5
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1684] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02082781
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1684] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02082873
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1684] WS2_32.dll!recv 71AB676F 5 Bytes JMP 020827B9
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1684] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 020827F1
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1796] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 009728F5
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1796] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00972781
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1796] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00972873
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1796] WS2_32.dll!recv 71AB676F 5 Bytes JMP 009727B9
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1796] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 009727F1
.text C:\PAYCLOCK\BTENG32M.EXE[1908] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 044F28F5
.text C:\PAYCLOCK\BTENG32M.EXE[1908] WS2_32.dll!send 71AB4C27 5 Bytes JMP 044F2781
.text C:\PAYCLOCK\BTENG32M.EXE[1908] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 044F2873
.text C:\PAYCLOCK\BTENG32M.EXE[1908] WS2_32.dll!recv 71AB676F 5 Bytes JMP 044F27B9
.text C:\PAYCLOCK\BTENG32M.EXE[1908] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 044F27F1
.text C:\PAYCLOCK\PC50\BTENG32M.EXE[2020] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 019728F5
.text C:\PAYCLOCK\PC50\BTENG32M.EXE[2020] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01972781
.text C:\PAYCLOCK\PC50\BTENG32M.EXE[2020] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01972873
.text C:\PAYCLOCK\PC50\BTENG32M.EXE[2020] WS2_32.dll!recv 71AB676F 5 Bytes JMP 019727B9
.text C:\PAYCLOCK\PC50\BTENG32M.EXE[2020] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 019727F1
.text C:\WINDOWS\System32\alg.exe[2236] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B928F5
.text C:\WINDOWS\System32\alg.exe[2236] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B92781
.text C:\WINDOWS\System32\alg.exe[2236] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B92873
.text C:\WINDOWS\System32\alg.exe[2236] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B927B9
.text C:\WINDOWS\System32\alg.exe[2236] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B927F1
.text C:\WINDOWS\Explorer.EXE[2652] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01DB28F5
.text C:\WINDOWS\Explorer.EXE[2652] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01DB2781
.text C:\WINDOWS\Explorer.EXE[2652] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01DB2873
.text C:\WINDOWS\Explorer.EXE[2652] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01DB27B9
.text C:\WINDOWS\Explorer.EXE[2652] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01DB27F1
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2916] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CB28F5
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2916] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CB2781
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2916] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CB2873
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2916] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CB27B9
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2916] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CB27F1
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3032] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 024128F5
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3032] ws2_32.dll!send 71AB4C27 5 Bytes JMP 02412781
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3032] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02412873
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3032] ws2_32.dll!recv 71AB676F 5 Bytes JMP 024127B9
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3032] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 024127F1
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3088] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FA28F5
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3088] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00FA2781
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3088] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00FA2873
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3088] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00FA27B9
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3088] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FA27F1
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 047328F5
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WS2_32.dll!send 71AB4C27 5 Bytes JMP 04732781
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 04732873
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WS2_32.dll!recv 71AB676F 5 Bytes JMP 047327B9
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3228] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 047327F1
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3360] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DF28F5
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3360] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DF2781
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3360] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DF2873
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3360] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DF27B9
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3360] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DF27F1
.text C:\Program Files\DellSupport\DSAgnt.exe[3472] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 012328F5
.text C:\Program Files\DellSupport\DSAgnt.exe[3472] ws2_32.dll!send 71AB4C27 5 Bytes JMP 01232781
.text C:\Program Files\DellSupport\DSAgnt.exe[3472] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01232873
.text C:\Program Files\DellSupport\DSAgnt.exe[3472] ws2_32.dll!recv 71AB676F 5 Bytes JMP 012327B9
.text C:\Program Files\DellSupport\DSAgnt.exe[3472] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 012327F1
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01A328F5
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] ws2_32.dll!send 71AB4C27 5 Bytes JMP 01A32781
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01A32873
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] ws2_32.dll!recv 71AB676F 5 Bytes JMP 01A327B9
.text C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01A327F1
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3936] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02B228F5
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3936] ws2_32.dll!send 71AB4C27 5 Bytes JMP 02B22781
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3936] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02B22873
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3936] ws2_32.dll!recv 71AB676F 5 Bytes JMP 02B227B9
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3936] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02B227F1
.text C:\WINDOWS\system32\SearchFilterHost.exe[4000] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EF28F5
.text C:\WINDOWS\system32\SearchFilterHost.exe[4000] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EF2781
.text C:\WINDOWS\system32\SearchFilterHost.exe[4000] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00EF2873
.text C:\WINDOWS\system32\SearchFilterHost.exe[4000] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00EF27B9
.text C:\WINDOWS\system32\SearchFilterHost.exe[4000] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00EF27F1
.text C:\WINDOWS\system32\SearchProtocolHost.exe[4060] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 011E28F5
.text C:\WINDOWS\system32\SearchProtocolHost.exe[4060] WS2_32.dll!send 71AB4C27 5 Bytes JMP 011E2781
.text C:\WINDOWS\system32\SearchProtocolHost.exe[4060] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 011E2873
.text C:\WINDOWS\system32\SearchProtocolHost.exe[4060] WS2_32.dll!recv 71AB676F 5 Bytes JMP 011E27B9
.text C:\WINDOWS\system32\SearchProtocolHost.exe[4060] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 011E27F1

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0039B467
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0039B27A
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00396CA8
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00397881
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0039962B
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 0039804D
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00397A66
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00398EA6
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0039AB0E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0039AB3E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0039B681
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0039A868
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 003995BB
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 0039870D
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00397E61
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 003983A9
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0039B9AD
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 003990A5
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 003994B7
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00399BFA
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 003998EA
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00399BA8
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0039A1E4
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00399CF2
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00397C75
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00398662
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0039ABE9
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 003999AC
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0039956E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 003992E2
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 003996BB
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 0039B68D
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00399881
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 0039B812
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 0039B7E0
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0039B935
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0039B991
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3928] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 0039B87E

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI \Device\00000040 86E2D3D8
Device \Driver\ACPI \Device\00000041 86E2D3D8
Device \Driver\ACPI \Device\00000042 86E2D3D8
Device \Driver\ACPI \Device\00000044 86E2D3D8
Device \Driver\ACPI \Device\00000053 86E2D3D8
Device \Driver\ACPI \Device\00000046 86E2D3D8
Device \Driver\ACPI \Device\00000060 86E2D3D8
Device \Driver\ACPI \Device\00000047 86E2D3D8
Device \Driver\ACPI \Device\00000061 86E2D3D8
Device \Driver\ACPI \Device\00000048 86E2D3D8
Device \Driver\ACPI \Device\00000062 86E2D3D8
Device \Driver\ACPI \Device\00000049 86E2D3D8
Device \Driver\ACPI \Device\00000064 86E2D3D8
Device \Driver\ACPI \Device\00000065 86E2D3D8
Device \Driver\ACPI \Device\0000003d 86E2D3D8
Device \Driver\ACPI \Device\0000004a 86E2D3D8
Device \Driver\ACPI \Device\0000004b 86E2D3D8
Device \Driver\ACPI \Device\0000004c 86E2D3D8
Device \Driver\ACPI \Device\0000005a 86E2D3D8
Device \Driver\ACPI \Device\0000004d 86E2D3D8
Device \Driver\ACPI \Device\0000004e 86E2D3D8
Device \Driver\ACPI \Device\0000004f 86E2D3D8
Device \Driver\ACPI \Device\0000005d 86E2D3D8
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 AM

Posted 27 January 2010 - 07:13 AM

Hi,

please also run scans with mbr and rootrepeal:

MBR:
Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

ROOTREPEAL:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

Finally please also provide a log from OTL:
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 bobcat123

bobcat123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 29 January 2010 - 10:43 AM

On the OL Report, I couldn't see what you said to push after click scan all users.. Push the ???? button.. SO I just scan & didn't hit clean.. Is that correct? Or should I have cleaned on the OTL?
This is what I got:


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x86ce8678
NDIS: Intel® 82562V-2 10/100 Network Connection -> SendCompleteHandler -> 0x86509330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x012A050FC
malicious code @ sector 0x012A050FF !
PE file found in sector at 0x012A05115 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.





ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/29 09:02
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9E2B000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B51000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mbr.sys
Image Path: C:\DOCUME~1\TOSHAS~1\LOCALS~1\Temp\mbr.sys
Address: 0xF7923000 Size: 20864 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9377000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: Volume C:\
Status: MBR Rootkit Detected!

Path: c:\documents and settings\tosha smith\local settings\temp\~df5429.tmp
Status: Allocation size mismatch (API: 131072, Raw: 16384)

Path: c:\documents and settings\tosha smith\local settings\temporary internet files\content.ie5\index.dat
Status: Allocation size mismatch (API: 2842624, Raw: 2838528)

Stealth Objects
-------------------
Object: Hidden Code [Driver: ACPI, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ce8678 Size: 668

==EOF==





OTL logfile created on: 1/29/2010 9:27:42 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Tosha Smith\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 366.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 126.69 Gb Free Space | 85.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHA
Current User Name: Tosha Smith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/29 09:26:11 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tosha Smith\Desktop\OTL.exe
PRC - [2009/11/16 09:37:34 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/10 13:32:18 | 00,203,264 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/05/21 09:55:32 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/04/13 18:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/13 19:41:42 | 16,132,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2007/05/25 10:39:38 | 00,964,144 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
PRC - [2007/05/25 10:38:46 | 00,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2007/03/20 13:32:18 | 00,028,672 | ---- | M] () -- C:\Program Files\Bobcat\BATS\BatsService.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/03/01 09:46:26 | 00,106,496 | ---- | M] (Lathem Time Corp.) -- C:\PAYCLOCK\PC50\PCTSCMGR.EXE
PRC - [2007/03/01 09:45:30 | 00,356,352 | ---- | M] (Lathem Time Corp.) -- C:\PAYCLOCK\Pcscmgr.exe
PRC - [2007/02/18 15:45:42 | 00,200,763 | ---- | M] (MLB Computer Consulting) -- C:\PAYCLOCK\PC50\Bteng32m.exe
PRC - [2007/02/18 15:45:42 | 00,200,763 | ---- | M] (MLB Computer Consulting) -- C:\PAYCLOCK\Bteng32m.exe
PRC - [2007/02/05 14:40:46 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2007/01/12 10:57:28 | 00,292,336 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006/11/03 16:04:46 | 00,304,008 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
PRC - [2006/10/20 16:23:38 | 00,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/10/11 15:48:50 | 00,532,480 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcxcoms.exe
PRC - [2006/08/17 08:00:00 | 01,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2005/06/10 09:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/10/04 13:50:20 | 00,917,611 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
PRC - [2004/10/04 13:10:16 | 00,327,769 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
PRC - [2003/09/28 15:16:12 | 00,237,568 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHost.exe


========== Modules (SafeList) ==========

MOD - [2010/01/29 09:26:11 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tosha Smith\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/05/25 10:38:46 | 00,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/03/20 13:32:18 | 00,028,672 | ---- | M] () [Auto | Running] -- C:\Program Files\Bobcat\BATS\BatsService.exe -- (BatsWebService)
SRV - [2007/03/19 11:44:44 | 00,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/18 15:45:42 | 00,200,763 | ---- | M] (MLB Computer Consulting) [Auto | Running] -- C:\PAYCLOCK\PC50\BTENG32M.EXE -- (TouchStationServer)
SRV - [2007/02/18 15:45:42 | 00,200,763 | ---- | M] (MLB Computer Consulting) [Auto | Running] -- C:\PAYCLOCK\BTENG32M.EXE -- (PayClockServer)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/11 15:48:50 | 00,532,480 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dlcxcoms.exe -- (dlcx_device)
SRV - [2006/09/14 13:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/10/04 13:12:50 | 00,057,344 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)
SRV - [2004/08/10 12:01:15 | 00,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2003/09/28 15:16:12 | 00,237,568 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHost.exe -- (DpHost)


========== Driver Services (SafeList) ==========

DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/06/26 13:06:20 | 00,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/06/13 19:41:44 | 04,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/13 18:25:14 | 00,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/06/13 18:21:16 | 05,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/03/05 07:59:49 | 00,049,152 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TOUCHDSP.sys -- (TOUCHDSP)
DRV - [2007/03/05 07:59:49 | 00,020,224 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TouchSta.SYS -- (TOUCHSTA)
DRV - [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 18:01:20 | 00,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 12:18:08 | 00,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 00,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 00,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 00,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 00,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 00,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 00,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 00,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:05:58 | 00,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 09:35:18 | 00,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 00,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/24 02:00:00 | 00,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/07/21 10:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2004/09/26 18:42:00 | 00,345,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (DELL_A02)
DRV - [2004/09/01 13:39:46 | 00,016,979 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AEGISP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-100379524-1688825975-2171926055-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-100379524-1688825975-2171926055-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-100379524-1688825975-2171926055-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-100379524-1688825975-2171926055-1006\S-1-5-21-100379524-1688825975-2171926055-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-100379524-1688825975-2171926055-1006\S-1-5-21-100379524-1688825975-2171926055-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{D74D411C-B395-4F72-B902-C248ED07F66B}: C:\Documents and Settings\Tosha Smith\Local Settings\Application Data\{D74D411C-B395-4F72-B902-C248ED07F66B}\ [2009/10/30 14:59:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{817BBA06-890C-45C7-A376-7A8F712D980E}: C:\Documents and Settings\Tosha Smith\Local Settings\Application Data\{817BBA06-890C-45C7-A376-7A8F712D980E}\ [2009/11/05 08:16:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C0B8DFD2-371B-4D82-B475-F4AD4EF8E863}: C:\Documents and Settings\Tosha Smith\Local Settings\Application Data\{C0B8DFD2-371B-4D82-B475-F4AD4EF8E863}\ [2009/11/12 08:11:18 | 00,000,000 | ---D | M]


O1 HOSTS File: ([2009/12/22 10:47:15 | 00,001,523 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 78.159.110.46 www.google.com
O1 - Hosts: 78.159.110.46 www.google.de
O1 - Hosts: 78.159.110.46 www.google.fr
O1 - Hosts: 78.159.110.46 www.google.co.uk
O1 - Hosts: 78.159.110.46 www.google.com.br
O1 - Hosts: 78.159.110.46 www.google.it
O1 - Hosts: 78.159.110.46 www.google.es
O1 - Hosts: 78.159.110.46 www.google.co.jp
O1 - Hosts: 78.159.110.46 www.google.com.mx
O1 - Hosts: 78.159.110.46 www.google.ca
O1 - Hosts: 78.159.110.46 www.google.com.au
O1 - Hosts: 78.159.110.46 www.google.nl
O1 - Hosts: 78.159.110.46 www.google.co.za
O1 - Hosts: 78.159.110.46 www.google.be
O1 - Hosts: 78.159.110.46 www.google.gr
O1 - Hosts: 78.159.110.46 www.google.at
O1 - Hosts: 78.159.110.46 www.google.se
O1 - Hosts: 78.159.110.46 www.google.ch
O1 - Hosts: 78.159.110.46 www.google.pt
O1 - Hosts: 78.159.110.46 www.google.dk
O1 - Hosts: 78.159.110.46 www.google.fi
O1 - Hosts: 78.159.110.46 www.google.ie
O1 - Hosts: 78.159.110.46 www.google.no
O1 - Hosts: 78.159.110.46 search.yahoo.com
O1 - Hosts: 2 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-100379524-1688825975-2171926055-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [PayClockServer] C:\PAYCLOCK\Pcscmgr.exe (Lathem Time Corp.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TouchStationServer] C:\PAYCLOCK\PC50\PCTSCMGR.EXE (Lathem Time Corp.)
O4 - HKU\S-1-5-21-100379524-1688825975-2171926055-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-100379524-1688825975-2171926055-1006..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-100379524-1688825975-2171926055-1006..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk = C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-100379524-1688825975-2171926055-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-100379524-1688825975-2171926055-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-100379524-1688825975-2171926055-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-21-100379524-1688825975-2171926055-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-100379524-1688825975-2171926055-1006\..Trusted Domains: localhost ([]http in Trusted sites)
O15 - HKU\S-1-5-21-100379524-1688825975-2171926055-1006\..Trusted Domains: myspace.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-100379524-1688825975-2171926055-1006\..Trusted Domains: pandora.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-100379524-1688825975-2171926055-1006\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWire...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tosha Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tosha Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/29 09:26:07 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tosha Smith\Desktop\OTL.exe
[2010/01/29 09:01:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tosha Smith\Desktop\RootRepeal
[2010/01/22 10:11:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tosha Smith\My Documents\LimeWire
[2010/01/20 09:05:57 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/20 09:05:57 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/20 09:05:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/20 09:05:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/18 15:13:01 | 00,428,032 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/01/18 15:13:00 | 00,370,688 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swsc.exe
[2010/01/18 15:13:00 | 00,049,152 | ---- | C] (NirSoft) -- C:\WINDOWS\nircmd.exe
[2010/01/18 15:12:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/01/18 15:08:26 | 00,000,000 | ---D | C] -- C:\QooBox
[2010/01/18 14:54:59 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/14 16:14:57 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Tosha Smith\IECompatCache
[2010/01/14 11:18:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg(2)
[2010/01/12 13:03:43 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/09/05 07:24:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft
[2009/06/12 16:34:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/09/19 15:18:28 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2007/08/29 17:59:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/08/29 17:30:45 | 01,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2007/08/29 17:30:45 | 00,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2007/08/29 17:30:44 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2007/08/29 17:30:44 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2007/08/29 17:30:44 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2007/08/29 17:30:43 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2007/08/29 17:30:43 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2007/08/29 17:30:43 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2007/08/29 17:30:43 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2007/08/29 17:30:42 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2007/08/29 17:30:42 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/29 09:26:11 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tosha Smith\Desktop\OTL.exe
[2010/01/29 09:01:17 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Tosha Smith\Desktop\RootRepeal.zip
[2010/01/29 08:56:41 | 00,077,312 | ---- | M] () -- C:\mbr.exe
[2010/01/29 08:37:42 | 00,000,095 | ---- | M] () -- C:\WINDOWS\TASAPI.INI
[2010/01/29 08:36:43 | 00,002,333 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
[2010/01/29 08:28:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010/01/29 08:24:21 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/29 08:24:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/29 08:24:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/26 11:12:51 | 00,141,824 | ---- | M] () -- C:\Documents and Settings\Tosha Smith\My Documents\January 2010 Log.xls
[2010/01/25 17:02:43 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Tosha Smith\ntuser.ini
[2010/01/22 10:11:02 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\Tosha Smith\Desktop\LimeWire 4.16.6.lnk
[2010/01/22 09:15:57 | 04,608,000 | ---- | M] () -- C:\Documents and Settings\Tosha Smith\NTUSER.DAT
[2010/01/22 09:14:27 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/21 08:11:47 | 00,005,852 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/01/21 08:11:46 | 00,000,104 | RHS- | M] () -- C:\WINDOWS\System32\B771B24066.sys
[2010/01/20 10:42:40 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Tosha Smith\defogger_reenable
[2010/01/20 10:02:27 | 06,426,638 | -H-- | M] () -- C:\Documents and Settings\Tosha Smith\Local Settings\Application Data\IconCache.db
[2010/01/20 09:51:40 | 00,556,758 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/20 09:51:40 | 00,466,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/20 09:51:40 | 00,079,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/19 14:46:20 | 00,144,384 | ---- | M] () -- C:\Documents and Settings\Tosha Smith\My Documents\December 2009 Log.xls
[2010/01/19 14:20:21 | 00,154,112 | ---- | M] () -- C:\Documents and Settings\Tosha Smith\My Documents\November 2009 Log.xls
[2010/01/18 16:42:25 | 00,026,308 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/01/18 16:40:56 | 00,001,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Printer Supplies - Inkjet.LNK
[2010/01/18 16:24:59 | 00,074,398 | ---- | M] () -- C:\Documents and Settings\Tosha Smith\My Documents\Fax with Letterhead.docx
[2010/01/15 15:02:43 | 00,045,784 | ---- | M] () -- C:\Documents and Settings\Tosha Smith\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/15 15:01:12 | 00,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/14 11:18:47 | 47,843,427 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\incavi.avm
[2010/01/14 11:18:47 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\iavichjw.avm
[2010/01/14 11:18:38 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\avi7.avg
[2010/01/14 11:18:38 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\miniavi.avg
[2010/01/14 11:18:38 | 00,139,535 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\microavi.avg
[2010/01/14 11:05:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\IS15.exe
[2010/01/14 11:05:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/14 11:05:04 | 00,002,931 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/29 09:01:14 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Tosha Smith\Desktop\RootRepeal.zip
[2010/01/29 08:56:33 | 00,077,312 | ---- | C] () -- C:\mbr.exe
[2010/01/22 10:11:02 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\Tosha Smith\Desktop\LimeWire 4.16.6.lnk
[2010/01/20 10:42:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Tosha Smith\defogger_reenable
[2010/01/18 15:13:00 | 00,087,040 | ---- | C] () -- C:\WINDOWS\catchme.exe
[2010/01/18 15:13:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\vfind.exe
[2010/01/18 15:13:00 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\moveex.exe
[2010/01/14 11:18:47 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\iavichjw.avm
[2010/01/14 11:18:38 | 47,843,427 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\incavi.avm
[2010/01/14 11:18:38 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\avi7.avg
[2010/01/14 11:18:38 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\miniavi.avg
[2010/01/14 11:18:38 | 00,139,535 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\microavi.avg
[2010/01/14 11:00:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\IS15.exe
[2010/01/14 11:00:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/14 10:59:40 | 00,002,931 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/01/11 10:51:40 | 00,141,824 | ---- | C] () -- C:\Documents and Settings\Tosha Smith\My Documents\January 2010 Log.xls
[2009/12/22 10:46:30 | 00,000,028 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\fvgqad.dat
[2009/12/22 10:46:22 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Tosha Smith\Application Data\avdrn.dat
[2009/11/23 12:39:36 | 00,000,036 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2009/10/30 14:55:34 | 00,000,012 | ---- | C] () -- C:\Documents and Settings\Tosha Smith\Application Data\wiaserva.log
[2009/09/21 16:04:54 | 00,000,078 | ---- | C] () -- C:\WINDOWS\BTAB.INI
[2009/08/04 14:52:07 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\Tosha Smith\Application Data\mcs.rma
[2009/08/04 14:52:07 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Tosha Smith\Application Data\B152F5
[2008/12/22 10:20:04 | 00,038,488 | ---- | C] () -- C:\Documents and Settings\Tosha Smith\Application Data\Comma Separated Values (Windows).ADR
[2008/12/04 10:00:10 | 00,000,396 | ---- | C] () -- C:\WINDOWS\XCrashReport.ini
[2008/11/20 10:56:11 | 00,000,159 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini
[2008/08/08 14:29:01 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\PretzelSpellCheck.dll
[2008/08/06 09:42:29 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\Tosha Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/26 09:04:58 | 00,000,088 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2008/02/04 17:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/08 11:19:49 | 00,000,048 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/11/06 11:22:02 | 00,000,374 | ---- | C] () -- C:\Documents and Settings\Tosha Smith\Application Data\internaldb6334.dat
[2007/11/06 11:21:55 | 00,000,555 | ---- | C] () -- C:\Documents and Settings\Tosha Smith\Application Data\internaldb8467.dat
[2007/11/06 11:21:54 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\Tosha Smith\Application Data\internaldb41.dat
[2007/10/31 13:32:28 | 00,038,311 | ---- | C] () -- C:\Documents and Settings\Tosha Smith\Application Data\Microsoft Excel 97-2003.ADR
[2007/10/31 13:32:24 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/25 10:55:23 | 00,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/09/25 10:55:23 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\B771B24066.sys
[2007/09/19 15:13:04 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2007/09/19 15:13:04 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2007/09/19 15:12:43 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2007/09/19 14:35:46 | 00,020,224 | R--- | C] () -- C:\WINDOWS\System32\drivers\TouchSta.SYS
[2007/09/19 11:20:52 | 00,000,095 | ---- | C] () -- C:\WINDOWS\TASAPI.INI
[2007/08/29 17:59:43 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/29 17:57:50 | 00,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2007/08/29 17:53:05 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/08/29 17:53:05 | 00,000,389 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/29 17:30:45 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2007/08/29 17:30:45 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2007/08/29 17:30:45 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2007/08/29 17:30:45 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2007/08/29 17:30:45 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2007/08/29 17:30:45 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2007/08/29 17:30:43 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2007/08/29 17:30:43 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2007/08/29 17:30:43 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2007/08/29 17:30:43 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2007/08/29 17:30:42 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2007/08/29 17:30:42 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2007/08/29 17:30:42 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\DLCXcfg.dll
[2007/08/29 17:30:42 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2007/08/29 17:30:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2007/08/29 17:30:10 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007/08/29 17:28:54 | 00,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/03 10:24:36 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 10:22:46 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 10:22:14 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/07 03:25:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/09/08 14:06:02 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2006/02/13 07:56:04 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\dlcxplc.ini
[2004/08/10 12:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
< End of report >


OTL Extras logfile created on: 1/29/2010 9:27:42 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Tosha Smith\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 366.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 126.69 Gb Free Space | 85.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHA
Current User Name: Tosha Smith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"4926:TCP" = 4926:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DCB7997-E2D8-4E20-AF43-A89ED68616C9}" = DigitalPersona Gold Fingerprint Recognition Software 3.0.0
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2BC8EE3E-3CF6-4B61-89D1-6A6368CFF4D5}" = BobQuote
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.8.0
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8D8B167A-ED0F-43F1-AC10-3F4379F7CBBB}" = ArcSoft MediaConverter 2.5
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = USB 2.0 Wireless LAN Card Utility
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B33E4C22-23EA-465F-BDFF-F9AE0FF364E0}" = 926plc32
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9F31956-7F37-428E-8ECE-B5CEE0F41141}" = BATS
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F19F7B24-AAD4-4236-8475-5335483DA676}" = Avery Wizard 3.1
"2004 Mahjongg" = 2004 Mahjongg
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"BASICR" = Microsoft Office Basic 2007
"Card & Board Games 3" = Card & Board Games 3
"Card And Board Games 2" = Card And Board Games 2
"Citrix ICA Web Client" = Citrix ICA Web Client
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"eGames GameButler" = eGames GameButler
"FxFoto" = FxFoto by Triscape
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 4.16.6
"MavisBeacon9" = Mavis Beacon Teaches Typing 9.0.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PayClock Express" = PayClock Express
"Photo Organizer 1.8" = Photo Organizer
"PrintMaster Gold 4.00" = PrintMaster Gold 4.00
"RealPlayer 12.0" = RealPlayer
"TriscapeFxFoto" = Triscape FxFoto
"Ultimate Mahjongg 5" = Ultimate Mahjongg 5
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/15/2010 5:01:29 PM | Computer Name = TOSHA | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

Error - 1/15/2010 9:48:22 PM | Computer Name = TOSHA | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Windows Application,
SystemIndex Catalog

Error - 1/18/2010 10:47:13 AM | Computer Name = TOSHA | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Windows Application,
SystemIndex Catalog

Error - 1/18/2010 4:00:13 PM | Computer Name = TOSHA | Source = Application Hang | ID = 1002
Description = Hanging application DrgToDsc.exe, version 9.0.0.53, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2010 1:07:01 PM | Computer Name = TOSHA | Source = Windows Search Service | ID = 3104
Description = Enumerating user sessions to generate filter pools failed. Details:
The
binding handle is invalid. (0x800706a6)

Error - 1/21/2010 1:54:08 PM | Computer Name = TOSHA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2010 1:54:12 PM | Computer Name = TOSHA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/25/2010 3:59:10 PM | Computer Name = TOSHA | Source = Windows Search Service | ID = 3104
Description = Enumerating user sessions to generate filter pools failed. Details:
The
binding handle is invalid. (0x800706a6)

Error - 1/26/2010 1:19:41 PM | Computer Name = TOSHA | Source = Windows Search Service | ID = 3104
Description = Enumerating user sessions to generate filter pools failed. Details:
The
binding handle is invalid. (0x800706a6)

Error - 1/29/2010 10:24:47 AM | Computer Name = TOSHA | Source = Windows Search Service | ID = 3104
Description = Enumerating user sessions to generate filter pools failed. Details:
The
binding handle is invalid. (0x800706a6)

[ OSession Events ]
Error - 12/2/2008 12:07:09 PM | Computer Name = TOSHA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 448
seconds with 300 seconds of active time. This session ended with a crash.

Error - 12/2/2008 12:18:15 PM | Computer Name = TOSHA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 657
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/2/2008 12:20:45 PM | Computer Name = TOSHA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 145
seconds with 120 seconds of active time. This session ended with a crash.

Error - 12/2/2008 12:21:35 PM | Computer Name = TOSHA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 45
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/2/2008 12:22:45 PM | Computer Name = TOSHA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 66
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/2/2008 12:23:03 PM | Computer Name = TOSHA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/2/2008 12:44:08 PM | Computer Name = TOSHA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 168
seconds with 120 seconds of active time. This session ended with a crash.

Error - 12/22/2008 12:14:02 PM | Computer Name = TOSHA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 45
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/22/2008 12:16:34 PM | Computer Name = TOSHA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 148
seconds with 120 seconds of active time. This session ended with a crash.

Error - 3/2/2009 5:30:10 PM | Computer Name = TOSHA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 76
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/28/2010 3:04:57 PM | Computer Name = TOSHA | Source = NetBT | ID = 4321
Description = The name "JIM-MGROFFICE :0" could not be registered on the Interface
with IP address 10.0.0.6. The machine with the IP address 10.0.0.5 did not allow
the name to be claimed by this machine.

Error - 1/29/2010 10:24:48 AM | Computer Name = TOSHA | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 1/29/2010 10:37:54 AM | Computer Name = TOSHA | Source = NetBT | ID = 4321
Description = The name "D7390VG1 :0" could not be registered on the Interface
with IP address 10.0.0.7. The machine with the IP address 10.0.0.4 did not allow
the name to be claimed by this machine.

Error - 1/29/2010 10:37:54 AM | Computer Name = TOSHA | Source = NetBT | ID = 4321
Description = The name "JIM-MGROFFICE :0" could not be registered on the Interface
with IP address 10.0.0.7. The machine with the IP address 10.0.0.5 did not allow
the name to be claimed by this machine.

Error - 1/29/2010 10:52:41 AM | Computer Name = TOSHA | Source = NetBT | ID = 4321
Description = The name "JIM-MGROFFICE :0" could not be registered on the Interface
with IP address 10.0.0.7. The machine with the IP address 10.0.0.5 did not allow
the name to be claimed by this machine.

Error - 1/29/2010 10:52:41 AM | Computer Name = TOSHA | Source = NetBT | ID = 4321
Description = The name "D7390VG1 :0" could not be registered on the Interface
with IP address 10.0.0.7. The machine with the IP address 10.0.0.4 did not allow
the name to be claimed by this machine.

Error - 1/29/2010 11:07:28 AM | Computer Name = TOSHA | Source = NetBT | ID = 4321
Description = The name "D7390VG1 :0" could not be registered on the Interface
with IP address 10.0.0.7. The machine with the IP address 10.0.0.4 did not allow
the name to be claimed by this machine.

Error - 1/29/2010 11:07:28 AM | Computer Name = TOSHA | Source = NetBT | ID = 4321
Description = The name "JIM-MGROFFICE :0" could not be registered on the Interface
with IP address 10.0.0.7. The machine with the IP address 10.0.0.5 did not allow
the name to be claimed by this machine.

Error - 1/29/2010 11:22:16 AM | Computer Name = TOSHA | Source = NetBT | ID = 4321
Description = The name "D7390VG1 :0" could not be registered on the Interface
with IP address 10.0.0.7. The machine with the IP address 10.0.0.4 did not allow
the name to be claimed by this machine.

Error - 1/29/2010 11:22:16 AM | Computer Name = TOSHA | Source = NetBT | ID = 4321
Description = The name "JIM-MGROFFICE :0" could not be registered on the Interface
with IP address 10.0.0.7. The machine with the IP address 10.0.0.5 did not allow
the name to be claimed by this machine.


< End of report >


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 AM

Posted 29 January 2010 - 03:33 PM

Hi,

the OTL instructions contain 2 images, one is the OTL icon and the other is the run scan button. I assume you do see neither?

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and
reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run mbr again:
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -f >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 bobcat123

bobcat123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 01 February 2010 - 10:16 AM


I would really like to get this computer as clean as possible. Can you please help? This is what I got:



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x86b5b6c0
NDIS: Intel® 82562V-2 10/100 Network Connection -> SendCompleteHandler -> 0x864f3330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x012A050FC
malicious code @ sector 0x012A050FF !
PE file found in sector at 0x012A05115 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 AM

Posted 05 February 2010 - 10:36 AM

Hi,

please run mbr -t once more to see if the MBR was restored successfully:
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 AM

Posted 20 February 2010 - 08:30 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users