Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ISP shut off internet because of TORPIG How do i remove it?


  • This topic is locked This topic is locked
83 replies to this topic

#1 katherine90

katherine90

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 01 April 2010 - 01:51 AM

I have a Windows XP SP3
AVG Free 9.0 scan is clean, no infected files. Computer keeps locking up forcing me to manually shut off and turn computer back on. ISP says there is a TORPIG on here. I don't know how to remove it.




DDS (Ver_10-03-17.01) - NTFSx86
Run by Mike at 0:42:12.68 on Thu 04/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1842 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mike\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Page_URL = hxxp://www.msn.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\vbpdtvdp.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: {bc97b254-b2b9-4d40-971d-78e0978f5f26} - No File
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [cdloader] "c:\documents and settings\mike\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver\LVCOMS.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Search - ?p=ZJfox000
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\usi9zzz8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2006-2-16 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-2-16 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2006-2-16 242696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2006-2-16 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2006-2-16 308064]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-3-31 206608]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-20 135664]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [2006-5-28 217271]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-3-31 206608]

=============== Created Last 30 ================

2010-04-01 05:42:53 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-03-24 22:27:01 0 d-----w- C:\27cffc486bebac24077189b3607c82e4
2010-03-24 22:17:53 0 d-----w- c:\docume~1\mike\applic~1\BitDefender Deployment Tool
2010-03-24 21:57:18 0 d-----w- c:\program files\common files\BitDefender
2010-03-20 01:12:06 0 d-----w- C:\8878227651070eeccf
2010-03-20 01:10:13 0 d-----w- c:\docume~1\mike\applic~1\Windows Desktop Search
2010-03-20 01:08:58 0 d-----w- c:\program files\Windows Desktop Search
2010-03-20 01:06:10 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-03-20 01:06:10 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-03-20 01:06:09 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-03-19 06:41:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll

==================== Find3M ====================

2010-03-19 06:41:53 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-19 06:41:36 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-25 18:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-20 14:59:49 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2008-05-27 01:05:26 0 -c--a-w- c:\program files\temp01
2006-02-11 22:02:41 152 --sh--r- c:\windows\system32\D29C7C88F3.sys
2006-02-11 22:02:41 7676 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-24 17:30:33 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082420080825\index.dat

============= FINISH: 0:43:24.18 ===============


DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/14/2006 7:14:19 PM
System Uptime: 3/31/2010 11:12:27 PM (1 hours ago)

Motherboard: Dell Inc. | | 0FJ030
Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 228 GiB total, 129.047 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1468: 1/1/2010 9:51:36 AM - System Checkpoint
RP1469: 1/2/2010 10:50:30 AM - System Checkpoint
RP1470: 1/3/2010 10:51:34 AM - System Checkpoint
RP1471: 1/4/2010 8:08:29 AM - Avg8 Update
RP1472: 1/5/2010 8:50:30 AM - System Checkpoint
RP1473: 1/6/2010 9:50:29 AM - System Checkpoint
RP1474: 1/7/2010 12:37:19 PM - System Checkpoint
RP1475: 1/8/2010 12:55:31 PM - System Checkpoint
RP1476: 1/9/2010 1:11:18 PM - System Checkpoint
RP1477: 1/10/2010 1:55:23 PM - System Checkpoint
RP1478: 1/11/2010 4:24:34 PM - System Checkpoint
RP1479: 1/12/2010 4:55:14 PM - System Checkpoint
RP1480: 1/13/2010 3:00:15 AM - Software Distribution Service 3.0
RP1481: 1/14/2010 3:00:15 AM - Software Distribution Service 3.0
RP1482: 1/15/2010 3:26:42 AM - System Checkpoint
RP1483: 1/16/2010 4:26:40 AM - System Checkpoint
RP1484: 1/17/2010 5:26:40 AM - System Checkpoint
RP1485: 1/18/2010 6:26:41 AM - System Checkpoint
RP1486: 1/19/2010 7:26:39 AM - System Checkpoint
RP1487: 1/20/2010 3:00:15 AM - Software Distribution Service 3.0
RP1488: 1/21/2010 4:38:43 AM - System Checkpoint
RP1489: 1/22/2010 5:26:40 AM - System Checkpoint
RP1490: 1/22/2010 8:09:25 PM - Software Distribution Service 3.0
RP1491: 1/23/2010 3:00:19 AM - Software Distribution Service 3.0
RP1492: 1/24/2010 3:18:17 AM - System Checkpoint
RP1493: 1/25/2010 3:42:21 AM - System Checkpoint
RP1494: 1/26/2010 4:18:15 AM - System Checkpoint
RP1495: 1/27/2010 5:18:17 AM - System Checkpoint
RP1496: 1/28/2010 6:18:14 AM - System Checkpoint
RP1497: 1/29/2010 7:18:14 AM - System Checkpoint
RP1498: 1/30/2010 8:18:13 AM - System Checkpoint
RP1499: 1/31/2010 9:18:18 AM - System Checkpoint
RP1500: 2/1/2010 9:30:23 AM - System Checkpoint
RP1501: 2/2/2010 10:18:16 AM - System Checkpoint
RP1502: 2/3/2010 8:44:10 AM - Avg8 Update
RP1503: 2/4/2010 9:42:22 AM - System Checkpoint
RP1504: 2/5/2010 10:17:49 AM - System Checkpoint
RP1505: 2/6/2010 10:18:20 AM - System Checkpoint
RP1506: 2/7/2010 11:18:17 AM - System Checkpoint
RP1507: 2/8/2010 12:58:00 PM - System Checkpoint
RP1508: 2/9/2010 1:36:19 PM - System Checkpoint
RP1509: 2/10/2010 2:26:53 PM - System Checkpoint
RP1510: 2/11/2010 3:00:17 AM - Software Distribution Service 3.0
RP1511: 2/12/2010 3:00:17 AM - Software Distribution Service 3.0
RP1512: 2/13/2010 3:29:58 AM - System Checkpoint
RP1513: 2/14/2010 4:29:58 AM - System Checkpoint
RP1514: 2/14/2010 7:52:04 PM - Removed MioNet.
RP1515: 2/15/2010 3:00:17 AM - Software Distribution Service 3.0
RP1516: 2/15/2010 11:17:09 PM - Installed Java™ 6 Update 16
RP1517: 2/15/2010 11:20:25 PM - Removed OpenOffice.org 2.4
RP1518: 2/15/2010 11:21:34 PM - Installed OpenOffice.org 3.1
RP1519: 2/15/2010 11:25:40 PM - Installed Java™ 6 Update 17
RP1520: 2/16/2010 3:00:16 AM - Software Distribution Service 3.0
RP1521: 2/17/2010 3:37:38 PM - Software Distribution Service 3.0
RP1522: 2/20/2010 6:26:38 AM - Software Distribution Service 3.0
RP1523: 2/20/2010 6:33:41 AM - Performance and Maintenance
RP1524: 2/20/2010 7:47:27 AM - Removed Ad-Aware Email Scanner for Outlook
RP1525: 2/20/2010 7:48:55 AM - Removed AVG Free 8.5
RP1526: 2/20/2010 8:22:15 AM - Avira AntiVir Personal - 2/20/2010 8:21
RP1527: 2/20/2010 8:49:34 AM - Avira AntiVir Personal - 2/20/2010 8:49
RP1528: 2/20/2010 8:53:14 AM - Removed Google Earth.
RP1529: 2/20/2010 8:56:46 AM - Installed AVG Free 9.0
RP1530: 2/21/2010 6:44:17 PM - System Checkpoint
RP1531: 2/21/2010 9:57:27 PM - Avg8 Update
RP1532: 2/22/2010 3:00:17 AM - Software Distribution Service 3.0
RP1533: 2/23/2010 3:24:17 AM - System Checkpoint
RP1534: 2/24/2010 7:50:28 AM - System Checkpoint
RP1535: 2/25/2010 11:30:47 AM - Software Distribution Service 3.0
RP1536: 1/3/2006 12:28:57 AM - Removed AVG Free 9.0
RP1537: 1/3/2006 12:29:39 AM - Installed AVG Free 9.0
RP1538: 1/29/2006 7:53:37 PM - System Checkpoint
RP1539: 1/30/2006 7:54:55 PM - System Checkpoint
RP1540: 2/1/2006 10:28:48 AM - System Checkpoint
RP1541: 2/2/2006 10:47:02 AM - System Checkpoint
RP1542: 2/3/2006 10:51:38 AM - System Checkpoint
RP1543: 2/4/2006 2:42:29 PM - System Checkpoint
RP1544: 2/5/2006 3:36:09 PM - System Checkpoint
RP1545: 2/6/2006 4:43:32 PM - System Checkpoint
RP1546: 2/7/2006 8:43:14 PM - System Checkpoint
RP1547: 2/9/2006 6:49:04 PM - System Checkpoint
RP1548: 2/10/2006 8:02:03 PM - System Checkpoint
RP1549: 2/11/2006 8:55:18 PM - System Checkpoint
RP1550: 2/12/2006 11:03:39 PM - System Checkpoint
RP1551: 2/13/2006 11:43:30 PM - System Checkpoint
RP1552: 2/15/2006 12:55:24 PM - System Checkpoint
RP1553: 2/16/2006 4:02:15 PM - System Checkpoint
RP1554: 2/16/2006 6:05:17 PM - Installed AVG Free 9.0
RP1555: 2/16/2006 10:40:27 PM - Avg8 Update
RP1556: 3/18/2010 11:42:05 PM - Avg Update
RP1557: 3/18/2010 11:56:15 PM - Software Distribution Service 3.0
RP1558: 3/18/2010 11:10:47 AM - Software Distribution Service 3.0
RP1559: 3/18/2010 11:25:00 AM - Software Distribution Service 3.0
RP1560: 3/19/2010 12:47:44 AM - Removed Roxio Update Manager
RP1561: 3/19/2010 12:49:04 AM - Removed Rhapsody Player Engine
RP1562: 3/19/2010 5:44:03 PM - Software Distribution Service 3.0
RP1563: 3/19/2010 6:05:52 PM - Software Distribution Service 3.0
RP1564: 3/19/2010 6:35:22 PM - Software Distribution Service 3.0
RP1565: 3/21/2010 12:19:10 AM - System Checkpoint
RP1566: 3/22/2010 12:53:50 AM - System Checkpoint
RP1567: 3/23/2010 10:34:39 AM - System Checkpoint
RP1568: 3/24/2010 10:50:37 AM - System Checkpoint
RP1569: 3/24/2010 2:58:51 PM - Installed BitDefender Deployment Tool
RP1570: 3/24/2010 3:22:32 PM - Removed BitDefender Deployment Tool
RP1571: 3/25/2010 3:26:18 PM - System Checkpoint
RP1572: 3/26/2010 4:16:26 PM - System Checkpoint
RP1573: 3/27/2010 8:16:35 PM - System Checkpoint
RP1574: 3/28/2010 8:25:45 PM - System Checkpoint
RP1575: 3/30/2010 1:07:13 PM - System Checkpoint
RP1576: 3/31/2010 10:25:38 AM - Software Distribution Service 3.0
RP1577: 3/31/2010 10:42:53 PM - Installed Trend Micro RUBotted

==== Installed Programs ======================

4U WMA MP3 Converter 5.9.3
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Parental Control
AVG Free 9.0
Banctec Service Agreement
Big Fish Games Client
Bonjour
Compact Wireless-G USB Adapter
Conexant D850 56K V.9x DFVc Modem
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Network Assistant
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
DIGOpt
DIGReqEx
EducateU
ELIcon
Free iPod Video Converter 1.34
Free Mp3 Wma Converter V 1.6.3
GemMaster Mystic
Get High Speed Internet!
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Intel® Quick Resume Technology Drivers
Intel® Viivâ„¢
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java™ 6 Update 17
Logitech QuickCam
magicJack Outlook Add-In 1.0.3.521
Map Button (Windows Live Toolbar)
MathPlayer
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Modem Helper
Mozilla Firefox (3.6.2)
MP3 WAV Converter 3.26
MSN
MSN Encarta Plus Support Files
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Netscape Navigator (9.0b3)
NetWaiting
NetZeroInstallers
NVIDIA Drivers
OneCare Advisor (Windows Live Toolbar)
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
OpenOffice.org 3.1
Otto
QuickConnect
QuickTime
Qwest QuickAssist Desktop Tools
Qwest Quickcare 2.5
RealPlayer
Safari
Search Assist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Skypeâ„¢ 3.8
Smart Audio Converter
Smart Menus (Windows Live Toolbar)
Sonic Activation Module
Sonic Encoders
Sound Blaster X-Fi
TBS WMP Plug-in
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE
VideoLAN VLC media player 0.8.6c
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WLTB Custom Buttons
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

3/31/2010 9:59:10 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/31/2010 6:45:06 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/31/2010 3:22:02 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/31/2010 2:40:15 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/31/2010 11:13:21 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/31/2010 10:23:55 AM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/30/2010 2:53:27 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/30/2010 12:11:58 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/29/2010 5:20:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dlcf_device service to connect.
3/29/2010 5:20:55 PM, error: Service Control Manager [7000] - The dlcf_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/29/2010 5:20:55 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service dlcf_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}
3/29/2010 12:31:18 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/28/2010 6:22:45 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/28/2010 2:24:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
3/28/2010 2:24:51 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/28/2010 2:24:51 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/28/2010 2:22:21 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/28/2010 2:22:20 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
3/28/2010 2:22:02 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
3/28/2010 10:49:09 AM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/27/2010 7:49:40 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/26/2010 6:52:07 PM, error: Service Control Manager [7022] - The Fax service hung on starting.
3/26/2010 6:49:09 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/26/2010 6:34:15 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/26/2010 6:34:06 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/26/2010 2:58:10 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/26/2010 2:55:19 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/26/2010 1:55:15 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/25/2010 9:57:19 AM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/25/2010 8:49:10 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
3/25/2010 8:35:20 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/25/2010 4:06:14 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/25/2010 12:22:47 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/25/2010 11:48:13 AM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/25/2010 10:39:18 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
3/25/2010 10:22:05 PM, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.

==== End Of File ===========================





Any help is greatly appreciated, thank you.
-Katherine

Edited by katherine90, 01 April 2010 - 02:50 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,065 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 PM

Posted 01 April 2010 - 01:52 PM

Hello Katherine,

MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 katherine90

katherine90
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 01 April 2010 - 03:49 PM

I followed through with all until the scan froze on file C:\Documents and Settings\Mike\My Documents\My Pictures\2007-12-11\P1000266_072.jpg at this point it had found 16 infected objects. I followed through with your instruction to Abort Scan and Remove infected objects. then after clicking remove and all of the boxes were checked, it went to a Quarantining: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897a
There was no progress on the status bar below that, and it froze!
No clue what to from here.
I tried to click exit, but it does nothing. It is not completely locked up though as I have discovered when i push caps lock on on my keyboard the light will come on and off, so i can tell from that its not completely locked up.... i think.

thank you.

#4 katherine90

katherine90
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 01 April 2010 - 03:55 PM

I may have left a big piece out from the beginning, but I'm not sure. My dad had a guy try to fix our computer before, now when it starts up is says "Floppy diskette seek failure" i have no idea if that is a problem at all, but the guy told my dad just push F1 and it will finish starting up. Could that have something to do with these current issues of locking up and having a torpig?

As well with start-up, in Windows Security Center, the Firewall is turned off and when i click enable it wont work, then randomly sometimes it will come on.

Edited by katherine90, 01 April 2010 - 04:00 PM.


#5 katherine90

katherine90
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 01 April 2010 - 05:58 PM

ok, forced shut off, restart, still have internet, open malwarebytes, under quarantine there are 15 items. i clicked delete all.
checked for updates -- none
then went to scanner
perform full scan
scan

before there were 16 infected objects
it froze on file C:\Documents and Settings\Mike\My Documents\My Pictures\2007-12-11\P1000266_072.jpg
and then quarantine froze
but it stated that it had 15 files under quarantine, so im assuming it almost finished the job

should be 1 or more infected objects left if full scan is successful

nope -- once scan started again this is what transpired

2min5sec 15 infected objects found when it was around roughly 3000 objects scanned

got thru first hour freeze free

then found 16th infected object

Froze at:
1hr35min3sec 126303 files scanned
C:\ System Volume Information\_restore{129201FA-BOAC-49B3-96B2-DEB8B91E727B}\RP1477\A0181417.dll

couldnt abort scan, total lock up, tried to click Abort but loud long beep started, forced shut down 3:48 pm

MBAM has frozen twice now during scan.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,065 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 PM

Posted 02 April 2010 - 03:18 AM

Okay, lets try this a little different.

Are you saying you have to press f1 at every boot up now to get around the floopy read error? Are you actually using a floppy drive?

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 katherine90

katherine90
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 03 April 2010 - 12:01 AM

yes i have to press f1 at every boot so that it will finish the process. i have no idea actually if its on a floppy drive... my dad had some person work on it -- could be something he messed up or did, i have no knowledge on it.
ComboFix said there was a rootkit detected and had to reboot, it did and i once again pressed f1 and it finished the process.

ComboFix 10-04-01.02 - Mike 04/02/2010 21:17:20.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2039 [GMT -7:00]
Running from: D:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\sysReserve.ini
c:\program files\AntispyStorm
c:\program files\AntispyStorm\AntispyStorm.exe.MANIFEST
c:\program files\AntispyStorm\config.dat
c:\program files\AntispyStorm\filesbase.bin
c:\program files\AntispyStorm\global_virus_table.bin
c:\program files\AntispyStorm\regbase.bin
c:\program files\AntispyStorm\uninstall.log
c:\program files\AntispyStorm\urlbase.bin
c:\windows\AppPatch\AcAdProc.dll
c:\windows\astctl32.ocx
c:\windows\cpan.dll
c:\windows\ctfmon32.exe
c:\windows\ctrlpan.dll
c:\windows\directx32.exe
c:\windows\dnsrelay.dll
c:\windows\Downloaded Program Files\poPCaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\editpad.exe
c:\windows\explore.exe
c:\windows\explorer32.exe
c:\windows\funniest.exe
c:\windows\funny.exe
c:\windows\gfmnaaa.dll
c:\windows\helpcvs.exe
c:\windows\inetinf.exe
c:\windows\internet.exe
c:\windows\MailSwitch.ocx
c:\windows\msconfd.dll
c:\windows\msspi.dll
c:\windows\mswsc10.dll
c:\windows\mswsc20.dll
c:\windows\qttasks.exe
c:\windows\quicken.exe
c:\windows\rundll16.exe
c:\windows\rundll32.vbe
c:\windows\searchword.dll
c:\windows\sistem.exe
c:\windows\svchost32.exe
c:\windows\svcinit.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\hljwugsf.bin
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\ndisapi.dll
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\time.exe
c:\windows\waol.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISRD


((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-04-01 19:02 . 2010-04-01 19:02 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes
2010-04-01 19:02 . 2010-03-29 22:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-01 19:02 . 2010-04-01 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 19:02 . 2010-04-01 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-01 19:02 . 2010-03-29 22:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 05:42 . 2008-03-02 10:28 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-03-24 22:27 . 2010-03-24 22:27 -------- d-----w- C:\27cffc486bebac24077189b3607c82e4
2010-03-24 22:17 . 2010-03-24 22:21 -------- d-----w- c:\documents and settings\Mike\Application Data\BitDefender Deployment Tool
2010-03-24 21:57 . 2010-03-24 21:57 -------- d-----w- c:\program files\Common Files\BitDefender
2010-03-20 01:25 . 2010-03-20 01:25 -------- d-----w- c:\documents and settings\Katherine\Application Data\Windows Desktop Search
2010-03-20 01:12 . 2010-03-20 01:12 -------- d-----w- C:\8878227651070eeccf
2010-03-20 01:10 . 2010-03-20 01:10 -------- d-----w- c:\documents and settings\Mike\Application Data\Windows Desktop Search
2010-03-20 01:08 . 2010-03-20 01:40 -------- d-----w- c:\program files\Windows Desktop Search
2010-03-20 01:06 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-03-20 01:06 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-03-20 01:06 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-03-19 07:45 . 2010-03-19 07:45 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
2010-03-19 07:12 . 2010-03-19 07:12 -------- d-sh--w- c:\documents and settings\Katherine\IECompatCache
2010-03-19 06:41 . 2010-03-19 06:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-18 18:03 . 2010-03-18 18:03 -------- d-sh--w- c:\documents and settings\Katherine\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 18:48 . 2006-12-26 05:22 -------- d-----w- c:\program files\Dl_cats
2010-04-01 05:42 . 2006-04-10 14:16 -------- d-----w- c:\program files\Trend Micro
2010-04-01 05:42 . 2006-04-10 14:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-21 10:14 . 2006-12-25 09:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-19 07:49 . 2006-04-10 14:13 -------- d-----w- c:\program files\Real
2010-03-19 07:47 . 2006-04-10 14:18 -------- d-----w- c:\program files\Roxio
2010-03-19 06:41 . 2006-02-17 02:05 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-19 06:41 . 2006-02-17 02:05 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-19 06:41 . 2006-02-17 02:05 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-25 06:24 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 05:24 . 2006-05-14 02:37 101432 -c----w- c:\documents and settings\Katherine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-22 02:05 . 2010-02-22 02:05 -------- d-----w- c:\documents and settings\Nicholas\Application Data\OpenOffice.org
2010-02-20 16:56 . 2008-06-27 08:23 -------- d-----w- c:\program files\AVG
2010-02-20 16:53 . 2006-04-10 14:19 -------- d-----w- c:\program files\Google
2010-02-20 15:46 . 2008-06-21 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-20 14:59 . 2010-02-20 14:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-17 23:42 . 2006-04-15 04:11 101432 -c----w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-17 01:56 . 2010-02-17 01:56 -------- d-----w- c:\documents and settings\Mike\Application Data\OpenOffice.org
2010-02-16 17:16 . 2007-11-12 03:03 -------- d-----w- c:\documents and settings\Katherine\Application Data\uTorrent
2010-02-16 07:26 . 2010-02-16 07:26 -------- d-----w- c:\documents and settings\Katherine\Application Data\OpenOffice.org
2010-02-16 07:26 . 2006-04-10 14:01 -------- d-----w- c:\program files\Java
2010-02-16 07:22 . 2010-02-16 07:22 -------- d-----w- c:\program files\JRE
2010-02-16 07:22 . 2010-02-16 07:21 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-16 07:21 . 2008-10-01 02:19 -------- d-----w- c:\program files\OpenOffice.org 2.4
2010-02-16 07:13 . 2008-10-01 02:24 -------- d-----w- c:\documents and settings\Katherine\Application Data\OpenOffice.org2
2010-02-16 03:17 . 2008-10-04 02:46 -------- d-----w- c:\documents and settings\Mike\Application Data\OpenOffice.org2
2010-02-15 03:58 . 2007-05-27 17:32 -------- d-----w- c:\program files\DivX
2010-02-15 03:52 . 2009-09-16 08:21 -------- d-----w- c:\program files\MioNet
2010-02-05 03:20 . 2010-02-05 03:20 -------- d-----w- c:\documents and settings\Su\Application Data\MioNet
2010-02-05 03:19 . 2010-02-05 03:19 -------- d-----w- c:\documents and settings\Su\Application Data\InstallShield
2010-02-05 03:19 . 2010-02-05 03:19 -------- d-----w- c:\documents and settings\Su\Application Data\GTek
2008-05-27 01:05 . 2008-05-27 01:05 0 -c--a-w- c:\program files\temp01
2006-02-11 22:02 . 2006-04-15 04:11 152 --sh--r- c:\windows\system32\D29C7C88F3.sys
2006-02-11 22:02 . 2006-04-15 04:11 7676 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"cdloader"="c:\documents and settings\Mike\Application Data\mjusbsp\cdloader2.exe" [2009-12-24 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7323648]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944]
"CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-21 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 68856]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Katherine\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-10 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-19 06:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.protected]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\.protected
backup=c:\windows\pss\.protectedCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^.protected]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\.protected
backup=c:\windows\pss\.protectedStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=c:\windows\pss\TrueAssistant.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 23:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-09-18 19:46 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCare]
2008-05-31 15:11 202016 ----a-w- c:\program files\Qwest\Quickcare\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-19 00:48 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"AOL ACS"=2 (0x2)
"gupdate"=2 (0x2)
"WUSB54GCSVC"=2 (0x2)
"SQLWriter"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"GameConsoleService"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145071177\\ee\\aim6.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145071177\\ee\\aolsoftware.exe"=
"c:\\Documents and Settings\\Katherine\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Mike\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgui.exe"=
"c:\\Program Files\\AVG\\AVG9\\avginet.dll"=
"c:\\Program Files\\AVG\\AVG9\\avgwd.dll"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"10103:UDP"= 10103:UDP:uTorrent
"1700:TCP"= 1700:TCP:*:Disabled:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:*:Disabled:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:*:Disabled:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:*:Disabled:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:*:Disabled:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:*:Disabled:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:*:Disabled:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:*:Disabled:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:*:Disabled:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:*:Disabled:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:*:Disabled:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:*:Disabled:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:*:Disabled:MioNet Storage Device Discovery
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"8507:TCP"= 8507:TCP:Services
"8508:TCP"= 8508:TCP:Services
"3665:TCP"= 3665:TCP:Services
"5830:TCP"= 5830:TCP:Services

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/16/2006 7:05 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/16/2006 7:05 PM 242696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2/16/2006 7:05 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/16/2006 7:05 PM 308064]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [3/31/2010 10:42 PM 206608]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2010 8:19 AM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/1/2010 12:02 PM 38224]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [5/28/2006 11:45 AM 217271]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [3/31/2010 10:42 PM 206608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-04-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 15:19]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 15:19]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\usi9zzz8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-OE_OEM - c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
MSConfigStartUp-richtx64 - c:\docume~1\Mike\LOCALS~1\Temp\richtx64.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 21:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88592410]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f11852
\Driver\iaStor -> 0x88592410
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2452)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\locator.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\windows\system32\CTXFIHLP.EXE
c:\windows\CTHELPER.EXE
c:\windows\stsystra.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2010-04-02 21:56:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-03 04:55

Pre-Run: 138,034,122,752 bytes free
Post-Run: 138,634,817,536 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 09948F08129A75410331C2B63523E937


#8 katherine90

katherine90
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 03 April 2010 - 01:01 AM

after it finished i went to the startbar and clicked on turn off or shut down until further assistance from there, but it froze on "Windows is shutting down..." so i had to manually shut it off. its still freezing on me.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,065 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 PM

Posted 03 April 2010 - 02:29 AM

Hello again,

That cleaned up quite some stuff, but still some things there that need to go.

First of all I want to fix that f1 error, since that is only annoying. Possibly the following steps will require some reboots, so I think it would be handy if this would be fixed first.

Please see if you can follow the steps here to change the boot order for your computer. If you don't use a floppy drive it would be good if you could disable the floppy drive altogether
Note - on older systems its possible the key to access the BIOS is F2 and not Del.

Let me know if you were succesful in doing this.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 katherine90

katherine90
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 03 April 2010 - 04:52 PM

Not successful

pressed F2
under system went to boot sequence
1.Onboard or USB CD-ROM Drive
Onboard or USB floppy drive (not present) ---> I pressed the space bar to exclude this one, correct?
2.Onboard SATA Hard Drive
3.Onboard IDE Hard Drive (not present)
4.USB Device (not present)

Pressed Enter to save changes.
Esc to Exit Setup
Save/Exit

I did something wrong or didnt understand the websites instructions at all, because once i exited it still said floppy diskette failure Strike F1 Key to continue, F2 to run setup utility
I don't understand how to make sense or apply the info from that link.
Mine is like the one in the picture showing F2=Setup, F12=Boot Menu

Do you think you would walk me through this? or help me make sense of what the link's telling me to do?
Thanks


This time instead of going to Setup once I pressed F2 i Went to Drives
-->diskette drive
Off= All floppy drives are disabled
USB= USB floppy drives are enabled
Internal= The integrated floppy drive is enabled
Read Only= The Integrated floppy drie is enabled and only allows reads
The Factory default setting is Internal
Note: If USB is selected, ensure that the USB Controller field in the Onboard Devices group is set to On.

Now it was on Internal, I switched it to Off. was this right/wrong?
Well should i switch the first part i did back? because after i ESC it rebooted or finished and didnt ask me t press F1 or that there was a floppy diskette failure! so i think i was successful!


Also, if both of these things i did were wrong, do i switch them back the same way?? i hope i didnt mess anything up too bad.

Edited by katherine90, 03 April 2010 - 05:09 PM.


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,065 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 PM

Posted 04 April 2010 - 01:58 AM

I think you did it fine smile.gif The fact that you can now boot without having to press f1 proves that!

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.


*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 katherine90

katherine90
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 04 April 2010 - 09:10 PM

once computer finished startup the first thing that popped up was a message titled "RUNDLL -- Error loading \3\DLCFtime.dll The specified module could not be found."
could this be from the first thing i changed in the start up do get rid of the floppy diskette seek failure notice? should i cahnge that part back?

Defogger did not ask to reboot the machine. so i closed everything and rebooted from the start bar.

I went ahead and when i restarted i changed back the first thing i cahnged last time to get rid of the floppy notice and the startup was fine
but the Error sign came back up again.... sad.gif
But here is the log from HelpAsst...


C:\Documents and Settings\Mike\My Documents\Downloads\HelpAsst_mebroot_fix.exe
Sun 04/04/2010 at 18:31:50.50

HelpAssistant account was found to be Inactive


~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove
Remove on reboot: C:\WINDOWS\system32\termsrv32.dll

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"3246:TCP"=-
"2479:TCP"=-
"3389:TCP"=-
"8507:TCP"=-
"8508:TCP"=-
"3665:TCP"=-
"5830:TCP"=-
"3054:TCP"=-
"4608:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"1700:TCP"=-
"1701:TCP"=-
"1702:TCP"=-
"1703:TCP"=-
"1704:TCP"=-
"1705:TCP"=-
"1706:TCP"=-
"1707:TCP"=-
"1708:TCP"=-
"1709:TCP"=-
"1641:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"3246:TCP"=-
"2479:TCP"=-
"3389:TCP"=-
"8507:TCP"=-
"8508:TCP"=-
"3665:TCP"=-
"5830:TCP"=-
"3054:TCP"=-
"4608:TCP"=-

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-1212472516-1298130781-802289306-1004
HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant ~ attempting to remove
~ All C:\Documents and Settings\HelpAssistant files successfully removed ~

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Sun 04/04/2010 at 19:09:25.14

Full Name Remote Desktop Help Assistant Account
Account active Yes
Local Group Memberships *Administrators

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A3EEB60]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\iaStor -> 0x8a3eeb60
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in List

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services
"4608:TCP"=4608:TCP:*:Enabled:Services
"3054:TCP"=3054:TCP:*:Enabled:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services
"3054:TCP"=3054:TCP:*:Enabled:Services
"4608:TCP"=4608:TCP:*:Enabled:Services


~~ EOF ~~

Edited by katherine90, 04 April 2010 - 09:12 PM.


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,065 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 PM

Posted 05 April 2010 - 03:32 AM

Please download the Recovery Console Bootable CD iso
Unzip the file and user your favourite burning application to burn the iso to a CD. Note, this is not the same as just burning the iso file on a CD.
  • Insert the CD-ROM into the CD-ROM drive, and then restart the computer.

  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your CD.
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

  • When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

  • A command prompt will open

    At the command prompt type the following command and press enter.

    fixmbr

    confirm if asked.

  • At the next prompt type the following bolded text, and press Enter:

    exit
Windows will now begin loading.

Now re-run the Helpassistant fix and post me the log.

Edited by elise025, 05 April 2010 - 03:38 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 katherine90

katherine90
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 05 April 2010 - 04:09 PM

i must have done the cd part wrong because it wont boot from it and the CDROM drive is first already in the boot sequence. you say it is not like burning the iso file onto a cd. can you tell me how, because i dont know any differently and so thats probably where i messed up. if you could give me a few more details in the first step that would be great. thank you

second try
ok so i googled it, and on my laptop i downloaded Active@ ISO Burner, and on my laptop i made the CD and then put it into my computer. but i was still not completely successful sad.gif

windows setup in blue popped up was loading stuff at the bottom this it said Setup is opening Windows
then i pressed R and this came up
"Windows XP Home Edition Setup -- setup did not find and hard disk drives installed in your computer. Make sure all hard disk
drives are powered on and properly connected to your computer, and that any disk-related hardware configuration is correct.
This may involve running a manufacturer-supplied diagnostic or setup program.
Setup cannot continue. To quit Setup, press F3.


Edited by katherine90, 05 April 2010 - 04:42 PM.


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,065 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 PM

Posted 06 April 2010 - 02:21 AM

Yeah, I should have thought about that.... Thats because you have a SATA harddisk.

I am going to look into this a bit and post back here ASAP.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users