Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error messages


  • This topic is locked This topic is locked
50 replies to this topic

#1 Minnie7

Minnie7

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 23 April 2010 - 01:38 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/311587/internet-error-messages/ ~ OB

Hi, ok I started on this forum about a differnt topic but, my helpers felt that there are deeper problems that need to be fixed before those problems will go away. So, i was told to do steps 6-9 in the preparation guide and here are those results

First, I downloaded the DeFogger program and the end of it I received this message:

DeFrogger ran to completion, but one or more errors occured. See-defogger-disable.log for more details and here is the log:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:16 on 23/04/2010 (Administrator)

Checking for autostart values...
HKCU~Run values retrieved.
Unable to open HKLM~Run key (5)
HKLM~Run values retrieved.

Checking for services/drivers...


-=E.O.F=-



Next I did the DDS Progam and that seem to go alright nothing did not seem to go wrong here are those results:

I have to do it in another post because I get this error message when I am trying to open it up so I can post it.

Notepad.Exe- Application error

The application failed to intialize properly (0xc0000005). Click OK to terminate

Ok here is the log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 13:23:39.27 on Fri 04/23/2010
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.191.52 [GMT -4:00]


============== Running Processes ===============

C:WINDOWSsystem32svchost -k rpcss
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAltirisAClientAClient.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:WINDOWSsystem32HPConfig.exe
C:Program FilesHPQNotebook UtilitiesHPWirelessMgr.exe
C:Program FilesSymantec AntiVirusSavRoam.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesWinToolsWToolsS.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesAOL 9.0waol.exe
C:Program FilesAOL 9.0shellmon.exe
C:Documents and SettingsAdministratorDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.tcs.k12.nc.us/ths
uDefault_Search_URL = hxxp://srch-us4nb.hpwis.com/
uSearch Bar = hxxp://www.websearch.com/ie.aspx?tb_id=50188
mDefault_Search_URL = hxxp://srch-us4nb.hpwis.com/
mSearch Page = hxxp://srch-us4nb.hpwis.com/
mSearch Bar = hxxp://srch-us4nb.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.websearch.com/ie.aspx?tb_id=50188
mCustomizeSearch =
uURLSearchHooks: N/A: {87766247-311c-43b4-8499-3d5fec94a183} - c:progra~1common~1wintoolsWToolsB.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filesadobeacrobat 5.0readeractivexAcroIEHelper.ocx
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:progra~1spybot~1SDHelper.dll
BHO: : {87766247-311c-43b4-8499-3d5fec94a183} - c:progra~1common~1wintoolsWToolsB.dll
BHO: {8952A998-1E7E-4716-B23D-3DBE03910972} - No File
BHO: : {8da5457f-a8aa-4ccf-a842-70e6fd274094} - c:progra~1common~1wintoolsWToolsT.dll
TB: {339BB23F-A864-48C0-A59F-29EA915965EC} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%System32browseui.dll
uRun: [MSMSGS] "c:program filesmessengermsmsgs.exe" /background
uRun: [WeatherCast] "c:program filesweathercastWeather.exe" /q
uRun: [AOL Fast Start] "c:program filesaol 9.0AOL.EXE" -b
StartupFolder: c:docume~1alluse~1startm~1programsstartupmicros~1.lnk - c:program filesmicrosoft officeoffice10OSA.EXE
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: E&xport to Microsoft Excel - c:progra~1micros~2office10EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:windowsjavaclassesdajava.cab
DPF: Microsoft XML Parser for Java - file://c:windowsjavaclassesxmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/26e6e2ee0970d4feba16/netzip/RdxIE601.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107291322455
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - hxxp://download.websearch.com/Dnl/T_50188/QDow_AS2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {268732CC-D3E9-4E98-9D0A-69FDC1CA9044} = 10.2.1.3
TCP: {C2FEFD24-51DD-4931-BC44-97B6D12CDC74} = 205.188.146.145
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:program filescommon filesmicrosoft sharedweb foldersPKMCDO.DLL
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.dll
Notify: NavLogon - c:windowssystem32NavLogon.dll
LSA: Authentication Packages = msv1_0 nwv1_0

============= SERVICES / DRIVERS ===============

R1 AlKBNT;Altiris Keyboard Filter Driver;c:windowssystem32driversAlKbNT.sys [2005-2-1 5630]
R1 AlMNT;Altiris Mouse Filter Driver;c:windowssystem32driversAlMNT.sys [2005-2-1 5485]
R1 SAVRT;SAVRT;c:program filessymantec antivirussavrt.sys [2004-2-9 301200]
R2 SavRoam;SAVRoam;c:program filessymantec antivirusSavRoam.exe [2004-10-6 173392]
R2 SAVRTPEL;SAVRTPEL;c:program filessymantec antivirusSavrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:program filessymantec antivirusRtvscan.exe [2004-10-6 1275216]
R2 WinToolsSvc;WinTools for IE service;c:program filescommon fileswintoolsWToolsS.exe [2005-1-4 137728]
R3 ALiIRDA;ALi Infrared Device Driver;c:windowssystem32driversaliirda.sys [2003-4-10 26112]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:windowssystem32driverscaliaud.sys [2003-4-10 291328]
R3 CALIHALA;CALIHALA;c:windowssystem32driverscalihal.sys [2003-4-10 244608]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:windowssystem32driversDP83815.sys [2003-4-10 16512]
R3 NAVENG;NAVENG;c:progra~1common~1symant~1virusd~120100423.002naveng.sys [2010-4-23 84912]
R3 NAVEX15;NAVEX15;c:progra~1common~1symant~1virusd~120100423.002navex15.sys [2010-4-23 1324720]
S2 ccEvtMgr;Symantec Event Manager;c:program filescommon filessymantec sharedccEvtMgr.exe [2004-6-9 255096]
S2 ccSetMgr;Symantec Settings Manager;c:program filescommon filessymantec sharedccSetMgr.exe [2004-6-9 242808]
S3 ccPwdSvc;Symantec Password Validation;c:program filescommon filessymantec sharedccPwdSvc.exe [2004-6-9 87160]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;c:windowssystem32driversExpress.sys [2003-4-10 57344]

=============== Created Last 30 ================


==================== Find3M ====================


============= FINISH: 13:24:10.91 ===============


I dont see Attachments how do I attach the other file?

Also I ran GMER and that also at first did not work than I closed my browser and then ran it and it seemed to work but when I came back to check on it was closed out and I received an error message but it closed before I could write it down should I try it again?

Edited by Orange Blossom, 23 April 2010 - 06:42 PM.
Posts merged ~BP


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:16 PM

Posted 28 April 2010 - 03:32 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Minnie7

Minnie7
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 29 April 2010 - 10:52 AM

Hi Elise and thank you for helping me with my computer problems. Srry I have not been on for a couple of das and did not know you had responded to my post. Anyway here are my to reports from OLT:


OTL logfile created on: 4/29/2010 11:41:59 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

191.00 Mb Total Physical Memory | 37.00 Mb Available Physical Memory | 19.00% Memory free
721.00 Mb Paging File | 58.00 Mb Available in Paging File | 8.00% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 31.22 Gb Free Space | 83.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WELDON
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/29 11:40:41 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2006/11/10 09:16:59 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\waol.exe
PRC - [2006/11/10 09:16:58 | 000,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\shellmon.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2005/04/14 10:27:20 | 004,849,740 | ---- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\AClient\ACLIENT.EXE
PRC - [2004/10/06 18:56:48 | 000,173,392 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2004/10/06 18:56:44 | 001,275,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/10/06 18:56:36 | 000,030,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/08/13 00:33:06 | 000,137,728 | ---- | M] () -- C:\Program Files\Common Files\WinTools\WToolsS.exe
PRC - [2003/01/14 17:12:14 | 000,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
PRC - [2002/08/28 22:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/08/15 13:11:00 | 000,151,552 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPConfig.exe


========== Modules (SafeList) ==========

MOD - [2010/04/29 11:40:41 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2006/11/10 09:16:56 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2006/11/10 09:16:54 | 000,006,144 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\idleproc.dll
MOD - [2002/08/28 22:00:00 | 000,921,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/04/14 10:27:20 | 004,849,740 | ---- | M] (Altiris, Inc.) [Auto | Running] -- C:\Program Files\Altiris\AClient\AClient.exe -- (AClient)
SRV - [2004/10/06 18:56:48 | 000,173,392 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/10/06 18:56:44 | 001,275,216 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/10/06 18:56:36 | 000,030,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/08/13 00:33:06 | 000,137,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\WinTools\WToolsS.exe -- (WinToolsSvc)
SRV - [2004/06/11 19:28:30 | 000,201,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/06/09 21:31:14 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/06/09 21:31:12 | 000,087,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/06/09 21:31:08 | 000,255,096 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/04/05 14:40:00 | 000,036,864 | ---- | M] (Novell, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2003/01/14 17:12:14 | 000,053,248 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe -- (HPWirelessMgr)
SRV - [2002/08/28 22:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)
SRV - [2002/08/15 13:11:00 | 000,151,552 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPConfig.exe -- (HPConfig)


========== Driver Services (SafeList) ==========

DRV - [2010/04/27 04:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100427.002\navex15.sys -- (NAVEX15)
DRV - [2010/04/27 04:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100427.002\naveng.sys -- (NAVENG)
DRV - [2006/02/23 10:36:39 | 000,002,401 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AlKernel.sys -- (AlKernel)
DRV - [2005/02/01 17:32:25 | 000,005,630 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AlKbNT.sys -- (AlKBNT)
DRV - [2005/02/01 17:32:25 | 000,005,485 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AlMNT.sys -- (AlMNT)
DRV - [2004/06/14 15:57:20 | 000,473,646 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
DRV - [2004/06/11 19:28:10 | 000,263,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/06/11 19:28:08 | 000,016,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/06/01 19:19:34 | 000,027,249 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2004/05/24 12:58:52 | 000,037,856 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nicm.sys -- (NICM)
DRV - [2004/05/03 16:07:04 | 000,153,456 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC)
DRV - [2004/04/29 17:58:28 | 000,034,511 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS)
DRV - [2004/04/29 17:57:54 | 000,019,407 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP)
DRV - [2004/03/11 16:57:54 | 000,041,888 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2004/03/05 10:45:50 | 000,015,762 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\NetWare\nwfilter.sys -- (NWFILTER)
DRV - [2004/03/05 00:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/23 12:52:38 | 000,016,176 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2004/02/17 16:16:58 | 000,011,856 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2004/02/09 16:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 16:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2003/04/10 07:15:49 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/03/14 08:48:06 | 000,269,008 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/03/11 21:00:00 | 001,171,616 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/03/11 21:00:00 | 000,594,960 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/03/11 21:00:00 | 000,153,380 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI)
DRV - [2003/03/11 21:00:00 | 000,034,224 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/03/04 21:00:00 | 000,057,344 | ---- | M] (LAN-Express) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Express.sys -- (LEX_NIC_SERVICE)
DRV - [2003/02/26 15:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)
DRV - [2003/02/13 08:27:38 | 000,005,808 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS)
DRV - [2003/02/06 11:24:16 | 000,164,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/12/17 15:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/12/17 15:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/12/17 15:29:46 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/12/17 15:29:44 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/12/17 15:29:42 | 000,139,674 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/12/17 15:27:58 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/11/05 11:04:48 | 000,291,328 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\caliaud.sys -- (CALIAUD)
DRV - [2002/11/05 11:04:48 | 000,244,608 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\calihal.sys -- (CALIHALA)
DRV - [2002/10/16 08:15:54 | 000,014,543 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2002/08/28 22:00:00 | 000,196,288 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2002/08/28 20:00:00 | 000,016,512 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DP83815.sys -- (DP83815)
DRV - [2002/08/15 19:31:00 | 000,471,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/07/18 09:07:50 | 000,023,602 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2002/07/17 15:09:12 | 000,014,504 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpci.sys -- (HPCI)
DRV - [2001/12/17 07:54:32 | 000,026,112 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aliirda.sys -- (ALiIRDA)
DRV - [2001/08/17 16:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 03:48:56 | 000,289,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpab.sys -- (atimpab)
DRV - [2001/08/17 03:19:48 | 000,174,464 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es198x.sys -- (allegro) ESS Allegro Audio Driver (WDM)
DRV - [2001/08/17 03:13:20 | 000,027,164 | ---- | M] (Xircom, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CE3N5.SYS -- (CE3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50188


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoconfig.cpqcorp.net

IE - HKU\S-1-5-21-519634241-4273532468-54056810-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
IE - HKU\S-1-5-21-519634241-4273532468-54056810-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tcs.k12.nc.us/ths
IE - HKU\S-1-5-21-519634241-4273532468-54056810-500\..\URLSearchHook: {87766247-311C-43B4-8499-3D5FEC94A183} - C:\Program Files\Common Files\WinTools\WToolsB.dll ()
IE - HKU\S-1-5-21-519634241-4273532468-54056810-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2002/08/28 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: () - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\Program Files\Common Files\WinTools\WToolsB.dll ()
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - No CLSID value found.
O2 - BHO: () - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\Program Files\Common Files\WinTools\WToolsT.dll ()
O3 - HKLM\..\Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKU\S-1-5-21-519634241-4273532468-54056810-500\..\Toolbar\WebBrowser: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - No CLSID value found.
O4 - HKLM..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE ()
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe ()
O4 - HKLM..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe ()
O4 - HKU\S-1-5-21-519634241-4273532468-54056810-500..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\AOL.EXE (AOL, LLC.)
O4 - HKU\S-1-5-21-519634241-4273532468-54056810-500..\Run: [WeatherCast] C:\Program Files\WeatherCast\Weather.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-519634241-4273532468-54056810-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O15 - HKU\S-1-5-21-519634241-4273532468-54056810-500\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-519634241-4273532468-54056810-500\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.real.com/26e6e2ee0970d4...ip/RdxIE601.cab (RdxIE Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1107291322455 (WUWebControl Class)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (HouseCall Control)
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} http://download.websearch.com/Dnl/T_50188/QDow_AS2.cab (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, INC.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/29 11:40:29 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/04/26 05:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
[2010/04/26 00:54:14 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\IE8-WindowsXP-x86-ENU.exe
[2010/04/23 13:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gmer
[2010/04/23 10:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/22 21:29:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/22 21:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/22 21:29:36 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/22 21:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/29 11:40:41 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/04/29 11:21:34 | 000,000,694 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 11:16:47 | 000,001,460 | ---- | M] () -- C:\AClient.cfg
[2010/04/29 11:16:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/29 11:16:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/29 11:14:55 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/04/29 11:14:55 | 000,000,180 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/29 11:14:27 | 004,790,756 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/04/29 10:20:12 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_TCS_student.job
[2010/04/29 08:17:38 | 000,080,139 | ---- | M] () -- C:\Weldon's gradebook 04.gbf
[2010/04/29 04:30:00 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\tasks\{2E1B55DA-833E-4EC3-9813-C35C5B855AE1}_TCS_student.job
[2010/04/26 20:06:55 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\poem.doc
[2010/04/26 18:06:18 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Word.lnk
[2010/04/26 06:56:45 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Blade of Revenge.doc
[2010/04/26 05:44:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$ade of Revenge.doc
[2010/04/26 00:54:13 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\IE8-WindowsXP-x86-ENU.exe
[2010/04/24 14:08:52 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Retry AOL or call toll-free 866-834-4677 for assistance.lnk
[2010/04/23 13:26:10 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/04/23 13:20:37 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/04/23 13:16:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/04/23 13:15:29 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/04/23 11:43:54 | 007,899,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/04/22 21:29:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/22 07:35:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/26 16:29:36 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\poem.doc
[2010/04/26 05:44:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$ade of Revenge.doc
[2010/04/25 23:50:02 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Blade of Revenge.doc
[2010/04/23 13:26:06 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/04/23 13:20:26 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/04/23 13:16:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/04/23 13:15:36 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/04/23 10:19:59 | 007,899,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/04/22 21:29:49 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/08 03:13:09 | 000,000,122 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/11 11:48:36 | 000,000,085 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/05/08 23:54:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ump.INI
[2007/05/08 23:33:34 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2005/03/24 15:44:39 | 000,000,171 | R-S- | C] () -- C:\WINDOWS\System32\TBPS.ini
[2005/02/03 17:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/02/03 16:11:45 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/02/03 16:11:44 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/02/03 16:10:49 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/02/01 17:32:18 | 000,002,401 | ---- | C] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
[2005/01/24 14:59:34 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\GAMSWrap.dll
[2005/01/24 14:59:33 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\NMASWrap.dll
[2004/12/15 09:58:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Teacher.INI
[2004/10/26 15:02:12 | 000,000,283 | ---- | C] () -- C:\WINDOWS\IGPRO.ini
[2004/09/09 14:09:28 | 000,001,994 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/06/09 15:46:08 | 000,219,648 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2004/06/02 10:21:26 | 000,241,746 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2004/05/17 15:50:02 | 001,403,948 | ---- | C] () -- C:\WINDOWS\System32\lgncxw32.dll
[2004/04/09 19:40:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/09/26 16:48:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/07/28 19:04:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2003/04/10 07:14:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/04/10 07:10:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/10 07:10:28 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 07:03:10 | 000,000,072 | ---- | C] () -- C:\WINDOWS\AcrobatSetupStatus.ini
[2003/02/05 17:31:42 | 000,045,119 | ---- | C] () -- C:\WINDOWS\System32\dprpcw32.dll
[2002/11/01 17:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/09/09 13:38:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/08/28 22:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 14:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/10/04 15:40:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2000/01/20 10:15:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/11 05:37:36 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[1996/05/14 10:50:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[1995/08/22 09:36:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
< End of report >


Here is the second one:


OTL Extras logfile created on: 4/29/2010 11:41:59 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

191.00 Mb Total Physical Memory | 37.00 Mb Available Physical Memory | 19.00% Memory free
721.00 Mb Paging File | 58.00 Mb Available in Paging File | 8.00% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 31.22 Gb Free Space | 83.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WELDON
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = aolfile_HTM] -- C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\AOL9~1.0\aol.exe -u"%1" (AOL, LLC.)
https [open] -- C:\PROGRA~1\AOL9~1.0\aol.exe -u"%1" (AOL, LLC.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{21F5098D-0C9E-4637-AD49-F037F6275990}" = NMAS Client Components (2.7)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}" = Notebook Utilities
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.6.4-7)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"AOL Regclient" = AOL Registration
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C" = Conexant 56K ACLink Modem
"Conexant PCI Audio" = Conexant AC-Link Audio
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"InteGrade Pro" = InteGrade Pro
"InterActual Player" = InterActual Player
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McDougal Littell Test Generator" = McDougal Littell Test Generator
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Novell Client for Windows" = Novell Client for Windows
"QT4HPOT" = One-Touch Buttons
"RealPlayer 6.0" = RealOne Player
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinTools" = Win-Tools Easy Installer (by WebSearch)
"WinTools_ADKW" = Search Assistant
"WinTools_ESIES" = WebSearch Tools

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/23/2010 11:56:17 AM | Computer Name = WELDON | Source = MsiInstaller | ID = 11904
Description = Product: SUPERAntiSpyware Free Edition -- Error 1904. Module C:\Program
Files\SUPERAntiSpyware\SASSEH.DLL failed to register. HRESULT -2147024891. Contact
your support personnel.

Error - 4/23/2010 3:45:21 PM | Computer Name = WELDON | Source = EventSystem | ID = 4618
Description = The COM+ Event System raised an unexpected access violation at address
0x6BFA9979, attempting to access address 0x6BFA9979. Please contact Microsoft
Product Support Services to report this error. !+0x6bfa9979 OLE32!CreateErrorInfo+0x2c7

Error - 4/23/2010 3:45:21 PM | Computer Name = WELDON | Source = EventSystem | ID = 4618
Description = The COM+ Event System raised an unexpected access violation at address
0x6BFA9979, attempting to access address 0x6BFA9979. Please contact Microsoft
Product Support Services to report this error. !+0x6bfa9979 OLE32!CreateErrorInfo+0x2c7

Error - 4/23/2010 3:45:25 PM | Computer Name = WELDON | Source = Application Error | ID = 1000
Description = Faulting application imapi.exe, version 5.1.2600.1106, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/23/2010 9:06:52 PM | Computer Name = WELDON | Source = Microsoft Office 10 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Word.

Error - 4/26/2010 5:45:10 AM | Computer Name = WELDON | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.2627.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/26/2010 11:30:27 AM | Computer Name = WELDON | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/26/2010 5:52:03 PM | Computer Name = WELDON | Source = Application Error | ID = 1000
Description = Faulting application AOLacsd.exe, version 4.6.1.2, faulting module
AOLacsd.dll, version 4.6.61.1, fault address 0x000e91c0.

Error - 4/27/2010 12:41:27 PM | Computer Name = WELDON | Source = ESENT | ID = 485
Description = wuauclt (3320) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 4/28/2010 8:56:28 PM | Computer Name = WELDON | Source = Application Error | ID = 1000
Description = Faulting application AOLacsd.exe, version 4.6.1.2, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 4/28/2010 2:20:09 PM | Computer Name = WELDON | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Settings Manager
service to connect.

Error - 4/28/2010 2:20:09 PM | Computer Name = WELDON | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service
to connect.

Error - 4/28/2010 2:20:09 PM | Computer Name = WELDON | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%1053

Error - 4/28/2010 9:01:48 PM | Computer Name = WELDON | Source = Service Control Manager | ID = 7034
Description = The AOL Connectivity Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/29/2010 11:16:43 AM | Computer Name = WELDON | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 4/29/2010 11:16:43 AM | Computer Name = WELDON | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 4/29/2010 11:18:01 AM | Computer Name = WELDON | Source = Service Control Manager | ID = 7000
Description = The MAC Bridge Miniport service failed to start due to the following
error: %%2

Error - 4/29/2010 11:18:01 AM | Computer Name = WELDON | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Settings Manager
service to connect.

Error - 4/29/2010 11:18:01 AM | Computer Name = WELDON | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service
to connect.

Error - 4/29/2010 11:18:01 AM | Computer Name = WELDON | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%1053


< End of report >


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:16 PM

Posted 29 April 2010 - 11:19 AM

Please post me also the GMER log.

If GMER crashes, try to run it with the Sections option only checked.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Minnie7

Minnie7
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 29 April 2010 - 11:48 AM

Hi, ok I did the gmer and it seemed like it scanned everything but I hit the save button and it did nothing I tried the save button again it did nothing and then closed out. Then I tried just running the section like you said and I hit the save button again and it seemed like it was about to save it but then it closed out again. When I tried to open gmer back up I got this error message:

The application failed to intialize properly(0xc0000005). Click on OK to terminate application.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:16 PM

Posted 29 April 2010 - 12:04 PM

Did you try to run it with only Sections checked? If not, please try that. If that has the same problem, please look if there was a line detected that starts with .rsrc

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Minnie7

Minnie7
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 29 April 2010 - 12:25 PM

Hi ok here is the log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-29 13:20:41
Windows 5.1.2600 Service Pack 1
Running: tsk7be5vgmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxtdqpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [06]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 188 80502604 4 Bytes [88, 37, A9, E1]
? nwfilter.sys The system cannot find the file specified. !

---- EOF - GMER 1.0.15 ----


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:16 PM

Posted 29 April 2010 - 12:47 PM

Hi there,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Minnie7

Minnie7
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 30 April 2010 - 08:28 AM

Hi, ok I have a question about the ComboFix and the restore point. This computer was from the school (it was given to her from the school)when it restores will it be back to the point where the school had it because, I have set it to a workgroup for home use and I don't want it back on the domain.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:16 PM

Posted 30 April 2010 - 08:33 AM

Sorry, I don't think I understand your question. Combofix creates a new system restore point, but thats about it. It doesn't restore your computer to an earlier date. It sets some values back to their default, but that is nothing that can't be changed back you don't like it smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Minnie7

Minnie7
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 30 April 2010 - 09:35 AM

Ok I ran the Combofix and I had a couple of error messages come up.
The first one came up when ComboFix was rebooting up the computer I could not write it down it was on for a few seconds then it went off so I am not sure what it said I think it said something about making sure the name was correctly spelled it was something dealing with iwin im not sure.

The secind error message came up when ComboFix was preparing the log this was the erroe message:

REGT.cfxxe- Application Error

The application failed to intialize properly (0xc000012d) Click on OK to terminate program

Then when ComboFix closed out and brought the log up the above error message came back up along with the Altris Client Services Out of Memory message.

When it keeps saying its out of memory does that mean its to much stuff on the computer? If that is the case can I just delete some progams especially ones that were from the school because they are still on here and are not needed anymore? Will that help the whole Out of Memory problem?

Anyway here is the log:

ComboFix 10-04-29.05 - Administrator 04/30/2010 9:50.1.1 - x86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
/wow section - STAGE 4


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\student\Application Data\alot
c:\progra~1\COMMON~1\WinTools\WToolsA.exe
c:\program files\COMMON~1\WinTools
c:\program files\COMMON~1\WinTools\rmhgxlmu.wzg
c:\program files\COMMON~1\WinTools\Update\WToolsA.exe
c:\program files\COMMON~1\WinTools\WSup.exe
c:\program files\COMMON~1\WinTools\WToolsA.exe
c:\program files\COMMON~1\WinTools\WToolsB.dll
c:\program files\COMMON~1\WinTools\WToolsC.cfg
c:\program files\COMMON~1\WinTools\WToolsD.cfg
c:\program files\COMMON~1\WinTools\WToolsP.cfg
c:\program files\COMMON~1\WinTools\WToolsR.cfg
c:\program files\COMMON~1\WinTools\WToolsS.exe
c:\program files\COMMON~1\WinTools\WToolsT.dll
c:\program files\COMMON~1\WinTools\WToolsU.cfg
c:\program files\gamevance\gamevancelib32.dll
c:\program files\Gamevance\gvtl.dll
c:\program files\MyWebSearch
c:\program files\Toolbar
c:\program files\Toolbar\common.dll
c:\program files\Toolbar\Cursors\cursors.xml
c:\program files\Toolbar\PIB.exe
c:\recycler\S-1-5-21-3741901334-784014900-649880165-500
c:\recycler\S-1-5-21-515967899-854245398-1060284298-500
C:\Thumbs.db
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\patch.exe
c:\windows\system32\Thumbs.db

c:\windows\system32\qmgr.dll . . . is infected!!

c:\windows\system32\d3d9.dll . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 )))))))))))))))))))))))))))))))
.

2010-04-29 20:15 . 2010-04-29 20:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2010-04-26 09:53 . 2010-04-26 09:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-04-23 14:26 . 2010-04-23 14:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-23 01:29 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-23 01:29 . 2010-04-23 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-23 01:29 . 2010-03-30 04:45 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 01:29 . 2010-04-23 01:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 14:06 . 2005-02-03 21:03 -------- d-----w- c:\program files\Symantec AntiVirus
2010-04-30 13:56 . 2009-09-22 03:20 -------- d-----w- c:\program files\Gamevance
2010-04-26 00:59 . 2003-10-07 19:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSN6
2010-03-30 18:37 . 2010-03-30 18:37 119808 ----a-w- c:\documents and settings\student\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\FFTextLinks.dll
2010-02-04 21:35 . 2009-10-04 09:54 710136 ----a-w- c:\documents and settings\student\Application Data\LSoft Technologies\Active ISO Burner\IsoBurner.exe
2010-02-04 14:11 . 2009-10-04 09:54 1065968 ----a-w- c:\documents and settings\student\Application Data\LSoft Technologies\Active ISO Burner\SPTDinst-v162-x64.exe
2010-02-04 14:11 . 2009-10-04 09:54 880624 ----a-w- c:\documents and settings\student\Application Data\LSoft Technologies\Active ISO Burner\SPTDinst-v162-x86.exe
.

------- Sigcheck -------

[7] 2002-08-29 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\system32\comctl32.dll

[7] 2002-08-29 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . c:\windows\system32\cryptsvc.dll

[7] 2002-08-29 02:00 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\windows\system32\es.dll

[7] 2002-08-29 . C9F9E3E6B59C6D6CBCE7F14494A4518A . 103936 . . [5.1.2600.1106] . . c:\windows\system32\imm32.dll

[7] 2002-08-29 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\system32\kernel32.dll

[7] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\system32\linkinfo.dll

[7] 2002-08-29 . 55990CA08692E2739A8DDCE0B04352AC . 18944 . . [5.1.2600.0] . . c:\windows\system32\lpk.dll

[7] 2002-08-29 . 448EE0A3EDFC3339EC70E93C027E28C8 . 2833920 . . [6.00.2800.1106] . . c:\windows\system32\mshtml.dll

[7] 2002-08-29 . 886A6C3C185AAEDECD00477F72279B07 . 323072 . . [7.0.2600.1106] . . c:\windows\system32\msvcrt.dll

[7] 2002-08-29 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\system32\mswsock.dll

[7] 2002-08-29 . 3ADD563ED7A1C66E6F5E0F7A661AA96D . 399360 . . [5.1.2600.1106] . . c:\windows\system32\netlogon.dll

[7] 2002-08-29 . B9080D97DBD631AADF9128F7316958D2 . 2042240 . . [5.1.2600.1106] . . c:\windows\system32\ntoskrnl.exe

[7] 2002-08-29 . 865AD7CCB20856727D5BD994B094DC5E . 14848 . . [6.00.2600.0000] . . c:\windows\system32\powrprof.dll

[7] 2002-08-29 . 97418A5C642A5C748A28BD7CF6860B57 . 174592 . . [5.1.2600.1106] . . c:\windows\system32\scecli.dll

[7] 2002-08-29 . 52BB2A508CB3EB8AAA5F6F142F5B73D6 . 4096 . . [5.1.2600.0] . . c:\windows\system32\sfc.dll

[7] 2002-08-29 . 0F7D9C87B0CE1FA520473119752C6F79 . 12800 . . [5.1.2600.0] . . c:\windows\system32\svchost.exe

[7] 2002-08-29 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\system32\tapisrv.dll

[7] 2002-08-29 . DD9269230C21EE8FB7FD3FCCC3B1CFCB . 560128 . . [5.1.2600.1106] . . c:\windows\system32\user32.dll

[7] 2002-08-29 . E931E0A2B8BF0019DB902E98D03662CB . 22016 . . [5.1.2600.1106] . . c:\windows\system32\userinit.exe

[7] 2002-08-29 . F3587750A7481DCCBEA13D473A0700BE . 599040 . . [6.00.2800.1106] . . c:\windows\system32\wininet.dll

[7] 2002-08-29 . 8529C295DF59B564D37A73B5629162B1 . 75264 . . [5.1.2600.0] . . c:\windows\system32\ws2_32.dll

[7] 2002-08-29 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . c:\windows\explorer.exe

[7] 2002-08-29 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\system32\srsvc.dll



[7] 2002-08-29 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\system32\eventlog.dll

[7] 2002-08-29 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\system32\sfcfiles.dll

[7] 2002-08-29 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\system32\ctfmon.exe

[7] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\system32\shsvcs.dll

[7] 2002-08-29 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\system32\regsvc.dll

[7] 2002-08-29 . 719B05113003A1934EA25EA1FED68C85 . 159232 . . [5.1.2600.1106] . . c:\windows\system32\schedsvc.dll

[7] 2002-08-29 . 75B5821307B2F4491F9ED06732366872 . 43008 . . [5.1.2600.1106] . . c:\windows\system32\ssdpsrv.dll

[7] 2002-08-29 . FE84E045A09A4ABC4DEEF7270448B64E . 200192 . . [5.1.2600.1106] . . c:\windows\system32\termsrv.dll

[7] 2002-08-29 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[7] 2002-08-28 18:16 . FF773FEDA15E8BD97FD54FE87A0ACDBE . 142208 . . [5.1.2601.1095 built by: xpsp1] . . c:\windows\system32\drivers\aec.sys

[7] 2001-08-17 . 65880045C51AA36184841CEE915A61DF . 25472 . . [5.1.2600.0] . . c:\windows\system32\drivers\AGP440.SYS

[7] 2002-08-29 02:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll

[7] 2002-08-29 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . c:\windows\system32\msgsvc.dll

[7] 2002-08-29 . 0E8EFB15746878A9B256E75267337233 . 1947904 . . [5.1.2600.1106] . . c:\windows\system32\ntkrnlpa.exe

[7] 2002-08-29 02:00 . AAC49EF5C84A2EBD7409A51A1B65C542 . 392704 . . [5.1.2400.1106] . . c:\windows\system32\ntmssvc.dll

[7] 2002-08-29 . 848CE0601B58410FF2DFB6BC8449AFE7 . 164864 . . [5.1.2600.1106] . . c:\windows\system32\upnphost.dll

[7] 2002-08-29 . 9402C9F282AC5FAF8253A4DC2E231B67 . 338944 . . [5.1.2600.0] . . c:\windows\system32\dsound.dll

c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-15 28672]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-02-26 180316]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-15 290816]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 36864]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]
"QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-01-30 106496]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-14 634880]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"CARPService"="carpserv.exe" [2003-03-12 4608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-10-27 151597]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-03-02 77824]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"AClntUsr"="c:\program files\Altiris\AClient\AClntUsr.EXE" [2010-04-30 184320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-10 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-06 161096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 TBPSSvc;WebSeach Toolbar support NT service;c:\progra~1\Toolbar\TBPSSvc.exe [x]
R2 WinToolsSvc;WinTools for IE service;c:\program files\Common Files\WinTools\WToolsS.exe [x]
R3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;c:\windows\system32\DRIVERS\Express.sys [2003-03-05 57344]
S1 AlKBNT;Altiris Keyboard Filter Driver;c:\windows\system32\Drivers\AlKBNT.sys [2005-02-01 5630]
S1 AlMNT;Altiris Mouse Filter Driver;c:\windows\system32\Drivers\AlMNT.sys [2005-02-01 5485]
S2 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-10-06 173392]
S3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\DRIVERS\aliirda.sys [2001-12-17 26112]
S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2002-11-05 291328]
S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2002-11-05 244608]
S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\DRIVERS\DP83815.SYS [2002-08-29 16512]

.
Contents of the 'Scheduled Tasks' folder

2010-04-30 c:\windows\Tasks\{2E1B55DA-833E-4EC3-9813-C35C5B855AE1}_TCS_student.job
- c:\windows\system32\mobsync.exe [2002-08-29 02:00]

2010-04-30 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_TCS_student.job
- c:\windows\system32\mobsync.exe [2002-08-29 02:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tcs.k12.nc.us/ths
uDefault_Search_URL = hxxp://srch-us4nb.hpwis.com/
mSearch Bar = hxxp://srch-us4nb.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {268732CC-D3E9-4E98-9D0A-69FDC1CA9044} = 10.2.1.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TBPS - c:\progra~1\Toolbar\TBPS.exe
HKLM-Run-WinTools - c:\program files\Common Files\WinTools\WToolsA.exe
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.dll
AddRemove-ShockwaveFlash - c:\windows\System32\Macromed\Flash\UninstFl.exe
AddRemove-WinTools - c:\progra~1\COMMON~1\WinTools\WToolsA.exe
AddRemove-WinTools_ADKW - c:\progra~1\COMMON~1\WinTools\WToolsA.exe
AddRemove-WinTools_ESIES - c:\progra~1\COMMON~1\WinTools\WToolsA.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-30 10:07
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????)??p?????????? ??3B?????????????T?B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\System32\ODBC32.dll
c:\windows\System32\NRDWIN32.dll
c:\windows\System32\AXNMAS~1.OCX
c:\windows\System32\AXNMAS~2.OCX

- - - - - - - > 'lsass.exe'(840)
c:\windows\System32\dssenh.dll

- - - - - - - > 'Explorer.exe'(2184)
c:\windows\System32\msi.dll
c:\windows\System32\NLS\ENGLISH\NWSHLXNR.DLL
c:\windows\System32\NLS\ENGLISH\NOVNPNTR.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Altiris\AClient\AClient.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\HPConfig.exe
c:\program files\HPQ\Notebook Utilities\HPWirelessMgr.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\System32\carpserv.exe
c:\windows\System32\NWTRAY.EXE
c:\program files\AOL 9.0\waol.exe
c:\program files\AOL 9.0\shellmon.exe
.
**************************************************************************
.
Completion time: 2010-04-30 10:19:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-30 14:19

Pre-Run: 33,432,350,720 bytes free
Post-Run: 33,758,478,336 bytes free

winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E68D5953AB66B1944F1BDABADB2BE991


#12 Minnie7

Minnie7
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 30 April 2010 - 11:12 AM

Hi I am also receiving this message when I log on to the internet. Im not sure if has to do with the ComboFix or not but im not sure why it is popping up.

Here is the message.

NSIS Error:

The installer you are trying to use is corrupted or incomplete. This could be the result of a damaged disk, a failed download, or a virus.

You may want to contact the author off this installer to obtain a new copy.

It may be possible to skip this check using the /NCRC command line switch.
(NOT RECOMMENDED)

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:16 PM

Posted 30 April 2010 - 11:20 AM

Hello again,
Your log indicates you are running XP with Service Pack 1. This is a serious security risk, as the current Service pack is 3. therefore, please try to limit use of internet as much as possible. We cannot install SP3 untilyou are cleaned up, until then we need to be careful not to reinfect the computer.

Please launch MBAM, update it first and run a full scan. Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Minnie7

Minnie7
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 30 April 2010 - 11:57 AM

Hi is MBAM Malwarebytes Anti-Malware if it is if you look at my old post that was in Am I Infected forum I had trouble with the progam it will not open I get a run-time error message. So what do you want me to do?

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:16 PM

Posted 30 April 2010 - 12:04 PM

Please uninstall Malwarebytes antimalware with mbam-clean.exe

Then try to reinstall it and see if you still get the runtime error.

Let me know also how things are running now on your computer.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users