Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ran malwarebytes can't connect to internet


  • This topic is locked This topic is locked
2 replies to this topic

#1 x99thomas

x99thomas

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 23 May 2010 - 05:13 AM

I successfully removed a virus with with malwarebytes, however, I am now unable to connect to the internet. I am almost certain that it is malwarebytes that has caused this. I have tried over 8 hours now to get correct this problem with no luck, I have completely run out ideas.

When I try to connect to the internet, it just stays on acquiring network address. I have read dozens of similar posts about this problem but have yet to find a solution.

Things I have tried to fix this

-reinstalling driver
-making sure internet protocol tcp/ip properties are on automatic
-making sure lan setting are on automatic
-running several different functions from the command prompt (something about a sock)
-ran combofix

Many other things but my brain is turning to mush right now

Any thoughts are appreciated.

EDIT: Moved from XP to more appropriate Am I Infected forum ~ Hamluis.

Also, I tried to run system restore, but I didn't have any points to restore to. I know I had some from a couple of days ago, but the damn virus must have erased them.

This is the log from GMER



DDS (Ver_10-03-17.01) - NTFSx86
Run by Blake at 9:58:40.12 on Sun 05/23/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1252 [GMT -7:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
c:Program FilesMicrosoft Security EssentialsMsMpEng.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:Program FilesIntelWirelessBinWLKeeper.exe
svchost.exe
C:WINDOWSsystem32spoolsv.exe
svchost.exe
C:Program FilesBonjourmDNSResponder.exe
svchost.exe
C:Program FilesDell PrintersAdditional Color Laser SoftwareStatus MonitorDLSDBNT.EXE
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesMediafourMacDrive 7MacDriveService.exe
C:Program FilesDellQuickSetNICCONFIGSVC.exe
C:Program FilesRaxcoPerfectDisk10PDAgent.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
svchost.exe
svchost.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesDell PrintersAdditional Color Laser SoftwareStatus MonitorDLPWDNT.EXE
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32dllhost.exe
C:Program FilesDell PrintersAdditional Color Laser SoftwareUpdaterDLUPDR.EXE
C:Program FilesJavajre6binjusched.exe
C:Program FilesPowerISOPWRISOVM.EXE
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSehomeehtray.exe
C:Program FilesCyberLinkPowerDVDDVDLauncher.exe
C:Program FilesDellMedia ExperienceDMXLauncher.exe
C:Program FilesDellQuickSetquickset.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesMicrosoft Security Essentialsmsseces.exe
C:Program FilesDivXDivX UpdateDivXUpdate.exe
C:Program FilesRSSoftRedSwoosh.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesOrbitdownloaderorbitdm.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe
C:Program FilesAlienGUIseAlienwareDockObjectDock.exe
C:Program FilesOrbitdownloaderorbitnet.exe
C:Program FilesIntelWirelessBinDot1XCfg.exe
C:Program FilesToshibaBluetooth Toshiba StackTosA2dp.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHid.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHsp.exe
C:Program FilesToshibaBluetooth Toshiba StacktosOBEX.exe
C:Program FilesToshibaBluetooth Toshiba StacktosBtProc.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32ctfmon.exe
C:Documents and SettingsBlakeDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:program filesorbitdownloaderorbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre6binssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.4.4525.1752swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:program filesask.comGenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogletoolbar1.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:program filesorbitdownloaderGrabPro.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:program filesask.comGenericAskToolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
uRun: [Red Swoosh] c:program filesrssoftRedSwoosh.exe /S
uRun: [ISUSPM] "c:program filescommon filesinstallshieldupdateserviceISUSPM.exe" -scheduler
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [DWQueuedReporting] "c:progra~1common~1micros~1dwdwtrig20.exe" -t
mRun: [DLPSP] "c:program filesdell printersadditional color laser softwarestatus monitorDLPSP.EXE"
mRun: [DLUPDR] "c:program filesdell printersadditional color laser softwareupdaterDLUPDR.EXE"
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [PWRISOVM.EXE] c:program filespowerisoPWRISOVM.EXE
mRun: [MDGetStarted.exe] "c:program filesmediafourmacdrive 7MDGetStarted.exe" /auto
mRun: [IntelZeroConfig] "c:program filesintelwirelessbinZCfgSvc.exe"
mRun: [IntelWireless] "c:program filesintelwirelessbinifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe"
mRun: [ehTray] c:windowsehomeehtray.exe
mRun: [DVDLauncher] "c:program filescyberlinkpowerdvdDVDLauncher.exe"
mRun: [DMXLauncher] c:program filesdellmedia experienceDMXLauncher.exe
mRun: [Dell QuickSet] c:program filesdellquicksetquickset.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ATIPTA] "c:program filesati technologiesati control panelatiptaxx.exe"
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [UnlockerAssistant] "c:program filesunlockerUnlockerAssistant.exe"
mRun: [igfxtray] c:windowssystem32igfxtray.exe
mRun: [igfxhkcmd] c:windowssystem32hkcmd.exe
mRun: [igfxpers] c:windowssystem32igfxpers.exe
mRun: [MSSE] "c:program filesmicrosoft security essentialsmsseces.exe" -hide -runkey
mRun: [DivXUpdate] "c:program filesdivxdivx updateDivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
dRun: [DWQueuedReporting] "c:progra~1common~1micros~1dwdwtrig20.exe" -t
StartupFolder: c:docume~1blakestartm~1programsstartupalienw~1.lnk - c:program filesalienguisealienwaredockObjectDock.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupblueto~1.lnk - c:program filestoshibabluetooth toshiba stackTosBtMng1.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupblueto~2.lnk - c:program fileswidcommbluetooth softwareBTTray.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuporbit.lnk - c:program filesorbitdownloaderorbitdm.exe
IE: &Download by Orbit - c:program filesorbitdownloaderorbitmxt.dll/201
IE: &Grab video by Orbit - c:program filesorbitdownloaderorbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:program filesorbitdownloaderorbitmxt.dll/203
IE: Down&load all by Orbit - c:program filesorbitdownloaderorbitmxt.dll/202
IE: Download All Files by HiDownload - c:program filesstreamingstarhidownloadHDGetAll.htm
IE: Download by HiDownload - c:program filesstreamingstarhidownloadHDGet.htm
IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:program fileswidcommbluetooth softwarebtsendto_ie_ctx.htm
IE: Send To Bluetooth - c:program fileswidcommbluetooth softwarebtsendto_ie.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:program filespokerstarsPokerStarsUpdate.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:program fileswidcommbluetooth softwarebtsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~2office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://photon.webex.com/client/T26L/webex/ieatgpc.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:program filescitrixgotoassist480G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
Notify: WB - c:program filesalienguisefastload.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1blakeapplic~1mozillafirefoxprofilesuysb827j.default
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program filesmozilla firefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program filesmozilla firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesmozilla firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("html5.enable", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:windowssystem32driversMDFSYSNT.SYS [2007-9-5 277888]
R0 MDPMGRNT;MDPMGRNT;c:windowssystem32driversMDPMGRNT.sys [2007-2-28 19072]
R1 AW_HOST;AW_HOST;c:windowssystem32driversAW_HOST5.sys [2007-3-30 18232]
R1 awlegacy;awlegacy;c:windowssystem32driversAWLEGACY.sys [2007-3-30 17848]
R1 MpFilter;Microsoft Malware Protection Driver;c:windowssystem32driversMpFilter.sys [2009-12-2 149040]
R2 DLSDB;Dell Printer Status Database;c:program filesdell printersadditional color laser softwarestatus monitordlsdbnt.exe [2008-2-28 140184]
R2 MacDriveService;MacDriveService;c:program filesmediafourmacdrive 7MacDriveService.exe [2007-5-1 143360]
R2 McrdSvc;Media Center Extender Service;c:windowsehomemcrdsvc.exe [2005-8-5 99328]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:program filespostgresql8.3binpg_ctl.exe [2008-9-19 65536]
S2 gupdate;Google Update Service (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2009-12-22 135664]
S3 AngelUsb;Angel USB MPEG Device;c:windowssystem32driversAngelUsb.sys [2007-11-18 375424]
S3 awhost32;Symantec pcAnywhere Host Service;c:program filessymantecpcanywhereawhost32.exe [2007-5-11 132728]
S3 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [2007-11-6 34064]

=============== Created Last 30 ================

2010-05-23 07:14:05 98816 ----a-w- c:windowssed.exe
2010-05-23 07:14:05 77312 ----a-w- c:windowsMBR.exe
2010-05-23 07:14:05 256512 ----a-w- c:windowsPEV.exe
2010-05-23 07:14:05 161792 ----a-w- c:windowsSWREG.exe
2010-05-23 07:11:24 5600 ----a-w- c:windowssystemwinaspi.BAK
2010-05-23 07:11:24 4672 ----a-w- c:windowssystemwowpost.BAK
2010-05-23 07:11:24 45056 ----a-w- c:windowssystem32wnaspi32.BAK
2010-05-23 07:11:24 16877 ----a-w- c:windowssystem32driversaspi32.BAK
2010-05-23 04:39:09 0 d-----w- c:program filesTrend Micro
2010-05-23 02:17:34 552 ----a-w- c:windowssystem32d3d8caps.dat
2010-05-15 06:37:54 54156 ---ha-w- c:windowsQTFont.qfn
2010-05-15 06:37:54 1409 ----a-w- c:windowsQTFont.for
2010-05-12 03:52:00 0 d-----w- c:docume~1alluse~1applic~1DivX
2010-05-11 01:57:45 5760054 ----a-w- c:windowsALX_1600x1200.bmp
2010-05-11 01:57:16 5760054 ----a-w- c:windowsAW_1600x1200.bmp
2010-05-10 23:39:34 1089593 -c----w- c:windowssystem32dllcachentprint.cat
2010-05-10 22:59:56 0 d-----w- c:windowssystem32XPSViewer
2010-05-10 22:58:34 117760 ------w- c:windowssystem32prntvpt.dll
2010-05-10 22:58:33 89088 -c----w- c:windowssystem32dllcachefilterpipelineprintproc.dll
2010-05-10 22:58:33 597504 -c----w- c:windowssystem32dllcacheprintfilterpipelinesvc.exe
2010-05-10 22:58:33 575488 -c----w- c:windowssystem32dllcachexpsshhdr.dll
2010-05-10 22:58:33 575488 ------w- c:windowssystem32xpsshhdr.dll
2010-05-10 22:58:33 1676288 -c----w- c:windowssystem32dllcachexpssvcs.dll
2010-05-10 22:58:33 1676288 ------w- c:windowssystem32xpssvcs.dll
2010-05-10 22:58:32 0 d-----w- C:0e5bad5a42b855a025e80a8717cc8b
2010-05-10 22:40:22 0 d-sh--w- c:documents and settingsblakeIECompatCache
2010-05-10 22:40:01 0 d-sh--w- c:documents and settingsblakePrivacIE
2010-05-10 22:24:52 0 d-sh--w- c:documents and settingsblakeIETldCache
2010-05-10 17:40:27 0 d-----w- c:windowsie8updates
2010-05-10 17:28:58 0 dc-h--w- c:windowsie8
2010-05-10 17:21:13 221568 ------w- c:windowssystem32MpSigStub.exe
2010-05-10 17:20:34 0 d-----w- c:windowssystem32MpEngineStore
2010-05-10 17:16:05 247808 -c----w- c:windowssystem32dllcacheieproxy.dll
2010-05-10 17:16:05 12800 -c----w- c:windowssystem32dllcachexpshims.dll
2010-05-10 17:15:41 64000 -c----w- c:windowssystem32dllcacheiecompat.dll
2010-05-10 17:15:15 0 d-----w- c:program filesMicrosoft Security Essentials
2010-05-10 17:14:38 0 d-----w- C:d5d6b62b0017efcf097861df48cf
2010-05-09 00:51:39 726528 -c--a-w- c:windowssystem32dllcachejscript.dll
2010-05-09 00:50:21 471552 -c----w- c:windowssystem32dllcacheaclayers.dll
2010-05-09 00:49:22 81920 -c----w- c:windowssystem32dllcachefontsub.dll
2010-05-09 00:49:22 119808 -c----w- c:windowssystem32dllcachet2embed.dll
2010-05-09 00:49:08 3558912 -c----w- c:windowssystem32dllcachemoviemk.exe
2010-05-09 00:45:59 4274816 ------w- c:windowssystem32nv4_disp.dll
2010-05-09 00:42:52 128512 -c----w- c:windowssystem32dllcachedhtmled.ocx
2010-05-09 00:42:34 284160 -c----w- c:windowssystem32dllcachepdh.dll
2010-05-09 00:42:33 401408 -c----w- c:windowssystem32dllcacherpcss.dll
2010-05-09 00:42:33 110592 -c----w- c:windowssystem32dllcacheservices.exe
2010-05-09 00:42:32 473600 -c----w- c:windowssystem32dllcachefastprox.dll
2010-05-09 00:42:32 453120 -c----w- c:windowssystem32dllcachewmiprvsd.dll
2010-05-09 00:42:32 227840 -c----w- c:windowssystem32dllcachewmiprvse.exe
2010-05-09 00:42:30 714752 -c----w- c:windowssystem32dllcachentdll.dll
2010-05-09 00:42:30 617472 -c----w- c:windowssystem32dllcacheadvapi32.dll
2010-05-09 00:41:20 0 d-----w- c:windowsServicePackFiles
2010-05-09 00:40:04 1315328 -c----w- c:windowssystem32dllcachemsoe.dll
2010-05-09 00:35:53 2560 ------w- c:windowssystem32xpsp4res.dll
2010-05-09 00:35:51 1206508 -c----w- c:windowssystem32dllcachesysmain.sdb
2010-05-09 00:35:50 215552 -c----w- c:windowssystem32dllcachewordpad.exe
2010-05-09 00:31:27 19569 ----a-w- c:windows003238_.tmp
2010-05-02 20:57:05 0 d-----w- c:docume~1blakeapplic~1Webroot
2010-05-02 20:55:42 0 d-----w- c:docume~1alluse~1applic~1Geek Squad
2010-04-28 19:54:15 0 d-----w- c:program filescommon filesHewlett-Packard
2010-04-28 19:53:15 15104 ----a-w- c:windowssystem32driversusbscan.sys
2010-04-28 19:49:38 94208 ----a-w- c:windowssystem32HPZipt12.dll
2010-04-28 19:49:38 69632 ----a-w- c:windowssystem32HPZipm12.exe
2010-04-28 19:49:38 61440 ----a-w- c:windowssystem32HPZinw12.exe
2010-04-28 19:49:38 57344 ----a-w- c:windowssystem32HPZisn12.dll
2010-04-28 19:49:38 278584 ----a-w- c:windowssystem32HPZidr12.dll
2010-04-28 19:49:38 204800 ----a-w- c:windowssystem32HPZipr12.dll
2010-04-28 19:49:34 306688 ----a-w- c:windowsIsUninst.exe
2010-04-28 19:49:19 0 d-----w- c:program filesHP
2010-04-28 19:48:22 17505 ------w- c:windowshpomdl07.dat
2010-04-28 19:48:22 102262 ----a-w- c:windowshpoins05.dat
2010-04-28 19:48:21 51120 ----a-w- c:windowssystem32driversHPZid412.sys
2010-04-28 19:48:21 21744 ----a-w- c:windowssystem32driversHPZius12.sys
2010-04-28 19:48:21 16496 ----a-w- c:windowssystem32driversHPZipr12.sys
2010-04-28 19:48:15 98304 ----a-w- c:windowssystem32hpzjsn01.dll
2010-04-28 19:48:14 606208 ----a-w- c:windowssystem32hpotscl.dll
2010-04-28 19:48:14 278528 ----a-w- c:windowssystem32hpgwiamd.dll
2010-04-28 19:48:14 274432 ----a-w- c:windowssystem32HPZc3212.dll
2010-04-28 19:48:14 258122 ----a-w- c:windowssystem32hpovst08.dll
2010-04-28 19:48:00 180315 ----a-w- c:windowssystem32hpzsnt12.dll
2010-04-28 19:47:55 393216 ----a-w- c:windowssystem32hpzcon12.dll
2010-04-28 19:47:55 196608 ----a-w- c:windowssystem32hpzcoi12.dll
2010-04-27 02:24:54 0 d-----w- c:documents and settingsblakeBluetooth Software
2010-04-27 02:22:13 91176 ----a-w- c:windowssystem32driversbtwsecfl.sys
2010-04-27 02:22:13 45984 ----a-w- c:windowssystem32driversbtwusb.sys
2010-04-27 02:22:13 106557 ----a-w- c:windowssystem32btw_ci.dll
2010-04-27 02:22:12 56992 ----a-w- c:windowssystem32driversbtwhid.sys
2010-04-27 02:22:12 37160 ----a-w- c:windowssystem32driversbtport.sys
2010-04-27 02:22:12 156816 ----a-w- c:windowssystem32driversbtwdndis.sys
2010-04-27 02:22:11 991136 ----a-w- c:windowssystem32driversbtkrnl.sys
2010-04-27 02:22:10 533024 ----a-w- c:windowssystem32driversbtaudio.sys
2010-04-27 02:21:46 0 d-----w- c:program filesWIDCOMM
2010-04-26 23:20:52 139264 ----a-w- c:windowssystem32igfxres.dll
2010-04-26 22:04:42 353592 ----a-w- c:windowssystem32DivXControlPanelApplet.cpl

==================== Find3M ====================

2010-05-23 03:41:20 21425 ----a-w- c:windowssystem32driversAegisP.sys
2010-04-29 22:39:38 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-04-29 22:39:26 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-03-19 07:04:08 163840 ----a-w- c:windowssystem32svcmsdebug.exe
2010-03-10 06:15:52 420352 ----a-w- c:windowssystem32vbscript.dll
2010-03-08 17:59:18 94208 ----a-w- c:windowssystem32dpl100.dll
2010-02-25 06:24:37 916480 ----a-w- c:windowssystem32wininet.dll
2008-10-22 19:31:10 0 ----a-w- c:program filescommon filesdht342126
2008-09-21 03:18:28 822 ----a-w- c:program filesimghz.txt
2006-05-03 0954 163328 --sha-r- c:windowssystem32flvDX.dll
2007-02-21 10:47:16 31232 --sha-r- c:windowssystem32msfDX.dll
2007-12-17 12:43:00 27648 --sha-w- c:windowssystem32Smab0.dll

============= FINISH: 9:58:57.50 ===============

and combo fix

I was not able to download windows recovery console.



ComboFix 10-05-22.03 - Blake 05/23/2010 13:34:55.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1565 [GMT -7:00]
Running from: c:documents and settingsBlakeDesktopComboFix.exe
Command switches used :: c:documents and settingsBlakeDesktopCFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 )))))))))))))))))))))))))))))))
.

2010-05-23 19:05 . 2006-08-17 15:55 44544 ----a-r- c:windowssystem32driversbcm4sbxp.sys
2010-05-23 19:05 . 2010-05-23 19:05 -------- d-----w- c:program filesBroadcom
2010-05-23 08:47 . 2010-05-23 08:47 -------- d-----w- c:documents and settingsBlakeLocal SettingsApplication DataPCHealth
2010-05-23 08:47 . 2010-05-23 08:47 -------- d-----w- c:documents and settingsNetworkServiceLocal SettingsApplication DataPCHealth
2010-05-23 04:39 . 2010-05-23 04:39 -------- d-----w- c:program filesTrend Micro
2010-05-23 02:17 . 2010-05-23 02:17 552 ----a-w- c:windowssystem32d3d8caps.dat
2010-05-23 01:46 . 2010-05-23 01:46 -------- d-sh--w- c:documents and settingsAdministrator.BDLIETldCache
2010-05-23 01:22 . 2010-05-23 02:54 -------- d-----w- c:documents and settingsBlakeLocal SettingsApplication Dataqxrxjddne
2010-05-12 03:58 . 2010-05-12 03:58 57344 ----a-w- c:documents and settingsAll UsersApplication DataDivXRunAsUserRUNASUSERPROCESS.dll
2010-05-12 03:55 . 2010-05-12 03:55 54073 ----a-w- c:documents and settingsAll UsersApplication DataDivXQt4.5Uninstaller.exe
2010-05-12 03:55 . 2010-05-12 03:55 56969 ----a-w- c:documents and settingsAll UsersApplication DataDivXASPEncoderUninstaller.exe
2010-05-12 03:52 . 2010-05-12 03:57 -------- d-----w- c:documents and settingsAll UsersApplication DataDivX
2010-05-12 01:13 . 2010-05-12 01:13 45 ----a-w- c:documents and settingsBlakeLocal SettingsApplication Datamachpro.dat
2010-05-12 01:13 . 2010-05-12 01:13 13094 ----a-r- c:documents and settingsBlakeApplication DataMicrosoftInstaller{10289533-8C81-454C-9F61-B7E85436FBF4}_D4D83B804B6DAFCEC78109.exe
2010-05-12 01:13 . 2010-05-12 01:13 13094 ----a-r- c:documents and settingsBlakeApplication DataMicrosoftInstaller{10289533-8C81-454C-9F61-B7E85436FBF4}_569B488E6E5958FADB5C1A.exe
2010-05-10 22:59 . 2010-05-10 22:59 -------- d-----w- c:windowssystem32XPSViewer
2010-05-10 22:59 . 2010-05-10 22:59 -------- d-----w- c:program filesReference Assemblies
2010-05-10 22:58 . 2008-07-06 12:06 89088 ----a-w- c:windowssystem32Spoolprtprocsw32x86filterpipelineprintproc.dll
2010-05-10 22:58 . 2008-07-06 12:06 117760 ------w- c:windowssystem32prntvpt.dll
2010-05-10 22:58 . 2008-07-06 12:06 89088 -c----w- c:windowssystem32dllcachefilterpipelineprintproc.dll
2010-05-10 22:58 . 2008-07-06 12:06 575488 -c----w- c:windowssystem32dllcachexpsshhdr.dll
2010-05-10 22:58 . 2008-07-06 12:06 575488 ------w- c:windowssystem32xpsshhdr.dll
2010-05-10 22:58 . 2008-07-06 12:06 1676288 -c----w- c:windowssystem32dllcachexpssvcs.dll
2010-05-10 22:58 . 2008-07-06 12:06 1676288 ------w- c:windowssystem32xpssvcs.dll
2010-05-10 22:58 . 2008-07-06 10:50 597504 -c----w- c:windowssystem32dllcacheprintfilterpipelinesvc.exe
2010-05-10 22:58 . 2008-07-06 10:50 597504 ------w- c:windowssystem32Spoolprtprocsw32x86printfilterpipelinesvc.exe
2010-05-10 22:58 . 2010-05-10 22:59 -------- d-----w- C:0e5bad5a42b855a025e80a8717cc8b
2010-05-10 22:40 . 2010-05-10 22:40 -------- d-sh--w- c:documents and settingsBlakeIECompatCache
2010-05-10 22:40 . 2010-05-10 22:40 -------- d-sh--w- c:documents and settingsBlakePrivacIE
2010-05-10 22:24 . 2010-05-10 22:24 -------- d-sh--w- c:documents and settingsBlakeIETldCache
2010-05-10 17:40 . 2010-05-10 17:41 -------- d-----w- c:windowsie8updates
2010-05-10 17:28 . 2010-05-10 17:35 -------- dc-h--w- c:windowsie8
2010-05-10 17:21 . 2010-05-12 18:21 221568 ------w- c:windowssystem32MpSigStub.exe
2010-05-10 17:20 . 2010-05-10 17:20 -------- d-----w- c:windowssystem32MpEngineStore
2010-05-10 17:16 . 2010-02-25 06:24 12800 -c----w- c:windowssystem32dllcachexpshims.dll
2010-05-10 17:16 . 2010-02-25 06:24 247808 -c----w- c:windowssystem32dllcacheieproxy.dll
2010-05-10 17:15 . 2010-02-16 04:50 64000 -c----w- c:windowssystem32dllcacheiecompat.dll
2010-05-10 17:15 . 2010-05-10 17:15 -------- d-----w- c:program filesMicrosoft Security Essentials
2010-05-10 17:14 . 2010-05-10 17:14 -------- d-----w- C:d5d6b62b0017efcf097861df48cf
2010-05-09 00:51 . 2009-12-09 05:53 726528 -c--a-w- c:windowssystem32dllcachejscript.dll
2010-05-09 00:50 . 2009-11-21 15:51 471552 -c----w- c:windowssystem32dllcacheaclayers.dll
2010-05-09 00:49 . 2009-10-15 16:28 81920 -c----w- c:windowssystem32dllcachefontsub.dll
2010-05-09 00:49 . 2009-10-15 16:28 119808 -c----w- c:windowssystem32dllcachet2embed.dll
2010-05-09 00:49 . 2009-10-23 15:28 3558912 -c----w- c:windowssystem32dllcachemoviemk.exe
2010-05-09 00:45 . 2008-04-14 12:42 4274816 ------w- c:windowssystem32nv4_disp.dll
2010-05-09 00:42 . 2009-03-06 14:22 284160 -c----w- c:windowssystem32dllcachepdh.dll
2010-05-09 00:42 . 2009-02-09 12:10 401408 -c----w- c:windowssystem32dllcacherpcss.dll
2010-05-09 00:42 . 2009-02-06 11:11 110592 -c----w- c:windowssystem32dllcacheservices.exe
2010-05-09 00:42 . 2009-02-09 12:10 473600 -c----w- c:windowssystem32dllcachefastprox.dll
2010-05-09 00:42 . 2009-02-09 12:10 453120 -c----w- c:windowssystem32dllcachewmiprvsd.dll
2010-05-09 00:42 . 2009-02-06 10:10 227840 -c----w- c:windowssystem32dllcachewmiprvse.exe
2010-05-09 00:42 . 2009-02-09 12:10 714752 -c----w- c:windowssystem32dllcachentdll.dll
2010-05-09 00:42 . 2009-02-09 12:10 617472 -c----w- c:windowssystem32dllcacheadvapi32.dll
2010-05-09 00:41 . 2010-05-09 00:46 -------- d-----w- c:windowsServicePackFiles
2010-05-09 00:40 . 2010-01-29 15:01 1315328 -c----w- c:windowssystem32dllcachemsoe.dll
2010-05-09 00:35 . 2008-05-03 11:55 2560 ------w- c:windowssystem32xpsp4res.dll
2010-05-09 00:35 . 2008-04-21 12:08 215552 -c----w- c:windowssystem32dllcachewordpad.exe
2010-05-02 20:57 . 2010-05-02 20:57 -------- d-----w- c:documents and settingsBlakeApplication DataWebroot
2010-05-02 20:55 . 2010-05-02 20:55 -------- d-----w- c:documents and settingsAll UsersApplication DataGeek Squad
2010-04-28 19:54 . 2010-04-28 19:54 -------- d-----w- c:program filesCommon FilesHewlett-Packard
2010-04-28 19:53 . 2008-04-14 07:15 15104 ----a-w- c:windowssystem32driversusbscan.sys
2010-04-28 19:49 . 2004-09-29 19:15 204800 ----a-w- c:windowssystem32HPZipr12.dll
2010-04-28 19:49 . 2004-09-29 19:14 69632 ----a-w- c:windowssystem32HPZipm12.exe
2010-04-28 19:49 . 2004-09-29 19:12 278584 ----a-w- c:windowssystem32HPZidr12.dll
2010-04-28 19:49 . 2004-09-29 19:09 57344 ----a-w- c:windowssystem32HPZisn12.dll
2010-04-28 19:49 . 2004-09-29 19:09 94208 ----a-w- c:windowssystem32HPZipt12.dll
2010-04-28 19:49 . 2004-09-29 19:08 61440 ----a-w- c:windowssystem32HPZinw12.exe
2010-04-28 19:49 . 1998-10-29 23:45 306688 ----a-w- c:windowsIsUninst.exe
2010-04-28 19:49 . 2010-04-28 19:49 -------- d-----w- c:program filesHP
2010-04-28 19:48 . 2010-04-28 19:54 102262 ----a-w- c:windowshpoins05.dat
2010-04-28 19:48 . 2005-06-22 14:03 17505 ------w- c:windowshpomdl07.dat
2010-04-28 19:48 . 2005-03-08 19:43 21744 ----a-w- c:windowssystem32driversHPZius12.sys
2010-04-28 19:48 . 2005-03-08 19:43 51120 ----a-w- c:windowssystem32driversHPZid412.sys
2010-04-28 19:48 . 2005-03-08 19:43 16496 ----a-w- c:windowssystem32driversHPZipr12.sys
2010-04-28 19:48 . 2005-02-05 02:58 98304 ----a-w- c:windowssystem32hpzjsn01.dll
2010-04-28 19:48 . 2005-04-08 15:51 278528 ----a-w- c:windowssystem32hpgwiamd.dll
2010-04-28 19:48 . 2005-04-08 15:51 258122 ----a-w- c:windowssystem32hpovst08.dll
2010-04-28 19:48 . 2005-04-08 15:51 606208 ----a-w- c:windowssystem32hpotscl.dll
2010-04-28 19:48 . 2005-03-08 19:39 274432 ----a-w- c:windowssystem32HPZc3212.dll
2010-04-28 19:48 . 2005-03-18 18:32 180315 ----a-w- c:windowssystem32hpzsnt12.dll
2010-04-28 19:47 . 2005-03-08 19:41 393216 ----a-w- c:windowssystem32hpzcon12.dll
2010-04-28 19:47 . 2005-03-08 19:41 196608 ----a-w- c:windowssystem32hpzcoi12.dll
2010-04-27 02:24 . 2010-04-27 02:24 -------- d-----w- c:documents and settingsBlakeBluetooth Software
2010-04-27 02:22 . 2009-06-19 04:48 45984 ----a-w- c:windowssystem32driversbtwusb.sys
2010-04-27 02:22 . 2008-09-26 16:30 91176 ----a-w- c:windowssystem32driversbtwsecfl.sys
2010-04-27 02:22 . 2007-09-20 19:59 106557 ----a-w- c:windowssystem32btw_ci.dll
2010-04-27 02:22 . 2009-05-11 22:45 56992 ----a-w- c:windowssystem32driversbtwhid.sys
2010-04-27 02:22 . 2008-07-25 01:37 156816 ----a-w- c:windowssystem32driversbtwdndis.sys
2010-04-27 02:22 . 2008-02-05 01:57 37160 ----a-w- c:windowssystem32driversbtport.sys
2010-04-27 02:22 . 2009-04-16 02:13 991136 ----a-w- c:windowssystem32driversbtkrnl.sys
2010-04-27 02:22 . 2009-06-19 04:48 533024 ----a-w- c:windowssystem32driversbtaudio.sys
2010-04-27 02:21 . 2010-04-27 02:21 -------- d-----w- c:program filesWIDCOMM
2010-04-26 23:20 . 2006-06-07 00:05 139264 ----a-w- c:windowssystem32igfxres.dll
2010-04-26 22:45 . 2010-04-26 22:47 -------- d-----w- c:documents and settingsBlakeLocal SettingsApplication DataDeployment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 20:23 . 2009-02-25 00:46 -------- d-----w- c:documents and settingsBlakeApplication DataOrbit
2010-05-23 20:07 . 2007-11-15 22:23 -------- d-----w- c:program filesRSSoft
2010-05-23 19:13 . 2007-11-15 21:11 -------- d-----w- c:documents and settingsAll UsersApplication DataGoogle Updater
2010-05-23 04:56 . 2008-05-30 19:31 -------- d-----w- c:documents and settingsBlakeApplication DataU3
2010-05-23 03:41 . 2007-11-15 20:00 21425 ----a-w- c:windowssystem32driversAegisP.sys
2010-05-23 01:55 . 2008-09-21 03:04 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2010-05-22 23:31 . 2008-07-01 23:21 -------- d-----w- c:documents and settingsBlakeApplication DatauTorrent
2010-05-22 19:07 . 2007-11-15 21:18 -------- d-----w- c:program filesCommon FilesAdobe
2010-05-22 18:13 . 2007-11-15 20:07 72344 ----a-w- c:documents and settingsBlakeLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-05-22 03:02 . 2008-02-01 02:44 -------- d-----w- c:program filesFull Tilt Poker
2010-05-12 01:13 . 2010-01-06 01:41 -------- d-----w- c:program filesTableNinjaFT
2010-05-11 20:36 . 2007-11-26 23:44 -------- d-----w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2010-05-11 02:08 . 2008-07-18 23:28 -------- d-----w- c:program filesCommon FilesStardock
2010-05-11 01:57 . 2008-07-18 23:28 -------- d-----w- c:program filesAlienGUIse
2010-05-10 22:59 . 2007-11-26 23:49 -------- d-----w- c:program filesMSBuild
2010-05-10 22:11 . 2008-05-30 22:41 -------- d-----w- c:program filesUnlocker
2010-05-09 10:43 . 2009-11-01 20:27 -------- d-----w- c:program filesMicrosoft Silverlight
2010-05-09 10:15 . 2007-11-26 23:49 -------- d-----w- c:program filesMicrosoft Works
2010-05-09 00:51 . 2007-11-15 08:03 87747 ----a-w- c:windowspchealthhelpctrOfflineCacheindex.dat
2010-04-29 22:39 . 2008-09-21 03:04 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-04-29 22:39 . 2008-09-21 03:04 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-04-26 21:33 . 2007-11-15 08:39 1324 ----a-w- c:windowssystem32d3d9caps.dat
2010-03-19 07:04 . 2010-03-24 01:00 163840 ----a-w- c:windowssystem32svcmsdebug.exe
2010-03-10 21:05 . 2009-11-23 22:39 79488 ----a-w- c:documents and settingsBlakeApplication DataSunJavajre1.6.0_17gtapi.dll
2010-03-10 06:15 . 2004-08-10 11:00 420352 ----a-w- c:windowssystem32vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:windowssystem32dpl100.dll
2010-02-25 06:24 . 2006-03-04 03:33 916480 ----a-w- c:windowssystem32wininet.dll
2010-02-24 13:11 . 2004-08-10 11:00 455680 ----a-w- c:windowssystem32driversmrxsmb.sys
2008-10-22 19:31 . 2008-10-22 19:31 0 ----a-w- c:program filesCommon Filesdht342126
2008-09-21 03:18 . 2008-09-21 03:18 822 ----a-w- c:program filesimghz.txt
2008-04-17 17:04 . 2007-12-14 17:29 27976 ----a-w- c:program filesmozilla firefoxpluginsatgpcdec.dll
2008-04-17 17:04 . 2007-12-14 17:29 125848 ----a-w- c:program filesmozilla firefoxpluginsatgpcext.dll
2008-04-17 17:04 . 2008-04-17 17:04 46408 ----a-w- c:program filesmozilla firefoxpluginsatmccli.dll
2008-04-17 17:04 . 2008-04-17 17:04 98712 ----a-w- c:program filesmozilla firefoxpluginsieatgpc.dll
2006-05-03 09:06 . 2008-05-23 22:45 163328 --sha-r- c:windowssystem32flvDX.dll
2007-02-21 10:47 . 2008-05-23 22:45 31232 --sha-r- c:windowssystem32msfDX.dll
2007-12-17 12:43 . 2008-05-23 22:52 27648 --sha-w- c:windowssystem32Smab0.dll
.

------- Sigcheck -------

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:windowsServicePackFilesi386user32.dll
[-] 2008-04-14 . 48FDBBE0E55B15E1886FCF5D8563B19F . 578560 . . [5.1.2600.5512] . . c:windowssystem32user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:windowsSoftwareDistributionDownloadcf8ec753e88561d2ddb53e183dc05c3euser32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:windows$hf_mig$KB925902SP2QFEuser32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:windows$NtServicePackUninstall$user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:windows$hf_mig$KB890859SP2QFEuser32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:windows$NtUninstallKB925902$user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:windows$NtUninstallKB890859$user32.dll

[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:windowsServicePackFilesi386ws2_32.dll
[-] 2008-04-14 . 5D567A625ECB5B4728130E4B31CA87EF . 82432 . . [5.1.2600.5512] . . c:windowssystem32ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:windowsSoftwareDistributionDownloadcf8ec753e88561d2ddb53e183dc05c3ews2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:windows$NtServicePackUninstall$ws2_32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-05 00:50 1197448 ----a-w- c:program filesAsk.comGenericAskToolbar.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:program filesAsk.comGenericAskToolbar.dll" [2010-02-05 1197448]

[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:program filesAsk.comGenericAskToolbar.dll" [2010-02-05 1197448]

[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Red Swoosh"="c:program filesRSSoftRedSwoosh.exe" [2007-02-27 62436]
"ISUSPM"="c:program filesCommon FilesInstallShieldUpdateServiceISUSPM.exe" [2006-09-11 218032]
"swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2007-11-15 68856]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"DLPSP"="c:program filesDell PrintersAdditional Color Laser SoftwareStatus MonitorDLPSP.EXE" [2007-07-25 393944]
"DLUPDR"="c:program filesDell PrintersAdditional Color Laser SoftwareUpdaterDLUPDR.EXE" [2007-02-22 140184]
"SunJavaUpdateSched"="c:program filesJavajre6binjusched.exe" [2009-03-25 136600]
"PWRISOVM.EXE"="c:program filesPowerISOPWRISOVM.EXE" [2007-01-20 200704]
"MDGetStarted.exe"="c:program filesMediafourMacDrive 7MDGetStarted.exe" [2007-06-13 139264]
"IntelZeroConfig"="c:program filesIntelWirelessbinZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:program filesIntelWirelessBinifrmewrk.exe" [2007-02-21 970752]
"GrooveMonitor"="c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe" [2008-10-25 31072]
"ehTray"="c:windowsehomeehtray.exe" [2005-08-05 64512]
"DVDLauncher"="c:program filesCyberLinkPowerDVDDVDLauncher.exe" [2005-02-24 53248]
"DMXLauncher"="c:program filesDellMedia ExperienceDMXLauncher.exe" [2005-10-05 94208]
"Dell QuickSet"="c:program filesDellQuickSetquickset.exe" [2006-06-29 1032192]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ATIPTA"="c:program filesATI TechnologiesATI Control Panelatiptaxx.exe" [2005-08-06 344064]
"QuickTime Task"="c:program filesQuickTimeqttask.exe" [2006-09-01 282624]
"UnlockerAssistant"="c:program filesUnlockerUnlockerAssistant.exe" [2008-05-02 15872]
"igfxtray"="c:windowssystem32igfxtray.exe" [2006-06-07 94208]
"igfxhkcmd"="c:windowssystem32hkcmd.exe" [2006-06-07 77824]
"igfxpers"="c:windowssystem32igfxpers.exe" [2006-06-07 118784]
"MSSE"="c:program filesMicrosoft Security Essentialsmsseces.exe" [2010-02-21 1093208]
"DivXUpdate"="c:program filesDivXDivX UpdateDivXUpdate.exe" [2010-04-12 1135912]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2009-12-22 35760]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"DWQueuedReporting"="c:progra~1COMMON~1MICROS~1DWdwtrig20.exe" [2008-11-04 435096]

c:documents and settingsBlakeStart MenuProgramsStartup
Alienware Dock.lnk - c:program filesAlienGUIseAlienwareDockObjectDock.exe [2008-7-18 2074360]

c:documents and settingsAll UsersStart MenuProgramsStartup
Bluetooth Manager.lnk - c:program filesToshibaBluetooth Toshiba StackTosBtMng1.exe [2005-6-16 49152]
Bluetooth.lnk - c:program filesWIDCOMMBluetooth SoftwareBTTray.exe [2009-6-20 607584]
Orbit.lnk - c:program filesOrbitdownloaderorbitdm.exe [2009-2-24 1719568]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyGoToAssist]
2007-11-15 19:39 10792 ----a-w- c:program filesCitrixGoToAssist480g2awinlogon.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyPCANotify]
2007-04-27 20:10 18744 ----a-w- c:windowssystem32PCANotify.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyWB]
2001-12-21 06:34 24576 ----a-w- c:program filesAlienGUIsefastload.dll

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ PDBoot.exe0autocheck autochk *

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
2006-09-01 23:57 282624 ----a-w- c:program filesQuickTimeqttask.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
2007-11-15 21:11 68856 ----a-w- c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg{B179023B-6238-4499-8F26-CD73E9D90E0A}]
2007-07-12 18:57 179288 ----a-w- c:program filesMediafourMacDrive 7MacDrive.exe

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=

R0 MDFSYSNT;MacDrive file system driver;c:windowssystem32driversMDFSYSNT.SYS [9/5/2007 4:01 PM 277888]
R0 MDPMGRNT;MDPMGRNT;c:windowssystem32driversMDPMGRNT.sys [2/28/2007 12:15 PM 19072]
R2 DLSDB;Dell Printer Status Database;c:program filesDell PrintersAdditional Color Laser SoftwareStatus Monitordlsdbnt.exe [2/28/2008 1:24 PM 140184]
R2 MacDriveService;MacDriveService;c:program filesMediafourMacDrive 7MacDriveService.exe [5/1/2007 3:55 PM 143360]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:program filesPostgreSQL8.3binpg_ctl.exe [9/19/2008 3:03 AM 65536]
S0 sptd;sptd;c:windowssystem32driverssptd.sys [3/17/2008 11:53 AM 717296]
S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [12/22/2009 1:33 AM 135664]
S3 AngelUsb;Angel USB MPEG Device;c:windowssystem32driversAngelUsb.sys [11/18/2007 12:25 PM 375424]
S3 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [11/6/2007 1:22 PM 34064]
.
Contents of the 'Scheduled Tasks' folder

2010-05-23 c:windowsTasksGoogle Software Updater.job
- c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-11-15 08:40]

2010-05-23 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2009-12-22 08:33]

2010-05-23 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2009-12-22 08:33]

2010-05-23 c:windowsTasksScheduled Update for Ask Toolbar.job
- c:program filesAsk.comUpdateTask.exe [2010-02-05 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:program filesOrbitdownloaderorbitmxt.dll/201
IE: &Grab video by Orbit - c:program filesOrbitdownloaderorbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:program filesOrbitdownloaderorbitmxt.dll/203
IE: Down&load all by Orbit - c:program filesOrbitdownloaderorbitmxt.dll/202
IE: Download All Files by HiDownload - c:program filesStreamingStarHiDownloadHDGetAll.htm
IE: Download by HiDownload - c:program filesStreamingStarHiDownloadHDGet.htm
IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: Send To Bluetooth - c:program filesWIDCOMMBluetooth Softwarebtsendto_ie.htm
FF - ProfilePath - c:documents and settingsBlakeApplication DataMozillaFirefoxProfilesuysb827j.default
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

---- FIREFOX POLICIES ----
c:program filesMozilla Firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 13:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERSS-1-5-21-448539723-1060284298-682003330-1003SoftwareMicrosoftWindowsCurrentVersionExplorerCLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1244)
c:windowssystem32Ati2evxx.dll
c:program filesCitrixGoToAssist480G2AWinLogon.dll
c:windowssystem32PCANotify.dll
c:program filesAlienGUIsefastload.dll
.
Completion time: 2010-05-23 13:48:17
ComboFix-quarantined-files.txt 2010-05-23 20:48
ComboFix2.txt 2010-05-23 07:45

Pre-Run: 16,668,372,992 bytes free
Post-Run: 16,620,535,808 bytes free

- - End Of File - - CA07C5B52583F81A62EC57C2E92A9175

I was able to download the windows recovery console using this guide, http://www.bleepingcomputer.com/combofix/h...manual_recovery , however I was not able to save the log file from it as my computer froze when it came up. This did not fix the problem, I am still without internet, still acquiring network address. Where can I find the log file that I wasn't able to save?

Any ideas on what else I can do to resolve this issue?

EDIT: Another post merged ~BP

Edited by Budapest, 23 May 2010 - 07:49 PM.
4 posts merged and moved to the Logs forum ~BP


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:49 AM

Posted 26 May 2010 - 11:52 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:49 AM

Posted 27 June 2010 - 05:24 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users