Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with IE operation aborted issue


  • Please log in to reply
18 replies to this topic

#1 mcguire1019

mcguire1019

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:45011
  • Local time:06:58 PM

Posted 04 February 2011 - 01:35 AM

I had to download to Firefox because IE gives me operation aborted message on every page I visit. I was told this was a virus and needed to be removed.

I tried running the DDS, but when it just brings up a notepad with a bunch of corrupted data see below:

Z   @  !L!This program cannot be run in DOS mode.

$ PE L +I  2 n    @     p        W P  .code @  n  PEC2FO .rsrc P  p cS Pd5 d% 3PECompact2 VK ўoTN<N<T#=L34w
lTS`M6lՍ[NPHr_0)a ؾ,f)|Bţ3]ˣoKjvh-Pw4l4` \3nfwp"nseXcDgϨ|0 O E J\#2\bN\Mk(^EK] m
<_@tHw,K{YwCdAEj]vWbڰ.ϓcF (C&{;yU2)[)g*uŊ0ʫ䜁M呎s
PKڟ}Cb{/p=_IѶ_' ֐`VSJYgĹ|_KwD ;6ИoOGS̷c7KgB-6Xfv-pĝ]PmUu ;&ƲoY-00
+=C<%#ɚxu C1y4jST)<H]nwPmq*?>?244 i)mK᪆+:@C
N>t-dDS[.^ݏ|@ِtP\R-TqLAu\hcD4fi]6nl
o@AFGo*=ܔ|Hϗ~'VR
`m۟IͬK1Ux>ARC)^M.!5 ?S&


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-04 01:40:32
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHU2100AT rev.00000008
Running: gmer.exe; Driver: C:\DOCUME~1\TYLERC~1\LOCALS~1\Temp\pxloapob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Real\RealPlayer\RealPlay.exe[108] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00156989
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[108] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00156AA6
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[108] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00156748
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[108] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0015688B
.text C:\Program Files\Apoint\Apoint.exe[404] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00146989
.text C:\Program Files\Apoint\Apoint.exe[404] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00146AA6
.text C:\Program Files\Apoint\Apoint.exe[404] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00146748
.text C:\Program Files\Apoint\Apoint.exe[404] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0014688B
.text C:\WINDOWS\system32\spoolsv.exe[408] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00096989
.text C:\WINDOWS\system32\spoolsv.exe[408] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00096AA6
.text C:\WINDOWS\system32\spoolsv.exe[408] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00096748
.text C:\WINDOWS\system32\spoolsv.exe[408] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0009688B
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[500] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00146989
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[500] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00146AA6
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[500] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00146748
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[500] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0014688B
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[516] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00146989
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[516] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00146AA6
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[516] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00146748
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[516] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0014688B
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[572] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00146989
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[572] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00146AA6
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[572] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00146748
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[572] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0014688B
.text C:\WINDOWS\system32\dla\tfswctrl.exe[660] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00146989
.text C:\WINDOWS\system32\dla\tfswctrl.exe[660] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00146AA6
.text C:\WINDOWS\system32\dla\tfswctrl.exe[660] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00146748
.text C:\WINDOWS\system32\dla\tfswctrl.exe[660] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0014688B
.text C:\WINDOWS\system32\RegSrvc.exe[696] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00156989
.text C:\WINDOWS\system32\RegSrvc.exe[696] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00156AA6
.text C:\WINDOWS\system32\RegSrvc.exe[696] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00156748
.text C:\WINDOWS\system32\RegSrvc.exe[696] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0015688B
.text C:\WINDOWS\system32\winlogon.exe[800] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00AA6989
.text C:\WINDOWS\system32\winlogon.exe[800] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00AA6AA6
.text C:\WINDOWS\system32\winlogon.exe[800] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00AA6748
.text C:\WINDOWS\system32\winlogon.exe[800] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00AA688B
.text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00736989
.text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00736AA6
.text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00736748
.text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0073688B
.text C:\WINDOWS\system32\services.exe[848] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 0073A678
.text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00F16989
.text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00F16AA6
.text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00F16748
.text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00F1688B
.text C:\WINDOWS\System32\alg.exe[996] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00096989
.text C:\WINDOWS\System32\alg.exe[996] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00096AA6
.text C:\WINDOWS\System32\alg.exe[996] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00096748
.text C:\WINDOWS\System32\alg.exe[996] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0009688B
.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00096989
.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00096AA6
.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00096748
.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0009688B
.text C:\WINDOWS\system32\Ati2evxx.exe[1088] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00146989
.text C:\WINDOWS\system32\Ati2evxx.exe[1088] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00146AA6
.text C:\WINDOWS\system32\Ati2evxx.exe[1088] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00146748
.text C:\WINDOWS\system32\Ati2evxx.exe[1088] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0014688B
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00096989
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00096AA6
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00096748
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0009688B
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00096989
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00096AA6
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00096748
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0009688B
.text C:\WINDOWS\System32\svchost.exe[1308] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00096989
.text C:\WINDOWS\System32\svchost.exe[1308] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00096AA6
.text C:\WINDOWS\System32\svchost.exe[1308] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00096748
.text C:\WINDOWS\System32\svchost.exe[1308] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0009688B
.text C:\WINDOWS\system32\S24EvMon.exe[1400] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00146989
.text C:\WINDOWS\system32\S24EvMon.exe[1400] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00146AA6
.text C:\WINDOWS\system32\S24EvMon.exe[1400] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00146748
.text C:\WINDOWS\system32\S24EvMon.exe[1400] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0014688B
.text C:\WINDOWS\system32\rundll32.exe[1436] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00096989
.text C:\WINDOWS\system32\rundll32.exe[1436] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00096AA6
.text C:\WINDOWS\system32\rundll32.exe[1436] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00096748
.text C:\WINDOWS\system32\rundll32.exe[1436] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0009688B
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00096989
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00096AA6
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00096748
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0009688B
.text C:\WINDOWS\system32\svchost.exe[1484] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 0009A79D
.text C:\WINDOWS\system32\svchost.exe[1484] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 0009A872
.text C:\WINDOWS\system32\Rundll32.exe[1504] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00096989
.text C:\WINDOWS\system32\Rundll32.exe[1504] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00096AA6
.text C:\WINDOWS\system32\Rundll32.exe[1504] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00096748
.text C:\WINDOWS\system32\Rundll32.exe[1504] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0009688B
.text C:\WINDOWS\system32\ZCfgSvc.exe[1524] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00156989
.text C:\WINDOWS\system32\ZCfgSvc.exe[1524] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00156AA6
.text C:\WINDOWS\system32\ZCfgSvc.exe[1524] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00156748
.text C:\WINDOWS\system32\ZCfgSvc.exe[1524] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0015688B
.text C:\WINDOWS\system32\UStorSrv.exe[1584] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00146989
.text C:\WINDOWS\system32\UStorSrv.exe[1584] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00146AA6
.text C:\WINDOWS\system32\UStorSrv.exe[1584] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00146748
.text C:\WINDOWS\system32\UStorSrv.exe[1584] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0014688B
.text C:\WINDOWS\system32\ctfmon.exe[1640] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 000A6989
.text C:\WINDOWS\system32\ctfmon.exe[1640] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000A6AA6
.text C:\WINDOWS\system32\ctfmon.exe[1640] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 000A6748
.text C:\WINDOWS\system32\ctfmon.exe[1640] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 000A688B
.text C:\Program Files\DellSupport\DSAgnt.exe[1648] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00156989
.text C:\Program Files\DellSupport\DSAgnt.exe[1648] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00156AA6
.text C:\Program Files\DellSupport\DSAgnt.exe[1648] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00156748
.text C:\Program Files\DellSupport\DSAgnt.exe[1648] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0015688B
.text C:\WINDOWS\system32\Ati2evxx.exe[1656] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00146989
.text C:\WINDOWS\system32\Ati2evxx.exe[1656] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00146AA6
.text C:\WINDOWS\system32\Ati2evxx.exe[1656] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00146748
.text C:\WINDOWS\system32\Ati2evxx.exe[1656] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0014688B
.text C:\WINDOWS\system32\BacsTray.exe[1676] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00146989
.text C:\WINDOWS\system32\BacsTray.exe[1676] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00146AA6
.text C:\WINDOWS\system32\BacsTray.exe[1676] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00146748
.text C:\WINDOWS\system32\BacsTray.exe[1676] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0014688B
.text C:\WINDOWS\system32\ubpr01.exe[1692] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00146989
.text C:\WINDOWS\system32\ubpr01.exe[1692] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00146AA6
.text C:\WINDOWS\system32\ubpr01.exe[1692] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00146748
.text C:\WINDOWS\system32\ubpr01.exe[1692] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0014688B
.text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00096989
.text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00096AA6
.text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00096748
.text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0009688B
.text C:\WINDOWS\Explorer.EXE[1808] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00CA6989
.text C:\WINDOWS\Explorer.EXE[1808] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00CA6AA6
.text C:\WINDOWS\Explorer.EXE[1808] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00CA6748
.text C:\WINDOWS\Explorer.EXE[1808] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00CA688B
.text C:\WINDOWS\system32\1XConfig.exe[1912] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00146989
.text C:\WINDOWS\system32\1XConfig.exe[1912] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00146AA6
.text C:\WINDOWS\system32\1XConfig.exe[1912] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00146748
.text C:\WINDOWS\system32\1XConfig.exe[1912] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0014688B
.text C:\Program Files\Digital Line Detect\DLG.exe[2088] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00156989
.text C:\Program Files\Digital Line Detect\DLG.exe[2088] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00156AA6
.text C:\Program Files\Digital Line Detect\DLG.exe[2088] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00156748
.text C:\Program Files\Digital Line Detect\DLG.exe[2088] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0015688B
.text C:\Program Files\Apoint\Apntex.exe[2256] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00146989
.text C:\Program Files\Apoint\Apntex.exe[2256] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00146AA6
.text C:\Program Files\Apoint\Apntex.exe[2256] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00146748
.text C:\Program Files\Apoint\Apntex.exe[2256] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0014688B
.text C:\Documents and Settings\Tyler Combs\Desktop\gmer.exe[2416] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00156989
.text C:\Documents and Settings\Tyler Combs\Desktop\gmer.exe[2416] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00156AA6
.text C:\Documents and Settings\Tyler Combs\Desktop\gmer.exe[2416] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00156748
.text C:\Documents and Settings\Tyler Combs\Desktop\gmer.exe[2416] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 0015688B
.text C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00E46989
.text C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E46AA6
.text C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00E46748
.text C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00E4688B
.text C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!MultiByteToWideChar 7C809BF8 5 Bytes JMP 0198490F C:\WINDOWS\system32\fccaXPjk.dll (Outlook Express Setup Library/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3084] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 00E4A678
.text C:\Program Files\Mozilla Firefox\firefox.exe[3084] WS2_32.dll!connect 71AB406A 5 Bytes JMP 018F1557 C:\WINDOWS\system32\gexespql.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3084] WS2_32.dll!send 71AB428A 5 Bytes JMP 00E4CFF6
.text C:\Program Files\Mozilla Firefox\firefox.exe[3084] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 010845EB C:\WINDOWS\system32\knasqd.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fastfat \Fat B0E60C8A

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\SYSTEM32\kdcej.exe 53760 bytes executable

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:58 AM

Posted 07 February 2011 - 06:23 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 mcguire1019

mcguire1019
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:45011
  • Local time:06:58 PM

Posted 07 February 2011 - 07:15 PM

I am still getting errors in Internet Explorer and sometimes in Mozilla, which I downloaded just to try to get through this. I am using Windows XP Home Edition. I do not know if it is 32 or 64 bit system. I do not have my windows CD handy as my stuff is in storage at the moment. I may be able to get to it if necessary. THanks!

EXTRAS:

OTL Extras logfile created on: 2/7/2011 7:01:52 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Tyler Combs\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 183.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 89.92 Gb Total Space | 80.09 Gb Free Space | 89.07% Space Free | Partition Type: NTFS
Drive D: | 1.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: D1ZR6V61 | User Name: Tyler Combs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{20227921-DB38-4810-9162-DDC6FCA936E7}" = Dell Home Systems Services Agreement
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2C351DB8-E088-41A2-9BF0-113727FBB697}" = Intel® PROSet
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem
"EPSON NX300 Series" = EPSON NX300 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/27/2011 5:59:16 PM | Computer Name = D1ZR6V61 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/27/2011 5:59:16 PM | Computer Name = D1ZR6V61 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/27/2011 5:59:16 PM | Computer Name = D1ZR6V61 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/27/2011 5:59:16 PM | Computer Name = D1ZR6V61 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/3/2011 11:57:28 PM | Computer Name = D1ZR6V61 | Source = MsiInstaller | ID = 11706
Description = Product: Jasc Paint Shop Photo Album 5 -- Error 1706.No valid source
could be found for product Jasc Paint Shop Photo Album 5. The Windows Installer
cannot continue.

Error - 2/3/2011 11:57:38 PM | Computer Name = D1ZR6V61 | Source = MsiInstaller | ID = 11706
Description = Product: Jasc Paint Shop Photo Album 5 -- Error 1706.No valid source
could be found for product Jasc Paint Shop Photo Album 5. The Windows Installer
cannot continue.

Error - 2/3/2011 11:58:02 PM | Computer Name = D1ZR6V61 | Source = MsiInstaller | ID = 11706
Description = Product: Jasc Paint Shop Photo Album 5 -- Error 1706.No valid source
could be found for product Jasc Paint Shop Photo Album 5. The Windows Installer
cannot continue.

Error - 2/4/2011 12:06:03 AM | Computer Name = D1ZR6V61 | Source = MsiInstaller | ID = 11316
Description = Product: Jasc Paint Shop Photo Album 5 -- Error 1316.A network error
occurred while attempting to read from the file C:\WINDOWS\Installer\PSPA5.MSI

Error - 2/4/2011 12:07:50 AM | Computer Name = D1ZR6V61 | Source = Application Hang | ID = 1002
Description = Hanging application RUNDLL32.EXE, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/4/2011 1:23:44 AM | Computer Name = D1ZR6V61 | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15530, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/6/2011 9:41:49 PM | Computer Name = D1ZR6V61 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/6/2011 9:42:28 PM | Computer Name = D1ZR6V61 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

Error - 2/6/2011 9:52:18 PM | Computer Name = D1ZR6V61 | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 2/6/2011 9:54:46 PM | Computer Name = D1ZR6V61 | Source = Service Control Manager | ID = 7000
Description = The iolo FileInfoList Service service failed to start due to the following
error: %%2

Error - 2/6/2011 9:54:46 PM | Computer Name = D1ZR6V61 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2/6/2011 10:03:57 PM | Computer Name = D1ZR6V61 | Source = Service Control Manager | ID = 7000
Description = The iolo FileInfoList Service service failed to start due to the following
error: %%2

Error - 2/6/2011 10:03:57 PM | Computer Name = D1ZR6V61 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2/7/2011 7:46:40 PM | Computer Name = D1ZR6V61 | Source = Service Control Manager | ID = 7000
Description = The iolo FileInfoList Service service failed to start due to the following
error: %%2

Error - 2/7/2011 7:46:40 PM | Computer Name = D1ZR6V61 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2/7/2011 7:46:43 PM | Computer Name = D1ZR6V61 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2


< End of report >



OTL:
OTL logfile created on: 2/7/2011 7:01:52 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Tyler Combs\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 183.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 89.92 Gb Total Space | 80.09 Gb Free Space | 89.07% Space Free | Partition Type: NTFS
Drive D: | 1.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: D1ZR6V61 | User Name: Tyler Combs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/07 18:54:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler Combs\My Documents\Downloads\OTL.exe
PRC - [2010/12/03 14:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/03 14:35:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2008/08/16 23:24:44 | 000,030,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ubpr01.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/02/19 19:59:35 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/12/01 03:07:20 | 000,139,264 | ---- | M] (OTi) -- C:\WINDOWS\SYSTEM32\UStorSrv.exe
PRC - [2004/09/15 02:01:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/09/13 12:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 10:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/01/12 07:53:30 | 000,360,448 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
PRC - [2004/01/09 11:12:08 | 000,184,320 | ---- | M] (Intel) -- C:\WINDOWS\SYSTEM32\1XConfig.exe
PRC - [2004/01/09 11:11:36 | 000,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe
PRC - [2004/01/09 11:10:00 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/05/14 19:37:56 | 000,098,304 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\BacsTray.exe


========== Modules (SafeList) ==========

MOD - [2011/02/07 18:54:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler Combs\My Documents\Downloads\OTL.exe
MOD - [2010/01/30 13:47:28 | 000,113,152 | ---- | M] () -- C:\WINDOWS\SYSTEM32\knasqd.dll
MOD - [2010/01/30 13:47:26 | 000,072,192 | ---- | M] () -- C:\WINDOWS\SYSTEM32\mluofjkp.dll
MOD - [2008/10/18 22:44:43 | 000,105,472 | ---- | M] () -- C:\WINDOWS\SYSTEM32\gexespql.dll
MOD - [2008/08/25 21:52:38 | 000,114,176 | ---- | M] () -- C:\WINDOWS\SYSTEM32\thdrbt.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ioloFileInfoList)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/12/01 03:07:20 | 000,139,264 | ---- | M] (OTi) [Auto | Running] -- C:\WINDOWS\System32\UStorSrv.exe -- (UStorage Server Service)
SRV - [2004/01/09 11:11:36 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\SYSTEM32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/01/09 11:10:00 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/04/29 15:29:54 | 000,139,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/02/19 19:59:37 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/02/19 19:43:28 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/11/16 11:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/15 16:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/08/13 03:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 02:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 02:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 02:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/12 23:14:00 | 000,786,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 04:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/04 00:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/02/13 11:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2004/01/13 03:41:46 | 002,482,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\w70n51.sys -- (w70n51) Intel®
DRV - [2004/01/09 10:49:52 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys -- (s24trans)
DRV - [2003/11/13 19:21:16 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/11/13 19:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 19:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/02 09:02:42 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2489128576-933705955-350642869-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\S-1-5-21-2489128576-933705955-350642869-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://internetsearchservice.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2489128576-933705955-350642869-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/
IE - HKU\S-1-5-21-2489128576-933705955-350642869-1006\Software\Microsoft\Internet Explorer\SearchURL\w, = http://internetsearchservice.com/search?q=%s
IE - HKU\S-1-5-21-2489128576-933705955-350642869-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/04 00:05:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/04 00:04:58 | 000,000,000 | ---D | M]

[2011/02/04 00:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tyler Combs\Application Data\Mozilla\Extensions
[2011/02/04 00:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tyler Combs\Application Data\Mozilla\Firefox\Profiles\46mkfet4.default\extensions
[2011/02/04 00:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {8214B26E-5F2F-42C2-A975-3989E3DB53AC} - C:\WINDOWS\SYSTEM32\fccaXPjk.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (no name) - {E1DA6974-4B55-4158-91FB-4EEF76309791} - C:\WINDOWS\SYSTEM32\tuvWmNdD.dll (Microsoft Corporation)
O2 - BHO: (no name) - {F58FF278-2198-403b-9170-C95022A194C6} - No CLSID value found.
O2 - BHO: (no name) - {f8cbd678-6caf-427e-963b-7d8a9807cc0b} - C:\WINDOWS\SYSTEM32\knasqd.dll ()
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\S-1-5-21-2489128576-933705955-350642869-1006\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [bacstray] C:\WINDOWS\System32\BacsTray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [BMefd4bb37] C:\WINDOWS\System32\gexespql.dll ()
O4 - HKLM..\Run: [C:\WINDOWS\system32\kdcej.exe] C:\WINDOWS\System32\kdcej.exe File not found
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ece788ab] C:\WINDOWS\System32\mluofjkp.dll ()
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-2489128576-933705955-350642869-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2489128576-933705955-350642869-1006..\Run: [EPSON NX300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEJA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2489128576-933705955-350642869-1006..\Run: [wblogon] C:\WINDOWS\SYSTEM32\ubpr01.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2489128576-933705955-350642869-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296796028021 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (thdrbt.dll) - C:\WINDOWS\System32\thdrbt.dll ()
O20 - AppInit_DLLs: (knasqd.dll) - C:\WINDOWS\System32\knasqd.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (kdcej.exe) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\system32\LgNotify.dll - C:\WINDOWS\SYSTEM32\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\tuvWmNdD: DllName - tuvWmNdD.dll - C:\WINDOWS\System32\tuvWmNdD.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} - bebization - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Tyler Combs\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tyler Combs\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {E1DA6974-4B55-4158-91FB-4EEF76309791} - C:\WINDOWS\SYSTEM32\tuvWmNdD.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\fccaXPjk) - C:\WINDOWS\System32\fccaXPjk.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\IAC25_32.AX (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\L3CODECA.ACM (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\ICCVID.DLL (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\IR41_32.AX (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\IR50_32.DLL (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/02/06 10:37:15 | 000,000,000 | ---D | C] -- C:\0dbfe225b68ce88326b771006637
[2011/02/06 10:29:00 | 007,866,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Tyler Combs\Desktop\mseinstall.exe
[2011/02/04 00:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler Combs\My Documents\Downloads
[2011/02/04 00:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler Combs\Local Settings\Application Data\Mozilla
[2011/02/04 00:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler Combs\Application Data\Mozilla
[2011/02/04 00:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/02/04 00:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/02/03 22:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler Combs\Desktop\larry
[2011/02/03 21:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/03 21:30:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[1980/01/01 01:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2011/02/07 19:04:08 | 000,000,772 | -HS- | M] () -- C:\WINDOWS\System32\kjPXaccf.ini2
[2011/02/07 19:04:01 | 000,000,772 | -HS- | M] () -- C:\WINDOWS\System32\kjPXaccf.ini
[2011/02/07 18:46:25 | 000,000,022 | ---- | M] () -- C:\WINDOWS\pskt.ini
[2011/02/07 18:45:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/02/07 18:45:34 | 536,129,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/06 21:01:42 | 000,002,229 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/02/06 10:29:01 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tyler Combs\Desktop\mseinstall.exe
[2011/02/05 12:12:21 | 000,000,121 | -HS- | M] () -- C:\WINDOWS\System32\pkjfoulm.ini
[2011/02/04 00:12:10 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\Desktop\dds.scr
[2011/02/04 00:08:57 | 000,113,175 | ---- | M] () -- C:\WINDOWS\BMefd4bb37.xml
[2011/02/04 00:05:12 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/04 00:05:12 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/03 22:50:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\defogger_reenable
[2011/02/03 22:23:05 | 000,925,513 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\Desktop\larry.zip
[2011/02/03 22:18:00 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\Desktop\Defogger.exe
[2011/01/23 14:16:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/01/14 16:00:57 | 000,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2011/01/12 14:26:05 | 000,136,920 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0772.eml
[2011/01/12 14:25:59 | 000,150,836 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0787.eml
[2011/01/12 14:25:53 | 000,086,284 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0777.eml
[2011/01/12 14:25:45 | 000,167,037 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0801.eml
[2011/01/12 14:25:39 | 000,134,630 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0803.eml
[2011/01/12 14:25:31 | 000,166,014 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0798.eml
[2011/01/12 14:25:23 | 000,128,337 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0805.eml
[2011/01/12 14:25:15 | 000,139,858 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0784.eml
[2011/01/12 14:25:05 | 000,147,534 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0774.eml
[2011/01/12 14:24:56 | 000,191,695 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0783.eml
[2011/01/12 14:24:46 | 000,141,196 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0791.eml
[2011/01/12 14:24:37 | 000,167,503 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0795.eml
[2011/01/12 14:24:28 | 000,084,060 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0775.eml
[2011/01/12 14:24:17 | 000,141,584 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0789.eml
[2011/01/12 14:24:07 | 000,157,540 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0788.eml
[2011/01/12 14:23:24 | 000,127,703 | ---- | M] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0778.eml

========== Files Created - No Company Name ==========

[2011/02/06 20:54:08 | 536,129,536 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/06 20:50:06 | 000,002,229 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/02/04 00:12:07 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\Desktop\dds.scr
[2011/02/04 00:05:12 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/04 00:05:12 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/03 22:50:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\defogger_reenable
[2011/02/03 22:49:52 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\Desktop\gmer.exe
[2011/02/03 22:49:37 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\Desktop\Defogger.exe
[2011/02/03 22:49:03 | 000,925,513 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\Desktop\larry.zip
[2011/01/12 14:26:05 | 000,136,920 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0772.eml
[2011/01/12 14:25:59 | 000,150,836 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0787.eml
[2011/01/12 14:25:53 | 000,086,284 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0777.eml
[2011/01/12 14:25:45 | 000,167,037 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0801.eml
[2011/01/12 14:25:39 | 000,134,630 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0803.eml
[2011/01/12 14:25:31 | 000,166,014 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0798.eml
[2011/01/12 14:25:23 | 000,128,337 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0805.eml
[2011/01/12 14:25:15 | 000,139,858 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0784.eml
[2011/01/12 14:25:05 | 000,147,534 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0774.eml
[2011/01/12 14:24:56 | 000,191,695 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0783.eml
[2011/01/12 14:24:46 | 000,141,196 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0791.eml
[2011/01/12 14:24:37 | 000,167,503 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0795.eml
[2011/01/12 14:24:28 | 000,084,060 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0775.eml
[2011/01/12 14:24:17 | 000,141,584 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0789.eml
[2011/01/12 14:24:07 | 000,157,540 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0788.eml
[2011/01/12 14:23:24 | 000,127,703 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\My Documents\Emailing_ DSCN0778.eml
[2010/04/22 15:59:43 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/04/22 15:57:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSNX300.ini
[2010/02/12 18:59:35 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/01/30 13:47:30 | 000,000,121 | -HS- | C] () -- C:\WINDOWS\System32\pkjfoulm.ini
[2010/01/30 13:47:29 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\knasqd.dll
[2010/01/30 13:47:28 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\kkruwpag.dll
[2010/01/30 13:47:26 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\mluofjkp.dll
[2010/01/25 22:33:09 | 001,906,185 | -HS- | C] () -- C:\WINDOWS\System32\rjarelmh.ini
[2010/01/25 22:33:07 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\nrppca.dll
[2010/01/25 22:33:07 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\horpguob.dll
[2008/11/04 23:10:58 | 001,906,185 | -HS- | C] () -- C:\WINDOWS\System32\rxgyyppp.ini
[2008/11/04 23:09:12 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ghwini.dll
[2008/11/04 23:09:07 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\iyodusmv.dll
[2008/10/21 22:24:42 | 001,368,611 | -HS- | C] () -- C:\WINDOWS\System32\hhvkhmjj.ini
[2008/10/21 22:24:39 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\jjmhkvhh.dll
[2008/10/19 22:25:19 | 001,368,611 | -HS- | C] () -- C:\WINDOWS\System32\obgygmvt.ini
[2008/10/18 22:47:39 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\jhhrravj.ini
[2008/10/18 22:44:39 | 000,105,472 | ---- | C] () -- C:\WINDOWS\System32\gexespql.dll
[2008/10/05 21:58:46 | 001,083,520 | -HS- | C] () -- C:\WINDOWS\System32\wrptnobi.ini
[2008/09/30 23:26:33 | 001,083,520 | -HS- | C] () -- C:\WINDOWS\System32\gkjoerwv.ini
[2008/09/25 23:38:49 | 001,689,909 | -HS- | C] () -- C:\WINDOWS\System32\fcngwyae.ini
[2008/09/18 21:20:26 | 001,130,296 | -HS- | C] () -- C:\WINDOWS\System32\bcwygjcr.ini
[2008/09/07 22:35:05 | 001,435,552 | -HS- | C] () -- C:\WINDOWS\System32\njidtwuu.ini
[2008/09/02 23:42:16 | 001,450,432 | -HS- | C] () -- C:\WINDOWS\System32\sxjmtksp.ini
[2008/08/26 22:36:07 | 001,463,131 | -HS- | C] () -- C:\WINDOWS\System32\kqfheorr.ini
[2008/08/26 22:34:19 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/08/25 21:53:41 | 000,000,337 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2008/08/25 21:52:42 | 001,463,131 | -HS- | C] () -- C:\WINDOWS\System32\rnkaxxvj.ini
[2008/08/25 21:52:39 | 000,114,176 | ---- | C] () -- C:\WINDOWS\System32\thdrbt.dll
[2008/08/25 21:50:27 | 000,000,772 | -HS- | C] () -- C:\WINDOWS\System32\kjPXaccf.ini2
[2008/08/25 21:50:27 | 000,000,772 | -HS- | C] () -- C:\WINDOWS\System32\kjPXaccf.ini
[2008/06/18 21:58:20 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\Application Data\mcs.rma
[2008/06/18 21:58:20 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\Application Data\61CED3
[2007/07/20 15:06:23 | 000,100,352 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/25 12:47:45 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/27 20:44:33 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
[2005/08/11 16:00:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/03/08 21:32:04 | 000,000,250 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/03/06 16:21:28 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/02/28 19:26:23 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\Application Data\PFP120JPR.{PB
[2005/02/28 19:26:23 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Tyler Combs\Application Data\PFP120JCM.{PB
[2005/02/19 20:02:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/19 19:53:56 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/19 19:11:28 | 000,000,515 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/02/19 19:08:10 | 000,013,312 | --S- | C] () -- C:\WINDOWS\System32\ouhzw.dll
[2004/09/16 01:12:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/01/09 11:10:48 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/09/10 03:17:24 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/09/10 03:17:24 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/03/13 17:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1980/01/01 01:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\I386\WINLOGON.EXE
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\SYSTEM32\WINLOGON.EXE

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F5CA41B

< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:58 AM

Posted 08 February 2011 - 07:53 AM

Hi,

please run ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 mcguire1019

mcguire1019
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:45011
  • Local time:06:58 PM

Posted 08 February 2011 - 05:54 PM

ComboFix 11-02-08.02 - Tyler Combs 02/08/2011 17:36:33.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.324 [GMT -5:00]
Running from: c:\documents and settings\Tyler Combs\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tyler Combs\My Documents\My Documents.url
c:\documents and settings\Tyler Combs\My Documents\My Videos\My Video.url
c:\program files\Applications\myd.ico
c:\program files\Applications\mym.ico
c:\program files\Applications\myp.ico
c:\program files\Applications\myv.ico
c:\program files\Applications\wcm.exe
c:\program files\ASpyC
c:\program files\ASpyC\ASpyC.exe
c:\program files\WAV
c:\program files\WAV\wav.cpl
c:\program files\WAV\wav.exe
c:\program files\WAV\wav.ooo
c:\program files\WAV\wav1.dat
c:\windows\cookies.ini
c:\windows\pskt.ini
c:\windows\system32\857060
c:\windows\system32\857060\857060.dll
c:\windows\system32\bcwygjcr.ini
c:\windows\system32\drivers\fad.sys
c:\windows\system32\fccaXPjk.dll
c:\windows\system32\fcngwyae.ini
c:\windows\system32\gexespql.dll
c:\windows\system32\gkjoerwv.ini
c:\windows\system32\hhvkhmjj.ini
c:\windows\system32\horpguob.dll
c:\windows\system32\jhhrravj.ini
c:\windows\system32\kdcej.exe
c:\windows\SYSTEM32\kjPXaccf.ini
c:\windows\SYSTEM32\kjPXaccf.ini2
c:\windows\system32\kkruwpag.dll
c:\windows\system32\knasqd.dll
c:\windows\system32\kqfheorr.ini
c:\windows\system32\mluofjkp.dll
c:\windows\system32\njidtwuu.ini
c:\windows\system32\nrppca.dll
c:\windows\system32\obgygmvt.ini
c:\windows\system32\pkjfoulm.ini
c:\windows\system32\rjarelmh.ini
c:\windows\system32\rnkaxxvj.ini
c:\windows\system32\rxgyyppp.ini
c:\windows\system32\sxjmtksp.ini
c:\windows\system32\wrptnobi.ini

.
((((((((((((((((((((((((( Files Created from 2011-01-08 to 2011-02-08 )))))))))))))))))))))))))))))))
.

2011-02-08 22:51 . 2011-02-08 22:52 -------- d-----w- c:\windows\system32\857060
2011-02-06 15:37 . 2011-02-07 01:32 -------- d-----w- C:\0dbfe225b68ce88326b771006637
2011-02-04 05:05 . 2011-02-04 05:05 -------- d-----w- c:\documents and settings\Tyler Combs\Local Settings\Application Data\Mozilla
2011-02-04 02:51 . 2011-02-04 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-02-04 02:27 . 2011-02-04 03:11 -------- d-----w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CCBAFC1-5285-494F-93F1-6894C87A9C43}]
2011-02-08 22:52 17920 ----a-w- c:\windows\SYSTEM32\857060\857060.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1DA6974-4B55-4158-91FB-4EEF76309791}]
2008-08-26 02:44 34304 ----a-w- c:\windows\SYSTEM32\tuvWmNdD.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"wblogon"="c:\windows\system32\ubpr01.exe" [2008-08-17 30208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"bacstray"="BacsTray.exe" [2003-05-15 98304]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 86016]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-13 339968]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-02-20 26112]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-2-19 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E1DA6974-4B55-4158-91FB-4EEF76309791}"= "c:\windows\system32\tuvWmNdD.dll" [2008-08-26 34304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-12 12:55 110592 ----a-w- c:\windows\SYSTEM32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWmNdD]
2008-08-26 02:44 34304 ----a-w- c:\windows\SYSTEM32\tuvWmNdD.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 jswmidin;jswmidin;\??\c:\docume~1\TYLERC~1\LOCALS~1\Temp\jswmidin.sys --> c:\docume~1\TYLERC~1\LOCALS~1\Temp\jswmidin.sys [?]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uStart Page = hxxp://www.bleepingcomputer.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Tyler Combs\Application Data\Mozilla\Firefox\Profiles\46mkfet4.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-c:\windows\system32\kdcej.exe - c:\windows\system32\kdcej.exe
HKLM-Run-ece788ab - c:\windows\system32\mluofjkp.dll
HKLM-Run-BMefd4bb37 - c:\windows\system32\gexespql.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-08 17:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll
c:\windows\system32\tuvWmNdD.dll

- - - - - - - > 'explorer.exe'(3816)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\S24EvMon.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\1XConfig.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\UStorSrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\BacsTray.exe
c:\program files\Apoint\Apntex.exe
.
**************************************************************************
.
Completion time: 2011-02-08 17:57:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-08 22:57

Pre-Run: 85,944,799,232 bytes free
Post-Run: 85,864,308,736 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 055161C4D1221A7E1E1E2D541EED8C8C

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:58 AM

Posted 10 February 2011 - 06:11 AM

Hi,

Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/topic377469.html

Collect::
c:\windows\system32\ubpr01.exe
c:\windows\SYSTEM32\857060\857060.dll
c:\windows\SYSTEM32\tuvWmNdD.dll
driver::
jswmidin
folder::
c:\windows\SYSTEM32\857060

Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 mcguire1019

mcguire1019
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:45011
  • Local time:06:58 PM

Posted 10 February 2011 - 05:37 PM

ComboFix 11-02-09.05 - Tyler Combs 02/10/2011 17:26:42.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.261 [GMT -5:00]
Running from: c:\documents and settings\Tyler Combs\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tyler Combs\Desktop\CFScript.txt

file zipped: c:\windows\SYSTEM32\857060\857060.dll
file zipped: c:\windows\SYSTEM32\tuvWmNdD.dll
file zipped: c:\windows\system32\ubpr01.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\857060
c:\windows\system32\857060\857060.dll
c:\windows\system32\tuvWmNdD.dll
c:\windows\system32\ubpr01.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JSWMIDIN
-------\Service_jswmidin


((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))
.

2011-02-10 22:22 . 2011-02-10 22:22 -------- d-----w- c:\windows\ie8updates
2011-02-10 22:20 . 2011-02-10 22:20 -------- d-----w- c:\program files\MSXML 4.0
2011-02-06 15:37 . 2011-02-07 01:32 -------- d-----w- C:\0dbfe225b68ce88326b771006637
2011-02-04 05:07 . 2009-08-07 00:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-02-04 05:05 . 2011-02-04 05:05 -------- d-----w- c:\documents and settings\Tyler Combs\Local Settings\Application Data\Mozilla
2011-02-04 02:51 . 2011-02-04 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-02-04 02:27 . 2011-02-04 03:11 -------- d-----w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"bacstray"="BacsTray.exe" [2003-05-15 98304]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 86016]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-13 339968]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-02-20 26112]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-2-19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-12 12:55 110592 ----a-w- c:\windows\SYSTEM32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uStart Page = hxxp://www.bleepingcomputer.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Tyler Combs\Application Data\Mozilla\Firefox\Profiles\46mkfet4.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-wblogon - c:\windows\system32\ubpr01.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 17:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll

- - - - - - - > 'explorer.exe'(3808)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\S24EvMon.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\1XConfig.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\UStorSrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\BacsTray.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2011-02-10 17:42:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-10 22:41
ComboFix2.txt 2011-02-08 22:57

Pre-Run: 85,226,991,616 bytes free
Post-Run: 85,263,482,880 bytes free

- - End Of File - - 88F2D8469892785121765EBFB1B1C440

#8 mcguire1019

mcguire1019
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:45011
  • Local time:06:58 PM

Posted 10 February 2011 - 11:57 PM

FYI my laptop automatically downloaded lots of Windows Updates including Service Pack 3 when I rebooted to see if you had responded. I thought this information might be useful. Thanks.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:58 AM

Posted 13 February 2011 - 10:41 AM

Hi,

thanks for the update. It seems that the upload of the malicious files was unsuccesful, could you please do it manually:
Please go to C:\qoobox\quarantine and locate the file [4]Submit_<date and time>.zip, where date and time are the date and time when you ran ComboFix.Afterwards please visit this site and follow the instructions for uploading the file.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 mcguire1019

mcguire1019
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:45011
  • Local time:06:58 PM

Posted 13 February 2011 - 04:56 PM

I have submitted the file.

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:58 AM

Posted 15 February 2011 - 09:07 AM

Hi,

thanks! :) How is the PC doing now?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 mcguire1019

mcguire1019
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:45011
  • Local time:06:58 PM

Posted 15 February 2011 - 10:48 AM

I have not tried anything extensive since we started this removal. I did not want to jeopardize the succcess. I have not used Internet Explorer since installing Firefox to get through the instructions. I was assuming I was waiting for a file to be reviewed and instructions on how to removed. Would you like for me to go back to using IE and see if I have any symptoms?

Thanks Matt

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:58 AM

Posted 15 February 2011 - 11:35 AM

Hi,

ComboFix has taken out a number of files and the fact that your windows updates are now working is an indication that the infection may have been removed.
I would like you to confirm that by testing if your browsing is back to normal too. So please test. :)

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 mcguire1019

mcguire1019
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:45011
  • Local time:06:58 PM

Posted 15 February 2011 - 07:51 PM

IE appears to be working flawlessly. I have two questions:

1.) Windows Update keeps wanting to install "Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447)" but fails every time. This causes my yellow shield to stay up all the time.

2.) What preventative spyware, malware, virus protection does Bleeping Computer endorse? Obviously free is preferred?

Thanks so much for your help!

Matt

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:58 AM

Posted 20 February 2011 - 09:41 AM

Hi,

do you have any more info on wy that update fails? If not can you please zip the file C:\windows\windowsupdate.log and attach it to your next reply.

I will be providing a couple of tips and tricks once we are done, which are all free. :)

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users