Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Computer won't Boot


  • This topic is locked This topic is locked
18 replies to this topic

#1 cjm9876

cjm9876

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 20 June 2011 - 04:21 PM

I need help removing the blue screen of death i receive on my home PC. It won't boot up to safe mode, and I don't know what else to do. I guess I'm computer novice. I'm i believe receive this bsod from a Google redirect link virus, but i don't really know. Any help is receive is appreciated.

BC AdBot (Login to Remove)

 


#2 cjm9876

cjm9876
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 20 June 2011 - 08:44 PM

I ran OTLPE i got a log maybe with this someone could help.

OTL logfile created on: 6/20/2011 11:13:38 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 821.00 Mb Available Physical Memory | 80.00% Memory free
906.00 Mb Paging File | 847.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 98.62 Gb Free Space | 68.33% Space Free | Partition Type: NTFS
Drive D: | 953.19 Mb Total Space | 492.72 Mb Free Space | 51.69% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/06/13 21:02:50 | 003,435,096 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
SRV - [2010/11/11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/11/11 14:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2006/07/06 08:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/10/28 08:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (MpKslf4032ed1)
DRV - File not found [Kernel | System] -- -- (MpKsl3a57d0fa)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/03/20 17:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Angelica_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Angelica_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Christian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z002&form=ZGAPHP
IE - HKU\Christian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\Christian_ON_C\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\Christian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Daniela_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Juan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\Juan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Juan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 7C 3D 8F CF CB CB 01 [binary data]
IE - HKU\Juan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/28 21:38:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 10:07:40 | 000,000,000 | ---D | M]

[2010/06/05 15:24:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelica\Application Data\Mozilla\Extensions
[2010/10/06 17:24:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelica\Application Data\Mozilla\Firefox\Profiles\dw2q6x9f.default\extensions
[2010/06/20 19:53:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Angelica\Application Data\Mozilla\Firefox\Profiles\dw2q6x9f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/31 22:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/15 12:03:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2010/05/27 17:05:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/28 21:37:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 06:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/16 11:13:59 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\Angelica_ON_C\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\Angelica_ON_C\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\Christian_ON_C\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\Christian_ON_C\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\Christian_ON_C\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\Daniela_ON_C\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\Daniela_ON_C\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\Juan_ON_C\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\Juan_ON_C\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLCCCATS] File not found
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\Christian_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\Daniela_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10q_Plugin.exe (Adobe Systems, Inc.)
O4 - HKU\Juan_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10q_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Christian\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Daniela\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Angelica_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Christian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Christian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Christian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Daniela_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Juan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/27 15:31:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{083fcdad-5a75-11e0-a06f-001676b721fb}\Shell - "" = AutoRun
O33 - MountPoints2\{083fcdad-5a75-11e0-a06f-001676b721fb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{083fcdad-5a75-11e0-a06f-001676b721fb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/20 14:43:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/10 19:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelica\My Documents\Sony PMB
[2011/06/10 19:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelica\Application Data\Sony Corporation
[2011/06/10 19:11:14 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2011/06/10 19:11:08 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2011/06/10 19:10:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/06/10 19:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PMB
[2011/06/10 19:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/06/10 19:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2011/06/04 17:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/06/02 18:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniela\Application Data\PriceGong
[2011/06/01 18:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/05/24 14:31:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/24 10:10:06 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2010/05/27 15:48:58 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2010/05/27 15:48:57 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2010/05/27 15:48:57 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2010/05/27 15:48:57 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccih.exe
[2010/05/27 15:48:57 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccfg.exe
[2010/05/27 15:48:57 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2010/05/27 15:48:56 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2010/05/27 15:48:56 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2010/05/27 15:48:56 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2010/05/27 15:48:56 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccoms.exe
[2010/05/27 15:48:56 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2010/05/27 15:48:55 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Juan\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Juan\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Christian\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Christian\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Angelica\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Angelica\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/16 18:06:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/16 18:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/16 17:56:09 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/16 15:00:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/16 09:51:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/16 08:17:21 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/12 17:53:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/10 19:10:09 | 000,001,581 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB Help.lnk
[2011/06/10 19:10:09 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk
[2011/06/10 19:10:09 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PMB
[2011/06/10 19:10:09 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB.lnk
[2011/06/10 19:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PMB
[2011/06/10 11:46:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/30 22:31:48 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2011/05/30 13:44:15 | 000,001,072 | ---- | M] () -- C:\Documents and Settings\Christian\Application Data\wklnhst.dat
[2011/05/30 13:00:47 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/24 20:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Juan\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Juan\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Christian\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Christian\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Angelica\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Angelica\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/10 19:10:09 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Help.lnk
[2011/06/10 19:10:09 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk
[2011/06/10 19:10:09 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PMB
[2011/06/10 19:10:09 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB.lnk
[2011/05/17 23:17:43 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\Angelica\Application Data\wklnhst.dat
[2011/05/17 22:35:27 | 000,012,104 | -HS- | C] () -- C:\Documents and Settings\Daniela\Local Settings\Application Data\h355m4tfgk12ar0321wiru
[2011/05/17 22:35:27 | 000,012,104 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h355m4tfgk12ar0321wiru
[2011/05/06 10:25:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/06 10:25:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/06 10:25:03 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/06 10:25:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/06 10:25:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/05 11:47:53 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qrelusukaseveguk.dat
[2011/05/05 11:47:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Izajanup.bin
[2011/02/05 22:42:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/02/05 22:41:50 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Juan\Application Data\wklnhst.dat
[2010/11/19 22:10:21 | 000,005,083 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oafcpcef.qqj
[2010/09/17 08:41:51 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\Daniela\Application Data\wklnhst.dat
[2010/09/01 18:26:47 | 000,001,072 | ---- | C] () -- C:\Documents and Settings\Christian\Application Data\wklnhst.dat
[2010/09/01 18:24:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/01 18:15:07 | 000,068,640 | ---- | C] () -- C:\WINDOWS\unTMV.exe
[2010/08/31 19:26:42 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Juan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/10 18:15:37 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Angelica\Local Settings\Application Data\fusioncache.dat
[2010/06/08 18:45:21 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/05 15:44:43 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Angelica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/04 12:42:06 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Daniela\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/27 20:00:40 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Christian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/27 17:05:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/27 16:33:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/27 15:48:58 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2010/05/27 15:48:58 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2010/05/27 15:48:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2010/05/27 15:48:55 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2010/05/27 15:48:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2010/05/27 15:48:54 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2010/05/27 15:48:53 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2010/05/27 15:48:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2010/05/27 15:48:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2010/05/27 15:48:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2010/05/27 15:38:56 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Christian\Local Settings\Application Data\fusioncache.dat
[2010/05/27 15:33:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/27 15:29:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/27 10:25:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/27 10:24:59 | 000,178,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/04/27 11:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\AskToolbar
[2011/06/02 12:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\LimeWire
[2011/06/02 16:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\uTorrent
[2011/05/19 17:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniela\Application Data\LimeWire
[2010/11/19 22:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniela\Application Data\MOVAVI
[2011/06/02 18:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniela\Application Data\PriceGong
[2011/01/17 19:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\uTorrent
[2011/05/16 11:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2010/05/27 15:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/06/16 08:17:21 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/06/16 18:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========


< End of report >

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:44 PM

Posted 22 June 2011 - 09:00 AM

Hello,

We Need to Diagnose Your BlueScreen
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    Posted Image
Please post me the error(s).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 cjm9876

cjm9876
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 22 June 2011 - 12:45 PM

Stop: 0x0000007E (0x0000005, 0xF7541E28, 0xF7A76174, 0xF7A75E70)
ACPI.sys - Address F7541E28 base at F7528000, Datestamp 480252b1

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:44 PM

Posted 22 June 2011 - 01:39 PM

Please rerun OTLPE. Click the NONE button, and copy paste the following text in the "custom scan/fix" field. Click Run Scan and post me the resulting log.
/md5start

acpi.sys

/md5stop

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 cjm9876

cjm9876
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 22 June 2011 - 04:20 PM

OTL logfile created on: 6/22/2011 9:10:42 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 738.00 Mb Available Physical Memory | 72.00% Memory free
906.00 Mb Paging File | 742.00 Mb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 98.62 Gb Free Space | 68.33% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Files/Folders - Created Within 30 Days ==========

[2011/06/20 14:43:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/10 19:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelica\My Documents\Sony PMB
[2011/06/10 19:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelica\Application Data\Sony Corporation
[2011/06/10 19:11:14 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2011/06/10 19:11:08 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2011/06/10 19:10:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/06/10 19:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PMB
[2011/06/10 19:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/06/10 19:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2011/06/04 17:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/06/02 18:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniela\Application Data\PriceGong
[2011/06/01 18:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/05/24 14:31:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/24 10:10:06 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2010/05/27 15:48:58 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2010/05/27 15:48:57 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2010/05/27 15:48:57 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2010/05/27 15:48:57 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccih.exe
[2010/05/27 15:48:57 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccfg.exe
[2010/05/27 15:48:57 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2010/05/27 15:48:56 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2010/05/27 15:48:56 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2010/05/27 15:48:56 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2010/05/27 15:48:56 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccoms.exe
[2010/05/27 15:48:56 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2010/05/27 15:48:55 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Juan\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Juan\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Christian\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Christian\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Angelica\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Angelica\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/16 18:06:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/16 18:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/16 17:56:09 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/16 15:00:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/16 09:51:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/16 08:17:21 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/12 17:53:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/10 19:10:09 | 000,001,581 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB Help.lnk
[2011/06/10 19:10:09 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk
[2011/06/10 19:10:09 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PMB
[2011/06/10 19:10:09 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB.lnk
[2011/06/10 19:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PMB
[2011/06/10 11:46:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/30 22:31:48 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2011/05/30 13:44:15 | 000,001,072 | ---- | M] () -- C:\Documents and Settings\Christian\Application Data\wklnhst.dat
[2011/05/30 13:00:47 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/24 20:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Juan\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Juan\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Christian\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Christian\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Angelica\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Angelica\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/10 19:10:09 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Help.lnk
[2011/06/10 19:10:09 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk
[2011/06/10 19:10:09 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PMB
[2011/06/10 19:10:09 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB.lnk
[2011/05/17 23:17:43 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\Angelica\Application Data\wklnhst.dat
[2011/05/17 22:35:27 | 000,012,104 | -HS- | C] () -- C:\Documents and Settings\Daniela\Local Settings\Application Data\h355m4tfgk12ar0321wiru
[2011/05/17 22:35:27 | 000,012,104 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h355m4tfgk12ar0321wiru
[2011/05/06 10:25:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/06 10:25:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/06 10:25:03 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/06 10:25:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/06 10:25:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/05 11:47:53 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qrelusukaseveguk.dat
[2011/05/05 11:47:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Izajanup.bin
[2011/02/05 22:42:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/02/05 22:41:50 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Juan\Application Data\wklnhst.dat
[2010/11/19 22:10:21 | 000,005,083 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oafcpcef.qqj
[2010/09/17 08:41:51 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\Daniela\Application Data\wklnhst.dat
[2010/09/01 18:26:47 | 000,001,072 | ---- | C] () -- C:\Documents and Settings\Christian\Application Data\wklnhst.dat
[2010/09/01 18:24:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/01 18:15:07 | 000,068,640 | ---- | C] () -- C:\WINDOWS\unTMV.exe
[2010/08/31 19:26:42 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Juan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/10 18:15:37 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Angelica\Local Settings\Application Data\fusioncache.dat
[2010/06/08 18:45:21 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/05 15:44:43 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Angelica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/04 12:42:06 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Daniela\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/27 20:00:40 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Christian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/27 17:05:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/27 16:33:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/27 15:48:58 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2010/05/27 15:48:58 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2010/05/27 15:48:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2010/05/27 15:48:55 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2010/05/27 15:48:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2010/05/27 15:48:54 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2010/05/27 15:48:53 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2010/05/27 15:48:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2010/05/27 15:48:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2010/05/27 15:48:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2010/05/27 15:38:56 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Christian\Local Settings\Application Data\fusioncache.dat
[2010/05/27 15:33:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/27 15:29:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/27 10:25:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/27 10:24:59 | 000,178,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/04/27 11:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\AskToolbar
[2011/06/02 12:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\LimeWire
[2011/06/02 16:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\uTorrent
[2011/05/19 17:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniela\Application Data\LimeWire
[2010/11/19 22:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniela\Application Data\MOVAVI
[2011/06/02 18:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniela\Application Data\PriceGong
[2011/01/17 19:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\uTorrent
[2011/05/16 11:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2010/05/27 15:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/06/16 08:17:21 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/06/16 18:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ACPI.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:acpi.sys
[2010/06/01 15:14:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:acpi.sys
[2010/06/01 15:14:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:acpi.sys
[2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) MD5=8FD99680A539792A30E97944FDAECF17 -- C:\WINDOWS\ServicePackFiles\i386\acpi.sys
[2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) MD5=8FD99680A539792A30E97944FDAECF17 -- C:\WINDOWS\system32\drivers\acpi.sys
[2004/08/10 07:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) MD5=A10C7534F7223F4A73A948967D00E69B -- C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
< End of report >

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:44 PM

Posted 23 June 2011 - 02:07 AM

The files seem identical, but to be sure, lets replace acpi.sys with a new copy.

Rerun OTLPE and copy/paste the following text into the "custom scan/fix" field. Click Run Fix. Afterwards restart normally and let me know if you notice any change.
:files
C:\WINDOWS\system32\drivers\acpi.sys|C:\WINDOWS\ServicePackFiles\i386\acpi.sys /replace

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 cjm9876

cjm9876
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 23 June 2011 - 12:20 PM

Well it boot up normally after I did what you said. I didn't receive a blue thank you for that. It seems like everything is back normal. But a saw a popup say Error loading \3\DLCCTtime.dll
The specified module could not be found.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:44 PM

Posted 23 June 2011 - 12:50 PM

Hi again, good to hear it boots up fine now.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 cjm9876

cjm9876
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 23 June 2011 - 02:33 PM

Here is the C:\Combofix.txt. Thanks for the help.

ComboFix 11-06-23.01 - Christian 06/23/2011 13:57:37.3.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.749 [GMT -5:00]
Running from: c:\documents and settings\Christian\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Daniela\Application Data\PriceGong
c:\documents and settings\Daniela\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\j.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Daniela\Application Data\PriceGong\Data\z.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 23:14 . 2011-06-23 23:14 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B7FC5BBF-A297-4CA7-ABB2-E51C935156BD}\MpKsl6a359d01.sys
2011-06-20 18:43 . 2011-06-20 18:43 -------- d-----w- C:\_OTL
2011-06-10 23:16 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B7FC5BBF-A297-4CA7-ABB2-E51C935156BD}\mpengine.dll
2011-06-10 23:14 . 2011-06-10 23:14 -------- d-----w- c:\documents and settings\Angelica\Application Data\Sony Corporation
2011-06-10 23:11 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-06-10 23:10 . 2011-06-10 23:10 -------- d-----w- c:\windows\Logs
2011-06-10 23:08 . 2011-06-10 23:08 -------- d-----w- c:\program files\Sony
2011-06-10 23:08 . 2011-06-10 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2011-06-04 21:33 . 2011-06-04 21:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-06-01 22:16 . 2011-06-01 22:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 22:03 . 2010-06-09 00:27 664 ----a-w- c:\documents and settings\Angelica\Local Settings\Application Data\d3d9caps.tmp
2011-05-30 17:00 . 2011-05-24 14:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 14:11 . 2011-03-04 23:01 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2011-03-04 23:01 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 00:14 . 2010-05-27 21:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-09 20:46 . 2010-05-30 23:34 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-29 01:37 . 2011-04-04 14:07 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-06_14.51.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-07-12 01:54 . 2009-07-12 01:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2010-07-28 19:01 . 2011-06-15 21:35 87951 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2011-06-10 14:01 . 2011-06-10 14:01 86016 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2011-06-10 13:47 . 2011-06-10 13:47 73408 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2011-06-10 13:47 . 2011-06-10 13:47 64512 c:\windows\system32\Adobe\Shockwave 11\gcapi_dll.dll
+ 2011-06-10 14:02 . 2011-06-10 14:02 12288 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2011-06-10 13:46 . 2011-06-10 13:46 21504 c:\windows\Installer\afbf7.msi
- 2010-05-27 19:52 . 2010-05-27 19:52 45056 c:\windows\Installer\{FCD9CD52-7222-4672-94A0-A722BA702FD0}\NewShortcut1.EXE
+ 2010-05-27 19:52 . 2011-05-06 18:27 45056 c:\windows\Installer\{FCD9CD52-7222-4672-94A0-A722BA702FD0}\NewShortcut1.EXE
- 2010-09-01 22:24 . 2011-02-06 02:41 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2010-09-01 22:24 . 2011-05-18 03:17 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2010-09-01 22:24 . 2011-02-06 02:41 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2010-09-01 22:24 . 2011-05-18 03:17 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2010-09-01 22:24 . 2011-05-18 03:17 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2010-09-01 22:24 . 2011-02-06 02:41 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2010-09-01 22:24 . 2011-02-06 02:41 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2010-09-01 22:24 . 2011-05-18 03:17 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2011-06-15 21:36 . 2011-06-15 21:36 10134 c:\windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe
- 2010-09-01 22:24 . 2011-02-06 02:41 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2010-09-01 22:24 . 2011-05-18 03:17 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2010-09-01 22:24 . 2011-02-06 02:41 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2010-09-01 22:24 . 2011-05-18 03:17 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2010-09-01 22:24 . 2011-05-18 03:17 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2010-09-01 22:24 . 2011-02-06 02:41 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2011-05-24 14:10 . 2011-05-24 14:10 239776 c:\windows\system32\Macromed\Flash\FlashUtil10q_Plugin.exe
+ 2011-05-30 17:00 . 2011-05-30 17:00 240288 c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe
+ 2011-05-30 17:00 . 2011-05-30 17:00 321184 c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.dll
+ 2011-06-10 13:47 . 2011-06-10 13:47 279992 c:\windows\system32\Adobe\Shockwave 11\SymCCIS.dll
+ 2011-06-10 14:01 . 2011-06-10 14:01 113664 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2011-06-13 08:49 . 2011-06-13 08:49 545208 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1160626.exe
+ 2011-06-10 14:03 . 2011-06-10 14:03 433664 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2011-06-10 14:02 . 2011-06-10 14:02 364544 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2011-06-10 13:51 . 2011-06-10 13:51 989184 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2011-06-10 14:03 . 2011-06-10 14:03 892416 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2011-06-10 14:01 . 2011-06-10 14:01 541696 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2011-06-13 08:50 . 2011-06-13 08:50 112568 c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2011-06-13 08:50 . 2011-06-13 08:50 279480 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2011-06-10 14:02 . 2011-06-10 14:02 145920 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2011-05-14 19:34 . 2010-10-17 02:13 178666 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
+ 2011-06-15 21:36 . 2011-06-15 21:36 430592 c:\windows\Installer\3ad889.msi
+ 2011-05-13 16:36 . 2011-05-13 16:36 228352 c:\windows\Installer\1f55b.msi
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2010-01-27 01:07 . 2011-05-24 14:10 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-06-10 23:11 . 2006-03-31 17:40 2388176 c:\windows\system32\d3dx9_30.dll
+ 2011-05-18 17:49 . 2011-05-18 17:49 3119264 c:\windows\system32\config\systemprofile\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
+ 2011-06-10 13:47 . 2011-06-10 13:47 2314416 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2011-06-10 13:53 . 2011-06-10 13:53 1732608 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2011-06-10 23:10 . 2011-06-10 23:10 4322816 c:\windows\Installer\20d64be.msi
+ 2011-05-05 20:32 . 2011-05-05 20:32 3119264 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 18:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 18:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-10 22:28 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-28 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-11 396152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-11-04 597792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Daniela\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-5-26 503808]
.
c:\documents and settings\Christian\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-5-26 503808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1033:TCP"= 1033:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
S1 MpKsl3a57d0fa;MpKsl3a57d0fa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DE8135D-5351-43B4-AF70-B3B53BD0876C}\MpKsl3a57d0fa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DE8135D-5351-43B4-AF70-B3B53BD0876C}\MpKsl3a57d0fa.sys [?]
S1 MpKsl6a359d01;MpKsl6a359d01;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B7FC5BBF-A297-4CA7-ABB2-E51C935156BD}\MpKsl6a359d01.sys [6/23/2011 6:14 PM 28752]
S1 MpKslf4032ed1;MpKslf4032ed1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E247CC0-18A0-4C73-BE65-558E16C58A06}\MpKslf4032ed1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E247CC0-18A0-4C73-BE65-558E16C58A06}\MpKslf4032ed1.sys [?]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 6:00 AM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/2/2010 7:50 PM 135664]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/2/2010 7:50 PM 135664]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 1:57 PM 268528]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 00:50]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 00:50]
.
2011-06-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]
.
2011-06-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-06-10 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z002&form=ZGAPHP
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Christian\Application Data\Mozilla\Firefox\Profiles\fsbhu9js.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/\r
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z002&form=ZGAADF&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DLCCCATS - \3\DLCCtime.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 14:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 \3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\WININET.dll
.
Completion time: 2011-06-23 14:22:02
ComboFix-quarantined-files.txt 2011-06-23 19:21
ComboFix2.txt 2011-05-16 16:03
ComboFix3.txt 2011-05-06 14:54
.
Pre-Run: 104,325,091,328 bytes free
Post-Run: 106,921,844,736 bytes free
.
- - End Of File - - B8DDA21B4B3AC18E421292A4A56D50AC

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:44 PM

Posted 23 June 2011 - 02:37 PM

Hi again, how are things running now?

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Please post me attach.txt
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 cjm9876

cjm9876
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 23 June 2011 - 03:33 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/27/2010 2:33:46 PM
System Uptime: 6/23/2011 1:55:11 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel® Core™2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 99.449 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_10DE&DEV_01D1&SUBSYS_04051028&REV_A1\4&F15FA5E&0&0008
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_10DE&DEV_01D1&SUBSYS_04051028&REV_A1\4&F15FA5E&0&0008
Service:
.
==== System Restore Points ===================
.
RP296: 3/19/2011 6:24:45 PM - Software Distribution Service 3.0
RP297: 3/20/2011 6:47:08 PM - Software Distribution Service 3.0
RP298: 3/22/2011 8:56:57 AM - Software Distribution Service 3.0
RP299: 3/24/2011 7:31:49 AM - Software Distribution Service 3.0
RP300: 3/24/2011 3:35:19 PM - Software Distribution Service 3.0
RP301: 3/25/2011 9:59:01 AM - Software Distribution Service 3.0
RP302: 3/26/2011 9:09:17 PM - Software Distribution Service 3.0
RP303: 3/28/2011 6:22:58 PM - Software Distribution Service 3.0
RP304: 3/29/2011 9:37:30 PM - Software Distribution Service 3.0
RP305: 3/30/2011 11:40:39 AM - Software Distribution Service 3.0
RP306: 3/31/2011 8:59:17 AM - Software Distribution Service 3.0
RP307: 4/1/2011 10:30:57 AM - Software Distribution Service 3.0
RP308: 4/2/2011 12:42:03 PM - Software Distribution Service 3.0
RP309: 4/4/2011 9:13:31 AM - Software Distribution Service 3.0
RP310: 4/5/2011 9:18:14 AM - Software Distribution Service 3.0
RP311: 4/6/2011 6:02:03 PM - Software Distribution Service 3.0
RP312: 4/8/2011 8:58:17 AM - Software Distribution Service 3.0
RP313: 4/9/2011 6:44:32 PM - Software Distribution Service 3.0
RP314: 4/11/2011 7:17:21 AM - Software Distribution Service 3.0
RP315: 4/12/2011 8:09:06 AM - System Checkpoint
RP316: 4/13/2011 8:57:10 AM - Software Distribution Service 3.0
RP317: 4/14/2011 3:43:18 PM - Software Distribution Service 3.0
RP318: 4/15/2011 9:05:34 AM - Software Distribution Service 3.0
RP319: 4/16/2011 8:10:13 PM - Software Distribution Service 3.0
RP320: 4/18/2011 9:02:59 AM - Software Distribution Service 3.0
RP321: 4/19/2011 10:36:36 AM - Software Distribution Service 3.0
RP322: 4/20/2011 6:16:09 PM - Software Distribution Service 3.0
RP323: 4/21/2011 6:24:07 PM - Software Distribution Service 3.0
RP324: 4/22/2011 1:16:38 PM - Software Distribution Service 3.0
RP325: 4/23/2011 6:55:24 PM - Software Distribution Service 3.0
RP326: 4/24/2011 7:10:38 PM - Software Distribution Service 3.0
RP327: 4/26/2011 8:15:28 AM - Software Distribution Service 3.0
RP328: 4/27/2011 7:35:49 AM - Software Distribution Service 3.0
RP329: 4/27/2011 8:47:58 AM - Software Distribution Service 3.0
RP330: 4/28/2011 5:50:18 PM - Software Distribution Service 3.0
RP331: 4/30/2011 1:17:19 PM - Software Distribution Service 3.0
RP332: 5/1/2011 10:12:21 PM - Software Distribution Service 3.0
RP333: 5/3/2011 10:08:13 AM - Software Distribution Service 3.0
RP334: 5/4/2011 6:55:42 PM - Software Distribution Service 3.0
RP335: 5/4/2011 8:25:21 PM - Installed Akamai NetSession Interface
RP336: 5/6/2011 11:55:01 AM - Software Distribution Service 3.0
RP337: 5/10/2011 4:00:33 PM - System Checkpoint
RP338: 5/16/2011 10:15:03 AM - ComboFix created restore point
RP339: 5/30/2011 5:44:13 PM - System Checkpoint
RP340: 5/31/2011 8:31:43 PM - System Checkpoint
RP341: 6/3/2011 12:09:31 PM - System Checkpoint
RP342: 6/10/2011 9:24:41 AM - System Checkpoint
RP343: 6/10/2011 6:08:39 PM - Installed PMB
RP344: 6/10/2011 6:10:58 PM - Installed DirectX
RP345: 6/12/2011 5:09:13 PM - System Checkpoint
RP346: 6/16/2011 7:42:51 AM - System Checkpoint
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Apple Application Support
Apple Software Update
Ask Toolbar
ATI - Software Uninstall Utility
ATI Parental Control
Compatibility Pack for the 2007 Office system
Conduit Engine
Conexant D850 56K V.9x DFVc Modem
Dell Photo AIO Printer 924
Dell Resource CD
DivX Setup
ESPNMotion
GemMaster Mystic
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel® Matrix Storage Manager
Intel® PRO Network Connections
Intel® Viiv™ Software
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java Auto Updater
Java™ 6 Update 22
LimeWire 5.5.9
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Excel Viewer
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WinUsb 1.0
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Movavi Video Suite 9
Mozilla Firefox 4.0.1 (x86 en-US)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Otto
PMB
PowerDVD DX
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SigmaTel Audio
Sonic Encoders
swMSM
TextMaker Viewer
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
WhiteSmoke Toolbar
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 9 Series SDK
Windows Media Player 11
Windows Media Player 9 Series SDK
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Works Upgrade
XML Paper Specification Shared Components Pack 1.0
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
6/23/2011 3:25:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/23/2011 2:30:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/23/2011 12:20:52 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1740.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6903.0&avdelta=1.105.1740.0&asdelta=1.105.1740.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: HOME-06724780A8\Christian Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80072f76 Error description: The requested header was not found
6/23/2011 12:20:52 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1740.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6903.0&avdelta=1.105.1740.0&asdelta=1.105.1740.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: HOME-06724780A8\Christian Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80072f76 Error description: The requested header was not found
6/23/2011 12:20:52 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1740.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6903.0&avdelta=1.105.1740.0&asdelta=1.105.1740.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: HOME-06724780A8\Christian Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80072f76 Error description: The requested header was not found
6/23/2011 12:20:52 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1740.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6903.0&avdelta=1.105.1740.0&asdelta=1.105.1740.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: HOME-06724780A8\Christian Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80072f76 Error description: The requested header was not found
6/23/2011 12:20:49 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
6/23/2011 12:17:55 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1740.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6903.0&avdelta=1.105.1740.0&asdelta=1.105.1740.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: HOME-06724780A8\Christian Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80072ee2 Error description: The operation timed out
6/23/2011 12:17:55 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1740.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6903.0&avdelta=1.105.1740.0&asdelta=1.105.1740.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: HOME-06724780A8\Christian Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80072ee2 Error description: The operation timed out
6/23/2011 12:17:55 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1740.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6903.0&avdelta=1.105.1740.0&asdelta=1.105.1740.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: HOME-06724780A8\Christian Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80072ee2 Error description: The operation timed out
6/23/2011 12:17:55 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1740.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6903.0&avdelta=1.105.1740.0&asdelta=1.105.1740.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: HOME-06724780A8\Christian Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80072ee2 Error description: The operation timed out
6/23/2011 12:17:06 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
6/23/2011 1:43:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter
6/23/2011 1:38:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
6/23/2011 1:38:12 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/23/2011 1:38:12 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/23/2011 1:38:12 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/23/2011 1:38:12 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/23/2011 1:37:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/23/2011 1:36:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
.
==== End Of File ===========================

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:44 PM

Posted 23 June 2011 - 03:40 PM

Hi, do you have any problem left?

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!


Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 26 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-6u26-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


Please launch Malwarebytes Antimalware, update it and run a full scan. Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 cjm9876

cjm9876
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 23 June 2011 - 04:02 PM

Nope it seem to be running better. It post the scan results. Thanks for the Help.

#15 cjm9876

cjm9876
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 23 June 2011 - 04:23 PM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6928

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

6/23/2011 4:18:15 PM
mbam-log-2011-06-23 (16-18-15).txt

Scan type: Quick scan
Objects scanned: 195572
Time elapsed: 15 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users