Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected and cant run GMER


  • This topic is locked This topic is locked
50 replies to this topic

#1 margolis

margolis

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 07 January 2012 - 07:38 PM

Greetings,
I am trying to help a friend who has an infected computer.
Tried Malwarebytes but will not install.
I have tried to go through the process defined for collecting information, but GMER will not complete.
Thanks in advance for your help.
Alan

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:08 PM

Posted 13 January 2012 - 03:03 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 margolis

margolis
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 13 January 2012 - 08:20 PM

I am having great difficulties sending replies from the infected computer. It will not let me send you a post, so I sent from another computer.
Wow. I lost everything trying to post so I am re-doing.
Thanks in advance for the help. I know you had some servers down.
Dell Inspiron I1150 Laptop. XP Home Version 2002 sp3. 32 bit.
No Window CDs. IE 8 and Firefox 3.6ish both redirect.
Tried running Malwarebytes but would not scan. Tried RKILL and reinstalling Malwarebytes but same issue.OTL logfile created on: 1/13/2012 5:30:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsGERRY SRDesktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.33 Mb Total Physical Memory | 165.60 Mb Available Physical Memory | 32.45% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 75.17% Paging File free
Paging file location(s): C:pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 24.81 Gb Total Space | 12.03 Gb Free Space | 48.47% Space Free | Partition Type: NTFS

Computer Name: GERRYSR | User Name: GERRY SR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:WINDOWS!47443280:2936654600.exe
PRC - [2012/01/13 17:14:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsGERRY SRDesktopOTL.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe
PRC - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:Program FilesDell Support Centerinsprtsvc.exe
PRC - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:Program FilesDell Support Centerinsprtcmd.exe
PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:Program FilesDellSupportDSAgnt.exe
PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:Program FilesCommon FilesAOLACSAOLacsd.exe
PRC - [2005/02/25 08:43:45 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:Program FilesRealRealPlayer ealplay.exe
PRC - [2004/05/13 18:23:56 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:Program FilesSynapticsSynTPSynTPLpr.exe
PRC - [2004/03/04 10:36:22 | 000,211,828 | ---- | M] () -- C:Program FilesDellAccessDirectDadApp.exe
PRC - [2003/11/19 16:48:14 | 000,032,881 | ---- | M] () -- C:Program FilesJavaj2re1.4.2_03injusched.exe
PRC - [2003/08/27 09:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:WINDOWSwanmpsvc.exe
PRC - [2002/04/11 04:19:36 | 000,077,824 | ---- | M] () -- C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf.exe
PRC - [2002/04/11 04:19:34 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/10 11:54:53 | 003,391,488 | ---- | M] () -- c:windowsassembly ativeimages1_v1.1.4322mscorlib.0.5000.0__b77a5c561934e089_c2a38297mscorlib.dll
MOD - [2011/12/10 11:54:33 | 002,088,960 | ---- | M] () -- c:windowsassembly ativeimages1_v1.1.4322system.xml.0.5000.0__b77a5c561934e089_8eab283bsystem.xml.dll
MOD - [2011/12/10 11:54:02 | 001,966,080 | ---- | M] () -- c:windowsassembly ativeimages1_v1.1.4322system.0.5000.0__b77a5c561934e089_16c041d6system.dll
MOD - [2011/12/10 11:53:38 | 001,232,896 | ---- | M] () -- c:windowsassemblygacsystem.0.5000.0__b77a5c561934e089system.dll
MOD - [2008/06/20 09:02:47 | 000,245,248 | ---- | M] () -- \?globalrootsystemrootsystem32mswsock.dll
MOD - [2008/06/20 09:02:47 | 000,245,248 | ---- | M] () -- \.globalrootsystemrootsystem32mswsock.dll
MOD - [2004/08/10 12:11:10 | 001,339,392 | ---- | M] () -- c:windowsassemblygacsystem.xml.0.5000.0__b77a5c561934e089system.xml.dll
MOD - [2004/03/04 10:36:22 | 000,211,828 | ---- | M] () -- C:Program FilesDellAccessDirectDadApp.exe
MOD - [2003/11/19 16:48:14 | 000,032,881 | ---- | M] () -- C:Program FilesJavaj2re1.4.2_03injusched.exe
MOD - [2002/11/01 16:48:12 | 000,061,440 | ---- | M] () -- C:Program FilesDellAccessDirectdadkeyb.dll
MOD - [2002/04/11 04:19:42 | 000,024,576 | ---- | M] () -- C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnfps.dll
MOD - [2002/04/11 04:19:36 | 000,077,824 | ---- | M] () -- C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:Program FilesDell Support Centerinsprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:Program FilesDellSupportrkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:Program FilesCommon FilesAOLACSAOLacsd.exe -- (AOL ACS)
SRV - [2003/08/27 09:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:WINDOWSwanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2010/05/31 19:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:WINDOWSsystem32driversmfehidk.sys -- (mfehidk)
DRV - [2010/02/17 15:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:WINDOWSSYSTEM32DRIVERSmferkdk.sys -- (mferkdk)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:WINDOWSSYSTEM32DRIVERSdsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:Program FilesDellSupportGTAction riggersDSproct.sys -- (DSproct)
DRV - [2005/02/25 08:43:50 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:WINDOWSSystem32driversasctrm.sys -- (ASCTRM)
DRV - [2004/12/06 14:09:58 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSSYSTEM32DRIVERSBCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/15 14:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSSYSTEM32DRIVERSstac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:WINDOWSSystem32driversAFS2K.SYS -- (AFS2K)
DRV - [2004/09/24 22:36:44 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:WINDOWSSYSTEM32DRIVERSodysseyIM4.sys -- (odysseyIM4)
DRV - [2004/06/30 09:39:36 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:WINDOWSSYSTEM32DRIVERSAPPDRV.SYS -- (APPDRV)
DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:WINDOWSSYSTEM32DRIVERSomci.sys -- (omci)
DRV - [2004/01/02 09:44:22 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSSYSTEM32DRIVERScm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/11/13 17:21:16 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSSYSTEM32DRIVERSHSFHWICH.sys -- (HSFHWICH)
DRV - [2003/11/13 17:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSSYSTEM32DRIVERSHSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 17:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSSYSTEM32DRIVERSHSF_DP.sys -- (HSF_DP)
DRV - [2003/07/16 21:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:WINDOWSSYSTEM32CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSSYSTEM32DRIVERSwanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM..URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:Program FilesAOL Toolbaraoltb.dll (AOL LLC)


IE - HKU.DEFAULTSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU.DEFAULTSOFTWAREMicrosoftInternet ExplorerMain,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU.DEFAULTSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKUS-1-5-18SOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKUS-1-5-18SOFTWAREMicrosoftInternet ExplorerMain,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKUS-1-5-18SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.dell4me.com/mywaybiz
IE - HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0



IE - HKUS-1-5-21-2861339278-57126947-1681703744-1008SOFTWAREMicrosoftInternet ExplorerMain,Search Bar = http://bfc.myway.com/search/de_srchlft.html
IE - HKUS-1-5-21-2861339278-57126947-1681703744-1008SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/
IE - HKUS-1-5-21-2861339278-57126947-1681703744-1008SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLMSoftwareMozillaPlugins@viewpoint.com/VMP: C:Program FilesViewpointViewpoint Experience Technology pViewpoint.dll ()

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 3.6.22extensions\Components: C:Program FilesMozilla Firefoxcomponents [2011/12/29 12:46:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 3.6.22extensions\Plugins: C:Program FilesMozilla Firefoxplugins [2011/12/29 12:46:04 | 000,000,000 | ---D | M]

[2011/12/29 12:46:41 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsGERRY SRApplication DataMozillaExtensions
[2011/12/29 12:46:41 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsGERRY SRApplication DataMozillaFirefoxProfiles p26w3li.defaultextensions
[2011/12/29 12:46:04 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSSYSTEM32dla fswshx.dll (Sonic Solutions)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOL Toolbaraoltb.dll (AOL LLC)
O3 - HKLM..Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOL Toolbaraoltb.dll (AOL LLC)
O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKUS-1-5-21-2861339278-57126947-1681703744-1008..ToolbarShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKUS-1-5-21-2861339278-57126947-1681703744-1008..ToolbarWebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKUS-1-5-21-2861339278-57126947-1681703744-1008..ToolbarWebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOL Toolbaraoltb.dll (AOL LLC)
O4 - HKLM..Run: [DadApp] C:Program FilesDellAccessDirectDadApp.exe ()
O4 - HKLM..Run: [DellSupportCenter] C:Program FilesDell Support Centerinsprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..Run: [dscactivate] C:Program FilesDell Support Centergs_agentcustomdsca.exe ( )
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..Run: [Share-to-Web Namespace Daemon] C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_03injusched.exe ()
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..Run: [UpdateManager] C:Program FilesCommon FilesSonicUpdate Managersgtray.exe (Sonic Solutions)
O4 - HKUS-1-5-21-2861339278-57126947-1681703744-1008..Run: [DellSupport] C:Program FilesDellSupportDSAgnt.exe (Gteko Ltd.)
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoCDBurning = 0
O7 - HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 - HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 - HKUS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 - HKUS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 - HKUS-1-5-21-2861339278-57126947-1681703744-1008SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9Catalog_Entries�000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9Catalog_Entries�000000019 - mswsock.dll File not found
O15 - HKUS-1-5-21-2861339278-57126947-1681703744-1008..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.2.1
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{2140C020-8D22-41E7-90E3-DEA849A1A5D5}: DhcpNameServer = 192.168.2.1
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{8A0E489F-98E4-47A3-92B4-7EDFBF39684A}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WINDOWSexplorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) -C:WINDOWSSYSTEM32userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:WINDOWSCloudsterpic1.bmp
O24 - Desktop BackupWallPaper: C:WINDOWSCloudsterpic1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2EShell - "" = AutoRun
O33 - MountPoints2EShellAutoRun - "" = Auto&Play
O33 - MountPoints2EShellAutoRuncommand - "" = E:LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM..comfile [open] -- "%1" %*
O35 - HKLM..exefile [open] -- "%1" %*
O37 - HKLM...com [@ = comfile] -- "%1" %*
O37 - HKLM...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "AOL ACS"
MsConfig - StartUpReg: AOLDialer - hkey= - key= - C:Program FilesCommon FilesAOLACSAOLDial.exe (AOL LLC)
MsConfig - StartUpReg: HostManager - hkey= - key= - C:Program FilesCommon FilesAOLO5011396eeaolsoftware.exe (AOL LLC)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%system32 hemeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%Outlook Expresssetup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFmsnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFmsmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%Outlook Expresssetup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:WINDOWSsystem32ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:WINDOWSsystem32Rundll32.exe C:WINDOWSsystem32mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINF xsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:WINDOWSsystem32ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:WINDOWSinfunregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:WINDOWSsystem32ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:WINDOWSsystem32 undll32.exe" "C:WINDOWSsystem32iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%system32shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:WINDOWSSYSTEM32iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:WINDOWSSYSTEM32l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:WINDOWSSystem32sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:WINDOWSSystem32TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:WINDOWSSystem32iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:WINDOWSSystem32IR32_32.DLL ()
Drivers32: vidc.iv32 - C:WINDOWSSystem32IR32_32.DLL ()
Drivers32: vidc.iv41 - C:WINDOWSSystem32ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:WINDOWSSystem32ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/13 17:14:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:Documents and SettingsGERRY SRDesktopOTL.exe
[2012/01/13 17:13:01 | 000,000,000 | ---D | C] -- C:WINDOWSLastGood
[2012/01/07 17:23:15 | 000,000,000 | ---D | C] -- C:WINDOWSSystem32LogFiles
[2012/01/07 14:43:07 | 000,000,000 | ---D | C] -- C:Documents and SettingsGERRY SRMy DocumentsGmer Removal
[2012/01/07 14:15:42 | 000,000,000 | R--D | C] -- C:Documents and SettingsGERRY SRStart MenuProgramsAdministrative Tools
[2012/01/07 13:43:53 | 000,000,000 | ---D | C] -- C:Documents and SettingsNetworkServiceApplication DataSun
[2012/01/07 13:41:19 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:WINDOWSSystem32driversmbamswissarmy.sys
[2012/01/07 13:18:02 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsMalwarebytes' Anti-Malware
[2012/01/07 13:17:57 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:WINDOWSSystem32driversmbam.sys
[2012/01/07 13:15:31 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:Documents and SettingsGERRY SRDesktopmbam-setup-1.51.2.1300.exe
[2011/12/29 13:38:03 | 000,000,000 | ---D | C] -- C:Documents and SettingsNetworkServiceLocal SettingsApplication DataPCHealth
[2011/12/29 12:46:21 | 000,000,000 | ---D | C] -- C:Documents and SettingsGERRY SRLocal SettingsApplication DataMozilla
[2011/12/29 12:46:20 | 000,000,000 | ---D | C] -- C:Documents and SettingsGERRY SRApplication DataMozilla
[2011/12/29 12:46:10 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsMozilla Firefox
[2011/12/29 12:46:03 | 000,000,000 | ---D | C] -- C:Program FilesMozilla Firefox
[2011/12/29 12:45:22 | 008,618,296 | ---- | C] (Mozilla) -- C:Documents and SettingsGERRY SRDesktop.6.22_FirefoxSetup3.6.22.exe
[1 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]
[1 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/13 17:14:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsGERRY SRDesktopOTL.exe
[2012/01/13 17:10:49 | 000,000,428 | -H-- | M] () -- C:WINDOWS asksUser_Feed_Synchronization-{61FD61B7-BB44-43E4-A4EE-2AE6EB362BFB}.job
[2012/01/13 17:08:41 | 000,002,206 | ---- | M] () -- C:WINDOWSSystem32WPA.DBL
[2012/01/13 17:08:04 | 000,000,000 | ---- | M] () -- C:WINDOWS!47443280
[2012/01/13 17:08:00 | 000,002,048 | --S- | M] () -- C:WINDOWSBOOTSTAT.DAT
[2012/01/13 17:07:58 | 535,191,552 | -HS- | M] () -- C:hiberfil.sys
[2012/01/07 17:34:22 | 000,006,207 | ---- | M] () -- C:Documents and SettingsGERRY SRDesktopAttach.zip
[2012/01/07 14:45:50 | 000,000,664 | ---- | M] () -- C:WINDOWSSystem32d3d9caps.dat
[2012/01/07 14:10:38 | 000,000,000 | ---- | M] () -- C:Documents and SettingsGERRY SRdefogger_reenable
[2012/01/07 13:41:19 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:WINDOWSSystem32driversmbamswissarmy.sys
[2012/01/07 13:20:05 | 000,000,784 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopMalwarebytes Anti-Malware.lnk
[2011/12/29 14:19:58 | 000,337,056 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT
[2011/12/29 12:46:12 | 000,001,620 | ---- | M] () -- C:Documents and SettingsGERRY SRApplication DataMicrosoftInternet ExplorerQuick LaunchMozilla Firefox.lnk
[2011/12/29 12:46:12 | 000,001,602 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopMozilla Firefox.lnk
[2011/12/29 12:45:33 | 008,618,296 | ---- | M] (Mozilla) -- C:Documents and SettingsGERRY SRDesktop.6.22_FirefoxSetup3.6.22.exe
[2011/12/14 19:27:46 | 001,008,141 | ---- | M] () -- C:Documents and SettingsGERRY SRDesktop kill.com
[2011/12/14 19:24:02 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:Documents and SettingsGERRY SRDesktopmbam-setup-1.51.2.1300.exe
[1 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]
[1 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/07 17:34:22 | 000,006,207 | ---- | C] () -- C:Documents and SettingsGERRY SRDesktopAttach.zip
[2012/01/07 14:10:38 | 000,000,000 | ---- | C] () -- C:Documents and SettingsGERRY SRdefogger_reenable
[2012/01/07 13:19:39 | 000,000,784 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopMalwarebytes Anti-Malware.lnk
[2012/01/07 13:15:22 | 001,008,141 | ---- | C] () -- C:Documents and SettingsGERRY SRDesktop kill.com
[2011/12/29 12:46:12 | 000,001,620 | ---- | C] () -- C:Documents and SettingsGERRY SRApplication DataMicrosoftInternet ExplorerQuick LaunchMozilla Firefox.lnk
[2011/12/29 12:46:12 | 000,001,602 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopMozilla Firefox.lnk
[2011/10/02 13:35:21 | 000,000,664 | ---- | C] () -- C:WINDOWSSystem32d3d9caps.dat
[2010/10/02 15:32:05 | 000,003,584 | ---- | C] () -- C:Documents and SettingsGERRY SRLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/18 16:42:33 | 000,000,064 | ---- | C] () -- C:WINDOWSinit.ini
[2005/12/23 21:38:41 | 047,369,160 | ---- | C] () -- C:WINDOWSSystem32MRT.exe
[2005/03/20 17:48:36 | 000,039,095 | ---- | C] () -- C:WINDOWSiccsigs.dat
[2005/03/20 17:48:34 | 000,112,688 | ---- | C] () -- C:WINDOWSSystem32shw32.dll
[2005/03/04 15:00:47 | 000,000,055 | ---- | C] () -- C:WINDOWSAutoCAD 2000 EReg.ini
[2005/03/04 14:58:01 | 000,000,000 | ---- | C] () -- C:WINDOWSmtstack.INI
[2005/03/04 14:53:50 | 000,045,056 | ---- | C] () -- C:WINDOWSSystem32MTSTACK.EXE
[2005/03/03 12:05:42 | 000,000,158 | ---- | C] () -- C:WINDOWSpagesuit.ini
[2005/03/03 12:05:39 | 000,023,040 | ---- | C] () -- C:WINDOWSSystem32irisco32.dll
[2005/03/03 11:56:03 | 000,027,801 | ---- | C] () -- C:WINDOWShpoins01.dat
[2005/03/03 11:56:03 | 000,007,765 | ---- | C] () -- C:WINDOWShpomdl01.dat
[2005/03/01 12:05:31 | 000,000,004 | ---- | C] () -- C:Documents and SettingsGERRY SRApplication DataQSPMShare
[2005/02/25 08:56:18 | 000,000,061 | ---- | C] () -- C:WINDOWSsmscfg.ini
[2005/02/25 08:51:01 | 000,000,264 | ---- | C] () -- C:WINDOWSwininit.ini
[2005/02/25 08:42:07 | 000,000,335 | ---- | C] () -- C:WINDOWS sreg.dat
[2005/02/25 08:27:26 | 000,000,376 | ---- | C] () -- C:WINDOWSODBC.INI
[2005/02/25 08:21:11 | 000,077,824 | ---- | C] () -- C:WINDOWSSystem32SynTPCoI.dll
[2005/02/25 08:20:55 | 000,028,779 | ---- | C] () -- C:WINDOWSSystem32javaw.exe
[2005/02/25 08:20:55 | 000,024,681 | ---- | C] () -- C:WINDOWSSystem32java.exe
[2005/02/25 08:08:28 | 000,002,048 | --S- | C] () -- C:WINDOWSBOOTSTAT.DAT
[2005/02/25 08:07:40 | 000,402,994 | ---- | C] () -- C:WINDOWSSystem32PERFH009.DAT
[2005/02/25 08:07:40 | 000,062,332 | ---- | C] () -- C:WINDOWSSystem32PERFC009.DAT
[2005/02/25 07:26:12 | 000,000,367 | ---- | C] () -- C:WINDOWSSystem32OEMINFO.INI
[2004/09/15 20:49:44 | 000,000,000 | ---- | C] () -- C:WINDOWSSystem32px.ini
[2004/08/10 12:13:12 | 000,000,780 | ---- | C] () -- C:WINDOWSORUN32.INI
[2004/08/10 12:08:08 | 000,337,056 | ---- | C] () -- C:WINDOWSSystem32FNTCACHE.DAT
[2004/08/10 12:03:52 | 000,004,161 | ---- | C] () -- C:WINDOWSODBCINST.INI
[2004/08/10 12:02:16 | 000,021,640 | ---- | C] () -- C:WINDOWSSystem32emptyregdb.dat
[2004/08/10 09:08:26 | 013,107,200 | ---- | C] () -- C:WINDOWSSystem32OEMBIOS.BIN
[2004/08/10 09:08:26 | 000,004,627 | ---- | C] () -- C:WINDOWSSystem32OEMBIOS.DAT
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:WINDOWSSystem32MLANG.DAT
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:WINDOWSSystem32PERFI009.DAT
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:WINDOWSSystem32DSSEC.DAT
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:WINDOWSSystem32MIB.BIN
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:WINDOWSSystem32PERFD009.DAT
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:WINDOWSSystem32SECUPD.DAT
[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:WINDOWSSystem32dcache.bin
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:WINDOWSSystem32FXSPERF.INI
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:WINDOWSSystem32NOISE.DAT
[2004/07/19 15:01:02 | 000,045,056 | ---- | C] () -- C:WINDOWSSETPWRCG.EXE
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:WINDOWSSystem32OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%*.exe >
[2005/12/20 00:55:48 | 000,010,920 | ---- | M] () -- C:aolconnfix.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:WINDOWSexplorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:WINDOWSServicePackFilesi386explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:WINDOWS$hf_mig$KB938828SP2QFEexplorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:WINDOWS$NtServicePackUninstall$explorer.exe
[2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:WINDOWS$NtUninstallKB938828$explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:I386WINLOGON.EXE
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:WINDOWS$NtServicePackUninstall$winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:RECYCLERS-1-5-21-2861339278-57126947-1681703744-1008Dc23winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:WINDOWSServicePackFilesi386winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:WINDOWSSYSTEM32winlogon.exe

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> C:WINDOWS!47443280:2936654600.exe

< End of report >
OTL Extras logfile created on: 1/13/2012 5:30:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsGERRY SRDesktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.33 Mb Total Physical Memory | 165.60 Mb Available Physical Memory | 32.45% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 75.17% Paging File free
Paging file location(s): C:pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 24.81 Gb Total Space | 12.03 Gb Free Space | 48.47% Space Free | Partition Type: NTFS

Computer Name: GERRYSR | User Name: GERRY SR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.txt [@ = txtfile] -- C:UTILITIESMetapad 3.5metapad.exe ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- "C:UTILITIESMetapad 3.5metapad.exe" %1 ()
Unknown [openas] -- %SystemRoot%system32 undll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Paint Shop Pro Studio] -- "C:Program FilesJasc Software IncPaint Shop Pro Studio\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSr]
"Start" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileGloballyOpenPortsList]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"192:TCP" = 192:TCP:192.168.0.0/255.255.255.0:Enabled:APIOFFICE
"1:TCP" = 1:TCP:LocalSubNet:Enabled:API
"2:TCP" = 2:TCP:192.168.0.0/255.255.255.0:Enabled:API

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"C:Program FilesCommon FilesAOLACSAOLacsd.exe" = C:Program FilesCommon FilesAOLACSAOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:Program FilesCommon FilesAOLACSAOLDial.exe" = C:Program FilesCommon FilesAOLACSAOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:Program FilesAmerica Online 9.0waol.exe" = C:Program FilesAmerica Online 9.0waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"C:Program FilesCommon FilesAOLACSAOLacsd.exe" = C:Program FilesCommon FilesAOLACSAOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:Program FilesCommon FilesAOLACSAOLDial.exe" = C:Program FilesCommon FilesAOLACSAOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:Program FilesAmerica Online 9.0aol.exe" = C:Program FilesAmerica Online 9.0aol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:Program FilesAmerica Online 9.0waol.exe" = C:Program FilesAmerica Online 9.0waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:Program FilesCommon FilesAOLO5011396eeaolsoftware.exe" = C:Program FilesCommon FilesAOLO5011396eeaolsoftware.exe:*:Enabled:AOL Services -- (AOL LLC)
"C:Program FilesAOL 9.1waol.exe" = C:Program FilesAOL 9.1waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:Program FilesCommon FilesAOLTopSpeed.0aoltpsd3.exe" = C:Program FilesCommon FilesAOLTopSpeed.0aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:Program FilesCommon FilesAOLLoaderaolload.exe" = C:Program FilesCommon FilesAOLLoaderaolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:Program FilesCommon FilesAOLSystem Informationsinf.exe" = C:Program FilesCommon FilesAOLSystem Informationsinf.exe:*:Enabled:AOL System Information -- (AOL LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{417B79C9-CDB4-477F-952D-840CEFC57A6C}" = AccessDirect
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = HP Photo and Imaging 1.0 - PSC 2000 Series
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{901D1286-529B-48A9-8DDD-4A60CF9E9BF1}" = H&R Block Tax Offer
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}" = Readiris 7.5
"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600207}" = MSN Messenger 6.1
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9
"{DC4DD556-DD03-422A-926B-470746D8B50D}" = Microsoft Office Outlook Connector for MSN
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED93995E-8BF2-480F-8EA4-7D29E29A7052}" = HP Photo and Imaging 1.0 - PSC 2000 Series Drivers
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AOL Toolbar" = AOL Toolbar
"AOL Toolbar 5.0" =
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"AutoCAD 2000 Uninstall" = AutoCAD 2000
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem
"Corel Applications" = Corel Applications
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"MSNINST" = MSN
"MyWaySearchAssistantDE" = My Way Search Assistant
"PictureIt_POD_v9" = Microsoft Picture It! Library 9
"PictureIt_v9" = Microsoft Picture It! Express 9
"PSC 2000 Series" = HP Photo and Imaging 1.0 - PSC 2000 Series
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/12/2010 1:28:14 PM | Computer Name = GERRYHOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 9/12/2010 1:28:15 PM | Computer Name = GERRYHOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 9/12/2010 1:28:16 PM | Computer Name = GERRYHOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 9/12/2010 1:28:16 PM | Computer Name = GERRYHOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 9/12/2010 1:28:17 PM | Computer Name = GERRYHOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 9/12/2010 1:28:17 PM | Computer Name = GERRYHOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 9/12/2010 1:28:17 PM | Computer Name = GERRYHOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 9/12/2010 1:28:17 PM | Computer Name = GERRYHOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 9/12/2010 1:28:26 PM | Computer Name = GERRYHOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 9/12/2010 1:46:29 PM | Computer Name = GERRYHOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 1/13/2012 8:08:35 PM | Computer Name = GERRYSR | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/13/2012 8:10:20 PM | Computer Name = GERRYSR | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/13/2012 8:10:42 PM | Computer Name = GERRYSR | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/13/2012 8:11:19 PM | Computer Name = GERRYSR | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/13/2012 8:11:30 PM | Computer Name = GERRYSR | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/13/2012 8:12:23 PM | Computer Name = GERRYSR | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 1/13/2012 8:14:14 PM | Computer Name = GERRYSR | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/13/2012 8:18:09 PM | Computer Name = GERRYSR | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/13/2012 8:21:28 PM | Computer Name = GERRYSR | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/13/2012 8:30:56 PM | Computer Name = GERRYSR | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >

Followed the instructions for posting. GMER will not run.Have not done anything since. Windows may have updated when I shut down.
CPU useage 100%.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:08 PM

Posted 13 January 2012 - 08:28 PM

Hi

please try running ComboFix on the infected PC:

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations and save it as fun.com on your flash drive:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Posted Image


Download the file & save it as it's originally named.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto fun.com and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 margolis

margolis
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 13 January 2012 - 08:51 PM

The link for Windows recovery console does not look like what you showed.
It appears to be setup disks

#6 margolis

margolis
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 13 January 2012 - 09:00 PM

Should I be concerned about the flash drive infecting my other computer?
Thanks. Just want to be cautious.
Alan

#7 margolis

margolis
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 13 January 2012 - 09:10 PM

I think I got it working, but still want to know about flash drive infection.
Alan

#8 margolis

margolis
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 13 January 2012 - 09:16 PM

I got an Error popup.
CFScript Name Error.
Were you trying to run CFSript?
"The name, CFScript appears to incorrectly spelt"

OK closes it.
Hum?

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:08 PM

Posted 14 January 2012 - 08:12 AM

Hi,

is your second PC running XP as well?

If so please do this:
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


If not let me know.

regards myrti

Edited by myrti, 14 January 2012 - 08:12 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 margolis

margolis
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 14 January 2012 - 01:27 PM

Myrti,
Thanks. Other computers have Win 7 and maybe one with Vista.
I used a CD for the previous activity since I did not want to chance infecting this computer.
The one I will be using next to the infected will be a Win 7.
This infection seems pretty tricky!!
Thanks
Alan

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:08 PM

Posted 14 January 2012 - 01:51 PM

Hi,

I would suggest using Panda's USBVaccine in this case: http://www.pandasecurity.com/homeusers/downloads/usbvaccine/

(Just vaccinate the drive, no need to have it run on your PC)

Did you rename the files you downloaded for the recovery console?

regards myrti

Edited by myrti, 14 January 2012 - 01:52 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 margolis

margolis
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 14 January 2012 - 02:09 PM

Yes. I did exactly what was shown.
Thanks

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:08 PM

Posted 14 January 2012 - 02:11 PM

Hi,

I think there was a misunderstanding. Only the combofix.exe should be renamed. The files for the recovery console need to keep their original name.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 margolis

margolis
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 14 January 2012 - 02:15 PM

Correct I renamed combofix as fun.com and left the downloaded file MS as is.

#15 margolis

margolis
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 14 January 2012 - 02:30 PM

Got Panda loaded too on other safe computer.
Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users