Jump to content

ralph55

Honorary Members
  • Posts

    30
  • Joined

  • Last visited

Everything posted by ralph55

  1. Thank you for all your help. PC seems to be running smooth and clean. Have a great day.
  2. Here is the ESET Scan C:\I386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application cleaned by deleting - quarantined I will wait for my next step. Thank you
  3. Here is the Log from MB Full Scan. Found one Problem. I ran the Dial-a-fix and updates work. PC seems to be running fine. I will update the Java & Adobe, then clean my PC. Is there anything else I need to do? Thank you Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6224 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 3/31/2011 5:14:46 AM mbam-log-2011-03-31 (05-14-46).txt Scan type: Full scan (C:\|F:\|) Objects scanned: 290492 Time elapsed: 1 hour(s), 1 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Mia\Local Settings\Application Data\dlx.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. I will run the full MB scan and post results. Then I will do the java & Adobe updates. The one major problem is that I can't get any Windows or Microsoft updates. I have a windows security alert (red shield with a white X) on the right hand side of task bar, next to clock, with the message that automatic updates is turned off. But I can't turn it on. I go to Microsoft security center on PC but it wont let me turn it on. I then go to the control System in Control Panel and open automatic updates tab and it says Automatic Update service is on. Then I go to the MS update center & try to install updates or to turn on automatic updates I get the following error message. "[Error number: 0x80070424] The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem." When I try to trouble shoot I can't find error number 0x80070424. Also the PC after being on for a while (5 to 10 minutes) sounds like it is racing. The PC sounds like it is scanning faster & faster. Sometimes I can look at the processes running & identify what is using so much CPU, other times I can't. Will send log when ready.
  5. Here is the ComboFix Report run from the infected profile (Mia) BTW - When PC rebooted & I logged into Mia profile to finish, Symantec Endpoint informed me that a virus named "Bloodhound.MalPE" was quarantined. Quarantine Info below. Quarantine was successful. Orig location C:\windows\Temp\logishrd\ Status Infected File creation date 3/30/2011 6:15pm ComboFix Report ComboFix 11-03-29.06 - Mia 03/30/2011 18:07:21.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2419 [GMT -4:00] Running from: c:\documents and settings\Mia\Desktop\ComboFix.com AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\TEMP\logishrd\LVPrcInj01.dll . . ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-30 ))))))))))))))))))))))))))))))) . . 2011-03-28 22:18 . 2011-03-28 22:18 -------- d--h--w- c:\windows\PIF 2011-03-28 22:06 . 2011-03-28 22:06 -------- d-----w- c:\documents and settings\Ralph\Local Settings\Application Data\Google 2011-03-28 21:43 . 2011-03-28 21:43 -------- d-----w- c:\documents and settings\Administrator 2011-03-27 20:07 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{47A5D248-4549-468B-B926-965574469385}\mpengine.dll 2011-03-12 02:44 . 2011-03-12 02:44 -------- d-----w- c:\documents and settings\Mia\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2011-03-04 03:52 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-03-04 03:52 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2011-03-04 03:50 . 2011-03-04 03:50 -------- d-----w- c:\program files\iPod 2011-03-04 03:50 . 2011-03-04 03:52 -------- d-----w- c:\program files\iTunes 2011-03-04 03:40 . 2011-03-04 03:40 -------- d-----w- c:\program files\Bonjour . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-18 21:36 . 2010-10-25 23:55 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-18 21:36 . 2010-10-25 23:55 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-11 06:54 . 2010-11-13 12:31 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-02-09 13:53 . 2004-08-04 11:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 11:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 22:11 . 2010-11-13 12:31 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-02-02 07:58 . 2004-08-04 11:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-04 11:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-04 11:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-04 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2004-08-04 11:00 1854976 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056] "Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-05-06 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-05-06 118784] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560] "Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-03 270336] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "Adobe Acrobat Speed Launcher"="f:\adobe\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="f:\adobe\Acrobat\Acrotray.exe" [2008-06-12 640376] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648] "QuickTime Task"="f:\mias stuff\Downloads\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-12-11 24576] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SYSTEM32\acaptuser32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;f:\mias stuff\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/6/2010 2:19 AM 169408] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/22/2010 5:48 PM 102448] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/4/2010 9:27 PM 136176] S3 COH_Mon;COH_Mon;c:\windows\SYSTEM32\DRIVERS\COH_Mon.sys [12/2/2009 4:02 PM 23888] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232] . Contents of the 'Scheduled Tasks' folder . 2011-03-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-DHK63961-Mia.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 06:25] . 2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 01:27] . 2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 01:27] . 2011-03-30 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dell4me.com/myway uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Mia\Application Data\Mozilla\Firefox\Profiles\hzosbi40.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-30 18:16 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1908) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\system32\wdfmgr.exe c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe c:\windows\system32\wscntfy.exe c:\program files\Dell AIO Printer A920\dlbkbmon.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\Symantec\Symantec Endpoint Protection\SavUI.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-03-30 18:23:51 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-30 22:23 ComboFix2.txt 2011-03-29 10:16 . Pre-Run: 14,090,629,120 bytes free Post-Run: 14,085,115,904 bytes free . - - End Of File - - 379CB6738DBD8D9247489DEA43D1D2A2 Thank you fro your help and I await for your next set of instructions.
  6. Unfortunately I am at work & don't have acces to PC. Will run ComboFix when I get home from work. Thanks
  7. Elise That worked! I am able to open programs from the Infected (Mia) Profile. Should I try and run ComboFix from this profile? Also of Note: when I logged into my profile to download Fixexe.reg I had a notice from Symantec Endpoint that had to quarantine a virus named "xp antivirus" when I logged off and went to Infected profile another message about virus. Quarantine Info below. Quarantine was successful. Orig location C:\documents and settings\Mia\Application data\Sun\Java\Deployment\cache\6.0\18\ Status Infected File creation date 3/27/2011 9:54pm
  8. Extra.txt OTL Extras logfile created on: 3/29/2011 6:24:37 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ralph\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 34.44 Gb Total Space | 13.18 Gb Free Space | 38.26% Space Free | Partition Type: NTFS Drive F: | 232.83 Gb Total Space | 127.52 Gb Free Space | 54.77% Space Free | Partition Type: FAT32 Computer Name: DHK63961 | User Name: Ralph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-4026196191-3336553544-1490517194-1006\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.) "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation) "C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation) "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- (America Online, Inc) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- (America Online, Inc.) "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- (America Online, Inc.) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.) "C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections "{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 23 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3 "{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files "{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet! "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience "{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Fran
  9. Hi Did what you asked but combofix would not run under the infected profile (Mia). The "Open With" dialogue box opened, when I hit cancel it would not close. I then clicked on combofix on desk top but still would not run. When I tried to cancel would not end so I had to open Task Manager and end the Task under applications tab. What next?
  10. Not sure what you mean by: "Two reports will open, copy and paste them in a reply here: OTListIt.txt <-- Will be opened Extra.txt <-- Will be minimized Post me only OTL.txt" So I will post OTL.txt here. If you need both let me know & I will post Extra.txt in next reply. OTL.Txt OTL logfile created on: 3/29/2011 6:24:37 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ralph\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 34.44 Gb Total Space | 13.18 Gb Free Space | 38.26% Space Free | Partition Type: NTFS Drive F: | 232.83 Gb Total Space | 127.52 Gb Free Space | 54.77% Space Free | Partition Type: FAT32 Computer Name: DHK63961 | User Name: Ralph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/03/29 18:23:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ralph\Desktop\OTL.exe PRC - [2011/03/17 03:15:04 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- F:\mias stuff\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010/04/23 00:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe PRC - [2010/04/16 21:06:38 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe PRC - [2010/04/16 21:01:54 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe PRC - [2010/01/25 15:35:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2008/06/12 02:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- F:\adobe\Acrobat\acrobat_sl.exe PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- F:\adobe\Acrobat\acrotray.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe PRC - [2004/09/15 03:01:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe PRC - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe PRC - [2004/01/07 03:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe PRC - [2003/05/02 21:06:44 | 000,053,248 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe PRC - [2003/05/02 20:46:04 | 000,270,336 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe ========== Modules (SafeList) ========== MOD - [2011/03/29 18:23:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ralph\Desktop\OTL.exe MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011/01/18 20:01:45 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- F:\mias stuff\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010/04/23 00:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2010/04/16 21:06:38 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService) SRV - [2010/04/01 20:47:08 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC) SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS) ========== Driver Services (SafeList) ========== DRV - [2010/12/16 05:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110328.038\NAVEX15.SYS -- (NAVEX15) DRV - [2010/12/16 05:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110328.038\NAVENG.SYS -- (NAVENG) DRV - [2010/10/22 17:43:45 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent) DRV - [2010/10/18 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010/10/18 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wpshelper.sys -- (WpsHelper) DRV - [2010/04/16 21:06:40 | 000,097,096 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant) DRV - [2010/04/16 21:03:24 | 000,043,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WPSDRVnt.sys -- (WPS) DRV - [2010/03/08 12:59:14 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspl.sys -- (SRTSPL) DRV - [2010/03/08 12:59:14 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtsp.sys -- (SRTSP) DRV - [2010/03/08 12:59:14 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspx.sys -- (SRTSPX) DRV - [2009/12/28 12:42:26 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Teefer2.sys -- (Teefer2) DRV - [2009/12/18 15:42:12 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2009/12/02 16:02:10 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.sys -- (COH_Mon) DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009/09/03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2009/04/30 19:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS) DRV - [2009/04/30 18:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV - [2009/04/30 18:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lv302af.sys -- (pepifilter) DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm) DRV - [2003/11/17 17:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2003/11/17 17:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf) DRV - [2003/11/17 17:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP) DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4026196191-3336553544-1490517194-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway IE - HKU\S-1-5-21-4026196191-3336553544-1490517194-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://andrewsullivan.theatlantic.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 14:47:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 14:47:55 | 000,000,000 | ---D | M] [2010/10/22 22:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ralph\Application Data\Mozilla\Extensions [2010/10/22 22:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ralph\Application Data\Mozilla\Firefox\Profiles\ysd10n3s.default\extensions [2011/03/27 22:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/10/23 09:38:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/01/29 08:06:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010/10/23 09:38:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2011/03/29 06:11:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found. O3 - HKU\S-1-5-21-4026196191-3336553544-1490517194-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] F:\adobe\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] F:\adobe\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [Dell AIO Printer A920] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation) O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [QuickTime Task] F:\mias stuff\Downloads\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4026196191-3336553544-1490517194-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4026196191-3336553544-1490517194-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-4026196191-3336553544-1490517194-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-4026196191-3336553544-1490517194-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287797477359 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\WINDOWS\SYSTEM32\acaptuser32.dll) - C:\WINDOWS\SYSTEM32\acaptuser32.dll (Adobe Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/08/08 09:59:46 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/29 18:23:19 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ralph\Desktop\OTL.exe [2011/03/29 06:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph\Desktop\Clean Files [2011/03/29 05:59:54 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/03/29 05:57:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/03/29 05:57:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/03/29 05:57:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/03/29 05:57:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/03/29 05:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/03/29 05:56:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/03/28 18:18:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2011/03/28 18:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph\Local Settings\Application Data\Google [2011/03/03 23:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2011/03/03 23:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/03/03 23:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011/03/03 23:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2011/03/03 23:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/03/29 18:23:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ralph\Desktop\OTL.exe [2011/03/29 18:21:37 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/03/29 18:16:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/03/29 18:13:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2011/03/29 18:13:30 | 3210,891,264 | -HS- | M] () -- C:\hiberfil.sys [2011/03/29 06:11:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts [2011/03/29 06:00:02 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI [2011/03/28 18:37:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/03/27 21:56:06 | 000,014,418 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\553267k63bm64pjb5fy53rbeb [2011/03/27 16:01:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2011/03/22 17:47:22 | 000,000,374 | ---- | M] () -- C:\WINDOWS\dellstat.ini [2011/03/18 03:01:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/03/18 02:00:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DHK63961-Mia.job [2011/03/13 12:42:56 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/03/13 11:22:54 | 000,384,596 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT [2011/03/13 11:22:54 | 000,054,280 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT [2011/03/05 11:34:52 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Ralph\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/03/29 06:00:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2011/03/29 05:59:59 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/03/29 05:57:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/03/29 05:57:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/03/29 05:57:03 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/03/29 05:57:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/03/29 05:57:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/03/28 17:57:18 | 3210,891,264 | -HS- | C] () -- C:\hiberfil.sys [2011/03/27 21:54:03 | 000,014,418 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\553267k63bm64pjb5fy53rbeb [2011/03/05 11:34:50 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Ralph\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/06 19:35:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/11/20 22:27:15 | 000,000,058 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2010/11/20 22:27:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat [2010/11/04 21:28:39 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/10/28 20:27:28 | 000,000,041 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2010/10/25 20:23:29 | 000,056,708 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/10/23 10:06:08 | 000,000,374 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2004/12/11 08:54:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/12/11 08:51:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2004/12/11 08:48:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/12/11 08:34:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT [2004/12/11 08:33:48 | 000,384,596 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT [2004/12/11 08:33:48 | 000,054,280 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT [2004/12/11 08:19:18 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 15:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI [2004/08/10 15:08:08 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/10 15:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/10 15:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/08/10 12:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN [2004/08/10 12:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT [2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT [2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT [2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT [2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN [2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT [2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT [2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI [2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT [2004/07/19 18:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE [2004/05/26 17:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE [2003/04/22 17:37:50 | 000,000,141 | ---- | C] () -- C:\WINDOWS\System32\DLBKPLC.INI [2003/01/07 23:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini [2002/11/13 21:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll [1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll ========== LOP Check ========== [2010/10/25 19:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM [2011/02/10 17:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData [2010/11/20 22:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games [2011/02/10 17:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2004/12/11 08:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2010/10/25 20:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/10/25 19:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mia\Application Data\acccore [2011/03/11 22:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mia\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/10/25 19:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mia\Application Data\Leadertech [2011/03/29 18:16:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== < End of report > Thanks for your help.
  11. Thanks for your help and I will wait for your next set of instructions. Also the reference to the external drive (F=Drive) was that some programs are run from there. Microsoft Office was installed on the F-Drive. I didn't know if that would make a difference on where to look for the problems. Pasted report below. ComboFix Report ComboFix 11-03-28.03 - Ralph 03/29/2011 6:01.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2507 [GMT -4:00] Running from: c:\documents and settings\Ralph\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wpcap.dll F:\Autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-29 ))))))))))))))))))))))))))))))) . . 2011-03-28 22:18 . 2011-03-28 22:18 -------- d--h--w- c:\windows\PIF 2011-03-28 22:06 . 2011-03-28 22:06 -------- d-----w- c:\documents and settings\Ralph\Local Settings\Application Data\Google 2011-03-28 21:43 . 2011-03-28 21:43 -------- d-----w- c:\documents and settings\Administrator 2011-03-27 20:07 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{47A5D248-4549-468B-B926-965574469385}\mpengine.dll 2011-03-12 02:44 . 2011-03-12 02:44 -------- d-----w- c:\documents and settings\Mia\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2011-03-04 03:52 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-03-04 03:52 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2011-03-04 03:50 . 2011-03-04 03:50 -------- d-----w- c:\program files\iPod 2011-03-04 03:50 . 2011-03-04 03:52 -------- d-----w- c:\program files\iTunes 2011-03-04 03:40 . 2011-03-04 03:40 -------- d-----w- c:\program files\Bonjour . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-18 21:36 . 2010-10-25 23:55 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-18 21:36 . 2010-10-25 23:55 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-11 06:54 . 2010-11-13 12:31 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-02-09 13:53 . 2004-08-04 11:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 11:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 22:11 . 2010-11-13 12:31 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-02-02 07:58 . 2004-08-04 11:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-04 11:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-04 11:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-04 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2004-08-04 11:00 1854976 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-05-06 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-05-06 118784] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560] "Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-03 270336] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "Adobe Acrobat Speed Launcher"="f:\adobe\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="f:\adobe\Acrobat\Acrotray.exe" [2008-06-12 640376] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648] "QuickTime Task"="f:\mias stuff\Downloads\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-12-11 24576] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SYSTEM32\acaptuser32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;f:\mias stuff\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/6/2010 2:19 AM 169408] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/22/2010 5:48 PM 102448] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/4/2010 9:27 PM 136176] S3 COH_Mon;COH_Mon;c:\windows\SYSTEM32\DRIVERS\COH_Mon.sys [12/2/2009 4:02 PM 23888] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232] . Contents of the 'Scheduled Tasks' folder . 2011-03-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-DHK63961-Mia.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 06:25] . 2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 01:27] . 2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 01:27] . 2011-03-29 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dell4me.com/myway uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Ralph\Application Data\Mozilla\Firefox\Profiles\ysd10n3s.default\ FF - prefs.js: browser.startup.homepage - hxxp://andrewsullivan.theatlantic.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - ORPHANS REMOVED - - - - . SafeBoot-Symantec Antvirus . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-29 06:12 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(5280) c:\windows\system32\WININET.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe c:\program files\Dell AIO Printer A920\dlbkbmon.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-03-29 06:16:29 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-29 10:16 . Pre-Run: 12,691,742,720 bytes free Post-Run: 14,122,147,840 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - AD867A53F4B7D876EB261ACEF3B554E4
  12. Elise Reports below: DDS Report . DDS (Ver_11-03-05.01) - NTFSx86 Run by Ralph at 18:19:26.26 on Mon 03/28/2011 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2489 [GMT -4:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe F:\mias stuff\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe F:\adobe\Acrobat\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Ralph\Desktop\dds.pif . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.dell4me.com/myway uDefault_Page_URL = hxxp://www.dell4me.com/myway uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe" mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide mRun: [Adobe Acrobat Speed Launcher] "f:\adobe\acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "f:\adobe\acrobat\Acrotray.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [QuickTime Task] "f:\mias stuff\downloads\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287797477359 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxsrvc.dll AppInit_DLLs: acaptuser32.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\ralph\applic~1\mozilla\firefox\profiles\ysd10n3s.default\ FF - prefs.js: browser.startup.homepage - hxxp://andrewsullivan.theatlantic.com/ FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: f:\mias stuff\downloads\plugins\npqtplugin.dll FF - plugin: f:\mias stuff\downloads\plugins\npqtplugin2.dll FF - plugin: f:\mias stuff\downloads\plugins\npqtplugin3.dll FF - plugin: f:\mias stuff\downloads\plugins\npqtplugin4.dll FF - plugin: f:\mias stuff\downloads\plugins\npqtplugin5.dll FF - plugin: f:\mias stuff\downloads\plugins\npqtplugin6.dll FF - plugin: f:\mias stuff\downloads\plugins\npqtplugin7.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ============= SERVICES / DRIVERS =============== . R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;f:\mias stuff\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-1-25 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-1-25 108392] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-4-23 1831024] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-22 102448] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110327.001\NAVENG.SYS [2011-3-27 86008] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110327.001\NAVEX15.SYS [2011-3-27 1360760] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-4 136176] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-12-2 23888] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 Normandy;Normandy SR2; [x] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-12-20 34064] . =============== Created Last 30 ================ . 2011-03-28 22:18:59 -------- d--h--w- c:\windows\PIF 2011-03-28 22:06:48 -------- d-----w- c:\docume~1\ralph\locals~1\applic~1\Google 2011-03-27 20:07:49 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{47a5d248-4549-468b-b926-965574469385}\mpengine.dll 2011-03-04 03:52:08 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-03-04 03:52:08 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2011-03-04 03:50:39 -------- d-----w- c:\program files\iPod 2011-03-04 03:50:33 -------- d-----w- c:\program files\iTunes 2011-03-04 03:40:07 -------- d-----w- c:\program files\Bonjour . ==================== Find3M ==================== . 2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 18:20:16.42 =============== Attach Report . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 10/22/2010 7:16:19 PM System Uptime: 3/28/2011 5:56:49 PM (1 hours ago) . Motherboard: Dell Inc. | | 0M3918 Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 34 GiB total, 12.006 GiB free. D: is CDROM () E: is CDROM () F: is FIXED (FAT32) - 233 GiB total, 127.524 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP143: 2/9/2011 11:27:14 PM - System Checkpoint RP144: 2/10/2011 3:30:43 PM - Installed Adobe Photoshop Elements 9. RP145: 2/11/2011 2:21:48 AM - Software Distribution Service 3.0 RP146: 2/12/2011 2:27:54 AM - System Checkpoint RP147: 2/13/2011 3:27:51 AM - System Checkpoint RP148: 2/14/2011 4:27:58 AM - System Checkpoint RP149: 2/15/2011 2:21:40 AM - Software Distribution Service 3.0 RP150: 2/15/2011 3:00:33 AM - Software Distribution Service 3.0 RP151: 2/16/2011 3:52:35 AM - System Checkpoint RP152: 2/17/2011 4:07:19 AM - System Checkpoint RP153: 2/18/2011 1:30:37 AM - Software Distribution Service 3.0 RP154: 2/19/2011 8:36:53 AM - System Checkpoint RP155: 2/21/2011 3:11:37 PM - System Checkpoint RP156: 2/22/2011 1:59:57 AM - Software Distribution Service 3.0 RP157: 2/23/2011 4:12:35 PM - System Checkpoint RP158: 2/24/2011 4:24:31 PM - System Checkpoint RP159: 2/25/2011 2:40:05 PM - Software Distribution Service 3.0 RP160: 2/25/2011 3:19:39 PM - Software Distribution Service 3.0 RP161: 2/26/2011 8:11:04 PM - System Checkpoint RP162: 2/27/2011 9:10:56 PM - System Checkpoint RP163: 3/1/2011 2:31:39 PM - Software Distribution Service 3.0 RP164: 3/1/2011 4:31:01 PM - Windows Defender Checkpoint RP165: 3/2/2011 9:14:24 PM - System Checkpoint RP166: 3/3/2011 10:21:49 PM - Removed iTunes RP167: 3/3/2011 10:50:19 PM - Installed iTunes RP168: 3/4/2011 2:19:41 AM - Software Distribution Service 3.0 RP169: 3/5/2011 10:51:57 AM - System Checkpoint RP170: 3/6/2011 1:40:02 PM - System Checkpoint RP171: 3/8/2011 4:01:31 PM - Software Distribution Service 3.0 RP172: 3/9/2011 4:42:25 PM - System Checkpoint RP173: 3/9/2011 11:17:47 PM - Software Distribution Service 3.0 RP174: 3/11/2011 2:58:10 PM - System Checkpoint RP175: 3/11/2011 3:03:05 PM - Software Distribution Service 3.0 RP176: 3/13/2011 12:03:10 PM - System Checkpoint RP177: 3/13/2011 12:09:52 PM - Windows Defender Checkpoint RP178: 3/14/2011 2:44:20 PM - System Checkpoint RP179: 3/15/2011 3:31:27 PM - Software Distribution Service 3.0 RP180: 3/16/2011 6:18:11 PM - System Checkpoint RP181: 3/18/2011 1:55:44 AM - Software Distribution Service 3.0 RP182: 3/18/2011 3:00:26 AM - Software Distribution Service 3.0 RP183: 3/19/2011 1:25:43 PM - System Checkpoint RP184: 3/21/2011 5:05:17 PM - System Checkpoint RP185: 3/22/2011 2:50:04 PM - Software Distribution Service 3.0 RP186: 3/23/2011 11:21:50 PM - Software Distribution Service 3.0 RP187: 3/27/2011 4:07:33 PM - Software Distribution Service 3.0 RP188: 3/27/2011 10:14:08 PM - Windows Defender Checkpoint . ==== Installed Programs ====================== . ABBYY FineReader 5.0 Sprint Adobe Acrobat - Reader 6.0.2 Update Adobe Acrobat 9 Pro Extended - English, Fran
  13. The family computer has the xp antivirus 2011. On my daughters profile I was not able to run MB or even get on the internet with Firefox or IE. I logged off and logged on to my profile and ran MB. See log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6188 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 3/27/2011 10:28:59 PM mbam-log-2011-03-27 (22-28-59).txt Scan type: Quick scan Objects scanned: 178907 Time elapsed: 6 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\Mia\local settings\application data\agy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\Mia\local settings\application data\dlx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. When I restarted PC I logged into my daughters profile & nothing runs. I try to start MB the "Open With" dialogue box opens. I trry to run firefox, same thing. Also I get an alert that automatic updates is off, but I am not able to turn it on. I tried to run windows update and get this message: The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem. Hope you can help.
  14. When trying to log on to PC the following messages appears: Value creation failed at line 599. I click Ok & get: windows cannot load user's profile but has logged on with a default profile for system DETAIL: Insufficient system resources to complete the requested services Click OK and get Copy of Windows must be activated with microsoft before you can logon. Do you want to activate widows now? Click on yes get: A problem is preventing windows from accurately checking the license for this computer I thought the profile might have been corrupted so I boot up in safe mode. Created a new profile and get same messages. Got any ideas? I posted this question before and was refered to the "Malware Removal - HijackThis Logs" Topic here: http://forums.malwarebytes.org/index.php?s...c=67753&hl= I went there and Gammo says I am now clean but Windows still won't load. Topic here: http://forums.malwarebytes.org/index.php?s...c=67816&hl= Also back in October I had virus problems that I thought was taken care of. Topic here: http://forums.malwarebytes.org/index.php?s...c=65811&hl= This is a dell dimension 4800, running windows XP Home edition, Service Pack 3 Any help appreciated.
  15. Gammo Got your reply and when I get off work I will head over to my mother-in-law and clean up. Only one problem ... the issue of not being able to get on the pc remains. If I try and boot up in normal mode I still get the errors that sent me here in the first place. From my original post: "I started in the PC Help forum and was sent here. It appears as tho I am infected. When trying to log on to PC the following messages appears: Value creation failed at line 599. click Ok & get: Windows cannot load user's profile but has logged on with a default profile for system DETAIL: Insufficient system resources to complete the requested services Click OK and get Copy of Windows must be activated with microsoft before you can logon. Do you want to activate widows now? Click on yes get: A problem is preventing windows from accurately checking the license for this computer I boot up in safe mode. Created a new profile, restarted PC and get same messages. Little more info, I few weeks ago I had virus problems that I thought was taken care of. Topic here: http://forums.malwarebytes.org/index.php?s...c=65811&hl= Also this is not my PC. I am helping my mother in law. She said things were fine until yesterday when the messages above appeared. The PC is a Dell Dimension 4800, running XP Home edition, Service Pack 3" What now?
  16. Gammo MBytes Log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5166 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.11 11/21/2010 5:29:04 PM mbam-log-2010-11-21 (17-29-04).txt Scan type: Quick scan Objects scanned: 174155 Time elapsed: 6 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I ran the ESET scan - no threats found. There was no option to list threats found.
  17. Gammo ComboFix Log File: ComboFix 10-11-20.06 - Administrator 11/21/2010 7:33.2.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.369 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\MailSwitch.ocx . ((((((((((((((((((((((((( Files Created from 2010-10-21 to 2010-11-21 ))))))))))))))))))))))))))))))) . 2010-11-21 12:24 . 2010-11-21 12:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit 2010-11-18 23:20 . 2010-11-18 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-11-15 23:24 . 2010-11-15 23:24 -------- d-----w- c:\documents and settings\Helen-New 2010-11-15 23:19 . 2010-11-15 23:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software 2010-10-30 20:13 . 2010-10-30 20:13 -------- d-----w- c:\windows\system32\XPSViewer 2010-10-30 20:13 . 2010-10-30 20:13 -------- d-----w- c:\program files\MSBuild 2010-10-30 20:13 . 2010-10-30 20:13 -------- d-----w- c:\program files\Reference Assemblies 2010-10-30 20:12 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-10-30 20:11 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-10-30 20:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-10-30 20:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-10-30 20:11 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-10-30 20:11 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-10-30 20:11 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-10-30 20:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-10-30 20:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2010-10-30 20:11 . 2010-10-30 20:12 -------- d-----w- C:\21a92121b0c90e76e74c 2010-10-28 22:45 . 2010-10-28 22:45 -------- d-----w- c:\program files\ESET 2010-10-24 14:52 . 2010-10-24 14:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2010-10-23 22:56 . 2010-10-23 22:56 -------- d-----w- c:\documents and settings\Helen\Application Data\MSNInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 16:23 . 2002-08-29 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2002-08-29 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2002-08-29 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2002-08-29 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-15 08:50 . 2010-10-16 16:37 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 06:29 . 2010-01-29 00:41 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-09-09 13:38 . 2004-08-24 00:32 832512 ----a-w- c:\windows\system32\wininet.dll 2010-09-09 13:38 . 2002-08-29 10:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-09 13:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-09-09 13:38 . 2002-08-29 10:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-09-08 15:57 . 2004-08-04 05:59 389120 ----a-w- c:\windows\system32\html.iec 2010-09-01 11:51 . 2002-08-29 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2003-07-15 21:01 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2002-08-29 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57 . 2002-08-29 10:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 13:39 . 2002-08-29 10:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-26 12:52 . 2009-04-16 12:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12 . 2002-08-29 10:00 617472 ----a-w- c:\windows\system32\comctl32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 50688] "Motive SmartBridge"="c:\progra~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2005-05-22 385024] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Verizon Online Support Center.lnk - c:\program files\Verizon Online\bin\matcli.exe [2004-12-27 204800] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= S0 egjptm;egjptm;c:\windows\system32\drivers\jvfv.sys --> c:\windows\system32\drivers\jvfv.sys [?] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 3:18 PM 169192] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dell4me.com/myway DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS REMOVED - - - - HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-21 07:38 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-11-21 07:41:05 ComboFix-quarantined-files.txt 2010-11-21 12:40 Pre-Run: 62,568,865,792 bytes free Post-Run: 62,896,418,816 bytes free - - End Of File - - DA099E4682F5E255255DCB893591A5AD I await your response.
  18. Hi Gammo I was not able to get the GMER Report. I am in the safe mode and the screen resolution (640 x 480) does not allow me to see the save button. I wil try and get a larger monitor & run the report later. Here are the 2 reports you asked for. Thanks for your help MGADiag Log: Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Status: Genuine Validation Code: 0 Cached Validation Code: N/A Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw= Windows Product ID: 55277-OEM-2111907-00102 Windows Product ID Type: 2 Windows License Type: OEM SLP Windows OS version: 5.1.2600.2.00010300.3.0.hom ID: {07596F03-D98D-4903-9DE0-F1372B5B873E}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: Registered, 1.7.69.2 Signed By: Microsoft Product Name: N/A Architecture: N/A Build lab: N/A TTS Error: N/A Validation Diagnostic: 025D1FF3-230-1 Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A Version: N/A Windows XP Notifications Data--> Cached Result: 0 File Exists: Yes Version: 1.7.18.5 WgaTray.exe Signed By: Microsoft WgaLogon.dll Signed By: Microsoft OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 100 Genuine Microsoft Word 2002 - 100 Genuine OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Default Browser: C:\Program Files\Internet Explorer\iexplore.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x800b0003] File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x800b0003] File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x800b0003] Other data--> Office Details: <GenuineResults><MachineData><UGUID>{07596F03-D98D-4903-9DE0-F1372B5B873E}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>55277-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-2643561451-4151149066-2453194030</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Dimension 4600i </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A10</Version><SMBIOSVersion major="2" minor="3"/><Date>20040517000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>31C93CE701848053</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Computer Corporation</name><model>Dell DIMENSION DIM4600</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.18.5"/><File Name="WgaLogon.dll" Version="1.7.18.5"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{911B0409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Word 2002</Name><Ver>10</Ver><Val>62A4EAC3B9ACA0A</Val><Hash>oYFJkmRdgrdNVD6wKZKJMnTn5To=</Hash><Pid>54189-OEM-1650002-00005</Pid><PidType>16</PidType></Product></Products><Applications><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults> Licensing Data--> N/A Windows Activation Technologies--> N/A HWID Data--> N/A OEM Activation 1.0 Data--> BIOS string matches: yes Marker string from BIOS: 1B1D0:Dell Inc|1B1D0:Microsoft Corporation Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System OEM Activation 2.0 Data--> N/A WVCheck Log: Windows Validation Check Version: 1.9.11.4 Log Created On: 1822_18-11-2010 ----------------------- Windows Information ----------------------- Windows Version: Windows XP Service Pack 3 Windows Mode: Safe Mode with Networking Systemroot Path: C:\WINDOWS WVCheck's Auto Update Check ----------------------- Auto-Update Option: Download updates and install them automatically. ----------------------- Last Success Time for Update Detection: 2010-11-13 09:31:47 Last Success Time for Update Download: 2010-11-10 13:28:48 Last Success Time for Update Installation: 2010-11-01 07:34:01 WVCheck's Registry Check Check ----------------------- Antiwpa: Not Found ----------------------- Chew7Hale: Not Found ----------------------- WVCheck's File Dump ----------------------- C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\crypt.dll Size: 765952 bytes Creation; 24/8/2005 18:38:59 Modification; 24/8/2005 18:39:1 MD5; 32a09203631e7a8fa21d711639b851ee Matched: crypt.dll ----------------------- WVCheck's Dir Dump ----------------------- WVCheck found no known bad directories. WVCheck's Missing File Check ----------------------- WVCheck found no missing Windows files. WVCheck's MBAM Quarantine Check ----------------------- There were no bad files quarantined by MBAM. WVCheck's HOSTS File Check ----------------------- WVCheck found no bad lines in the hosts file. WVCheck's MD5 Check EXPERIMENTAL!! ----------------------- user32.dll - b26b135ff1b9f60c9388b4a7d16f600b -------- End of File, program close at 1824_18-11-2010 --------
  19. I started in the PC Help forum and was sent here. It appears as tho I am infected. When trying to log on to PC the following messages appears: Value creation failed at line 599. click Ok & get: Windows cannot load user's profile but has logged on with a default profile for system DETAIL: Insufficient system resources to complete the requested services Click OK and get Copy of Windows must be activated with microsoft before you can logon. Do you want to activate widows now? Click on yes get: A problem is preventing windows from accurately checking the license for this computer I boot up in safe mode. Created a new profile, restarted PC and get same messages. Little more info, I few weeks ago I had virus problems that I thought was taken care of. Topic here: http://forums.malwarebytes.org/index.php?s...c=65811&hl= Also this is not my PC. I am helping my mother in law. She said things were fine until yesterday when the messages above appeared. The PC is a Dell Dimension 4800, running XP Home edition, Service Pack 3 Latest MB Scan Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5122 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.11 11/15/2010 7:39:01 PM mbam-log-2010-11-15 (19-39-01).txt Scan type: Quick scan Objects scanned: 167920 Time elapsed: 7 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\funwebproductsinstaller.start (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproductsinstaller.start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1d4db7d1-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{1d4db7d0-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\Helen\Local Settings\Temporary Internet Files\Content.IE5\7L6G3U13\MyFunCards[1].exe (PUP.FunWebProducts) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. DDS Log: DDS (Ver_10-11-10.01) - NTFSx86 NETWORK Run by Administrator at 20:13:06.76 on Mon 11/15/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.384 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Administrator\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.dell4me.com/myway uDefault_Page_URL = hxxp://www.dell4me.com/myway BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe mRun: [Motive SmartBridge] c:\progra~1\verizo~1\smartb~1\MotiveSB.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\verizo~1.lnk - c:\program files\verizon online\bin\matcli.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: igfxcui - igfxdev.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll ============= SERVICES / DRIVERS =============== S0 egjptm;egjptm;c:\windows\system32\drivers\jvfv.sys --> c:\windows\system32\drivers\jvfv.sys [?] S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200] S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096] S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808] S2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008] S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160] S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101112.002\naveng.sys [2010-11-12 86064] S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101112.002\navex15.sys [2010-11-12 1371184] S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192] =============== Created Last 30 ================ 2010-11-15 23:19:49 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\BVRP Software 2010-10-30 20:13:26 -------- d-----w- c:\windows\system32\XPSViewer 2010-10-30 20:12:43 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-10-30 20:11:57 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-10-30 20:11:57 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-10-30 20:11:57 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-10-30 20:11:57 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-10-30 20:11:57 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-10-30 20:11:57 117760 ------w- c:\windows\system32\prntvpt.dll 2010-10-30 20:11:56 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-10-30 20:11:56 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2010-10-30 20:11:54 -------- d-----w- C:\21a92121b0c90e76e74c 2010-10-28 22:45:31 -------- d-----w- c:\program files\ESET 2010-10-27 22:20:34 -------- d-sha-r- C:\cmdcons 2010-10-24 14:52:50 -------- d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com ==================== Find3M ==================== 2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 06:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll 2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec 2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll ============= FINISH: 20:14:23.65 =============== "Attach" Log attached. I ran GMER but there was no save button visible. Only options were OK & CANCEL. I hit OK and GMER closed. Scanned again, there is no SAVE button. I think since I am running in safe mode, settings are so large that I am not able to scroll lower to the SAVE button. When I get home from work I will bring another monitor over to my mom-in-law and see if I am able to view SAVE button. If so I will attach after someone has responded, so as not to mess up the post count. In the meantime I thought I would post what I have. Thanks in advance for your help. Looking forward to solving this problem. Attach.zip
  20. I ran a quick scan of MB. Log posted below. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5122 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.11 11/15/2010 7:39:01 PM mbam-log-2010-11-15 (19-39-01).txt Scan type: Quick scan Objects scanned: 167920 Time elapsed: 7 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\funwebproductsinstaller.start (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproductsinstaller.start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1d4db7d1-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{1d4db7d0-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\Helen\Local Settings\Temporary Internet Files\Content.IE5\7L6G3U13\MyFunCards[1].exe (PUP.FunWebProducts) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
  21. I don't now what happened to profile. Just get messages in my first post. PC appears to be loading till I click on profile name, then messages come up.
  22. Operating System: Windows XP Home edition SP3
  23. when trying to log on to PC the following messages appears: Value creation failed at line 599. click Ok & get: windows cannot load user's profile but has logged on with a default profile for system DETAIL: Insufficient system resources to complete the requested services Click OK and get Copy of Windows must be activated with microsoft before you can logon. Do you want to activate widows now? Click on yes get: A problem is preventing windows from accurately checking the license for this computer I boot up in safe mode. Created a new profile and get same messages. Got any ideas? Little more info, I few weeks ago I had virus problems that I thought was taken care of. Topic here: http://forums.malwarebytes.org/index.php?s...c=65811&hl= Also this is not my PC. I am helping my mother in law. She said things were fine until yesterday when the messages above appeared. Don't know if this is a PC problem or a Virus. This is a dell dimension 4800, running windows XP Home edition, Service Pack 3 Any help appreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.