Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot connect to Internet


  • Please log in to reply

#1
john545

john545

    Member

  • Member
  • PipPip
  • 72 posts
Hi and thanks in advance for your help. Broni suggested I move this post to this forum topic.

Laptop with XP SP3 has no connectivity with browser or email over wire line DSL. XP diagnostics says "error 12029. No HTTP connectivity". The line is good since I can get connectivity just fine when using a 2nd computer and a wireless connection to the same modem.

The Network Connections page in Control Panel shows LAN connection status as "enabled" on 2-wire gateway. The Broadband status shows "connected and firewalled". I tried creating a new connection, but that had the same problem.

I have followed the steps in Malware Guide and did manage to to clean some trojans and malware, but I may have missed something that is locking up my port.

As requested here are logs:

MALWAREBYTES
Malwarebytes' Anti-Malware 1.46
Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/29/2010 4:32:17 PM
mbam-log-2010-08-29 (16-32-17).txt

Scan type: Quick scan
Objects scanned: 126207
Time elapsed: 18 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-29 19:14:45
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\LILTON~1.FRE\LOCALS~1\Temp\ugldapoc.sys

---- System - GMER 1.0.15 ----

SSDT IPVNMon.sys (IPVNMon/Visual Networks) ZwDeviceIoControlFile [0xF7519803]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

OTL

OTL logfile created on: 8/29/2010 4:04:30 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 37.00% Memory free
921.00 Mb Paging File | 589.00 Mb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.89 Gb Total Space | 15.09 Gb Free Space | 54.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 247.22 Mb Total Space | 234.00 Mb Free Space | 94.65% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PUCKETT
Current User Name: Lilton Puckett
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\2Wire\2PortalMon.exe (2Wire, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Dell\AccessDirect\DadApp.exe ()
PRC - C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\SynTPFcs.dll (Synaptics, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\hpzipm12.exe (HP)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (MpFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (2WIREPCP) -- C:\WINDOWS\SYSTEM32\DRIVERS\2WirePCP.sys (2Wire, Inc.)
DRV - (MagicTune) -- C:\WINDOWS\SYSTEM32\DRIVERS\MTictwl.sys ()
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (SynTP) -- C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (tfsnudfa) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys (Sonic Solutions)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Inc)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys (Sonic Solutions)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys (SigmaTel, Inc.)
DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (Icam4USB) -- C:\WINDOWS\SYSTEM32\DRIVERS\Icam4USB.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577



O1 HOSTS File: ([2005/01/13 21:23:33 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - Disabled:{5CA3D70E-1895-11CF-8E15-001234567890} - No CLSID value found.
O2 - BHO: (no name) - Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - Disabled:{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll File not found
O4 - HKLM..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe (2Wire, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BuildBU] c:\DELL\BLDBUBG.EXE ()
O4 - HKLM..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\DadApp.exe ()
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} http://download.yaho...rod/yregcfg.cab (RegConfig Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (YAddBook Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Lilton Puckett.FRECKLES\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lilton Puckett.FRECKLES\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/02 22:08:06 | 000,618,945 | ---- | M] () - E:\Autoruns.zip -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/29 15:50:52 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\OTL.exe
[2010/08/01 21:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/08/01 21:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Local Settings\Application Data\PCHealth
[2010/08/01 21:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2010/08/01 21:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/08/01 21:47:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/01 21:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/01 21:09:54 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\WINDOWS\System32\wbocx.ocx
[2010/08/01 21:09:54 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbhelp2.dll
[2010/08/01 21:09:53 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\WINDOWS\System32\anim.dll
[2010/08/01 21:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinUtilities
[2010/08/01 19:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Application Data\Malwarebytes
[2010/08/01 19:46:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/01 19:46:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/01 19:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/01 19:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/02 20:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Local Settings\Application Data\trkkwhsfw

========== Files - Modified Within 90 Days ==========

[2010/08/29 15:56:22 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/29 15:53:28 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/08/29 15:49:20 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/08/29 15:48:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/29 15:48:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/08/29 15:48:19 | 400,973,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/29 15:42:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\OTL.exe
[2010/08/07 23:11:43 | 003,145,728 | ---- | M] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\ntuser.dat
[2010/08/07 23:11:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\NTUSER.INI
[2010/08/02 23:55:31 | 003,145,728 | ---- | M] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\ntuser.dat.regbk109
[2010/08/02 23:50:53 | 000,000,046 | ---- | M] () -- C:\WINDOWS\System32\_WKERNEL.SYL
[2010/08/02 23:48:13 | 003,145,728 | ---- | M] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\ntuser.bak
[2010/08/02 22:42:12 | 000,000,570 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/08/02 22:42:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/08/02 22:42:12 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2010/08/02 22:08:06 | 000,618,945 | ---- | M] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\Autoruns.zip
[2010/08/01 21:49:00 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/08/01 21:47:10 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\NTREGOPT.lnk
[2010/08/01 21:47:10 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\ERUNT.lnk
[2010/08/01 21:10:01 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinUtilities.lnk
[2010/08/01 19:47:00 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 22:23:22 | 000,544,768 | ---- | M] (Stardock Corporation) -- C:\WINDOWS\System32\wbocx.ocx
[2010/07/25 22:23:22 | 000,056,496 | ---- | M] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbhelp2.dll
[2010/07/25 22:23:22 | 000,033,968 | ---- | M] (Neil Banfield) -- C:\WINDOWS\System32\anim.dll
[2010/07/25 22:23:20 | 000,000,439 | ---- | M] () -- C:\WINDOWS\System32\shfolder.inf
[2010/06/11 02:36:34 | 000,231,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 16:32:53 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2010/08/07 15:12:56 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/08/02 23:35:05 | 000,618,945 | ---- | C] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\Autoruns.zip
[2010/08/01 22:05:32 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/01 21:58:58 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\ntuser.dat.regan613.LOG
[2010/08/01 21:52:20 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\ntuser.tmp.LOG
[2010/08/01 21:49:00 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/08/01 21:47:10 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\NTREGOPT.lnk
[2010/08/01 21:47:10 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\ERUNT.lnk
[2010/08/01 21:10:54 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\_WKERNEL.SYL
[2010/08/01 21:10:01 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinUtilities.lnk
[2010/08/01 21:09:53 | 000,000,439 | ---- | C] () -- C:\WINDOWS\System32\shfolder.inf
[2010/08/01 19:47:00 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2005/03/13 13:52:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2005/03/13 13:33:18 | 000,025,294 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys
[2005/01/13 20:14:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/12/25 15:17:41 | 000,003,364 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/07/12 14:53:19 | 000,000,290 | ---- | C] () -- C:\WINDOWS\Net2fone.ini
[2004/07/03 20:57:14 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Local Settings\Application Data\fusioncache.dat
[2004/07/03 16:05:40 | 000,013,450 | ---- | C] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Application Data\wklnhst.dat
[2004/06/08 02:29:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/08 02:14:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/08 02:07:20 | 000,000,229 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/08 02:04:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/06/08 02:02:42 | 000,000,839 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/06/08 01:41:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/08 01:41:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/06/08 01:17:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 14:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/05 00:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/07/14 12:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll

========== LOP Check ==========

[2006/12/14 20:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/11/05 21:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/30 15:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Application Data\InterTrust
[2006/07/16 15:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Application Data\Leadertech
[2007/08/04 18:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Application Data\Learn2.com
[2007/04/28 18:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Application Data\Viewpoint
[2010/08/29 15:56:22 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/08/29 15:53:28 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2002/09/03 06:59:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/01/15 19:13:09 | 000,004,309 | ---- | M] () -- C:\avgun.log
[2010/08/02 22:42:12 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2002/09/03 06:38:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2007/08/04 15:10:19 | 000,008,360 | ---- | M] () -- C:\caavsetup.log
[2002/09/03 06:59:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/06/08 01:28:04 | 000,004,955 | RH-- | M] () -- C:\DELL.SDR
[2006/04/20 18:48:44 | 000,001,208 | ---- | M] () -- C:\Games0.bmp
[2001/09/05 23:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2010/08/29 15:48:19 | 400,973,824 | -HS- | M] () -- C:\hiberfil.sys
[2002/09/03 06:59:58 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/06/25 22:25:14 | 000,000,853 | -H-- | M] () -- C:\IPH.PH
[2006/04/20 18:49:38 | 000,000,636 | ---- | M] () -- C:\Movies0.bmp
[2002/09/03 06:59:58 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/07/12 14:53:46 | 000,000,000 | ---- | M] () -- C:\N2PActiveX.log
[2004/09/11 21:45:03 | 000,019,098 | ---- | M] () -- C:\N2pInst.log
[2004/07/12 14:53:21 | 000,001,152 | ---- | M] () -- C:\N2PSelfExtractor.log
[2005/02/05 16:31:02 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/18 17:10:53 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/08/29 15:48:17 | 603,979,776 | -HS- | M] () -- C:\pagefile.sys
[2006/04/20 18:49:37 | 000,000,584 | ---- | M] () -- C:\ScreensaversMarketingSitePager0.bmp

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2002/09/03 06:59:02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2007/11/22 19:12:20 | 000,278,016 | ---- | M] ( ) -- C:\WINDOWS\BONSAI_SS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >
[2004/05/18 11:49:54 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Yahoo! Bookmarks.url

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2002/09/03 06:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 06:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 06:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/10/18 17:41:20 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2005/02/05 16:58:33 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2004/06/24 20:07:06 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/08/29 15:42:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2002/08/29 03:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/02/05 16:58:33 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-09 23:33:12
< End of report >

OTL EXTRAS

OTL Extras logfile created on: 8/29/2010 3:52:01 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 79.00 Mb Available Physical Memory | 21.00% Memory free
921.00 Mb Paging File | 597.00 Mb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.89 Gb Total Space | 15.09 Gb Free Space | 54.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 247.22 Mb Total Space | 234.00 Mb Free Space | 94.65% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PUCKETT
Current User Name: Lilton Puckett
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~4\OFFICE11\msohtmed.exe" %1 File not found
htmlfile [print] -- "C:\PROGRA~1\MICROS~4\OFFICE11\msohtmed.exe" /p %1 File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1C04D433-2EDF-4AFB-B31B-C0B13065092F}" = MagicTune 2.5
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 19
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3B29A786-5803-4e9e-9B58-3014A5B4E519}" = Norton AntiSpam
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{417B79C9-CDB4-477F-952D-840CEFC57A6C}" = AccessDirect
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5677563D-0CB1-485f-9E18-C5025306BB3F}" = Norton AntiSpam
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{7AD35FDD-A268-44b7-9A8E-4677020CC90B}" = 1300Tour
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{980606BB-A475-4a85-A665-6E30DB2F28B3}" = 1300Trb
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A71822CD-7F77-46a3-B761-D6BA35245E95}" = 1300
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BF0F5955-FC76-4F85-A13D-C9A8A9A5E067}" = iLumina Bible
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB83F10A-D02A-4aba-8843-ACAB50D48216}" = 1300_Help
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}" = Natural Color
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities 9.81 Professional Edition
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"2Wire SetupWiz" = SBC Yahoo! DSL Home Networking Installer
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (766)
"ERUNT_is1" = ERUNT 1.1j
"HP Photo & Imaging" = HP Image Zone 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Essentials" = Microsoft Security Essentials
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SBC Yahoo! Applications" = SBC Yahoo! Applications
"SBC Yahoo! DSL Activation" = SBC Yahoo! DSL Activation
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"Windows XP Service Pack" = Windows XP Service Pack 3
"Works2004Setup" = Microsoft Works 2004 Setup Launcher

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/3/2010 2:58:01 AM | Computer Name = PUCKETT | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 8/3/2010 3:01:55 AM | Computer Name = PUCKETT | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 8/3/2010 3:01:58 AM | Computer Name = PUCKETT | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 8/3/2010 3:01:59 AM | Computer Name = PUCKETT | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 8/7/2010 5:30:29 PM | Computer Name = PUCKETT | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024001b, P2 enddownload, P3 download, P4
2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 8/7/2010 5:31:16 PM | Computer Name = PUCKETT | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 8/7/2010 5:40:15 PM | Computer Name = PUCKETT | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 8/7/2010 5:57:01 PM | Computer Name = PUCKETT | Source = Application Hang | ID = 1002
Description = Hanging application msseces.exe, version 1.0.1963.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/7/2010 6:47:30 PM | Computer Name = PUCKETT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/8/2010 12:55:16 AM | Computer Name = PUCKETT | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6004.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 8/3/2010 3:01:58 AM | Computer Name = PUCKETT | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft....DE-D861FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 8/7/2010 5:30:27 PM | Computer Name = PUCKETT | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%853

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024001b Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.

Error - 8/7/2010 5:30:27 PM | Computer Name = PUCKETT | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%853

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024001b Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.

Error - 8/7/2010 5:37:58 PM | Computer Name = PUCKETT | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source
Path: http://go.microsoft....DE-D861FCBCFCDE

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x800b0100 Error description: No signature
was present in the subject.

Error - 8/7/2010 5:37:59 PM | Computer Name = PUCKETT | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source
Path: http://go.microsoft....DE-D861FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x800b0100 Error description: No signature
was present in the subject.

Error - 8/7/2010 5:37:59 PM | Computer Name = PUCKETT | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source
Path: http://go.microsoft....DE-D861FCBCFCDE

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x800b0100 Error description: No signature
was present in the subject.

Error - 8/7/2010 5:37:59 PM | Computer Name = PUCKETT | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source
Path: http://go.microsoft....DE-D861FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x800b0100 Error description: No signature
was present in the subject.

Error - 8/7/2010 6:01:20 PM | Computer Name = PUCKETT | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 8/8/2010 12:55:13 AM | Computer Name = PUCKETT | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.

Error - 8/29/2010 6:50:33 PM | Computer Name = PUCKETT | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

< End of report >
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello john545,

Welcome to the Malware forum.

Firstly, please go to Start > Control Panel >Add or Remove Programs (Programs and Features if you are a Vista user) and uninstall the following if they exist:

Viewpoint, Viewpoint Manager, Viewpoint Media Player.:

Viewpoint Manager is considered to be foistware. You can go to the link below to read about it.

http://www.clickz.com/news/article.php/3561546

Next

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
john545

john545

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hi,

Sorry, but I have been unable to download Combofix. It gets almost to the end of the download then an error message comes up saying "Cannot copy Combofix. Access is denied. Make sure the disk is not full or write-protected, and that the file is not currently in use." I've tried both links without success.

John

Edited by john545, 02 September 2010 - 11:03 PM.

  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi john545,

Number of possibilities for that.

Firstly check that there isn't any program... anti-virus, anti-spyware or firewall on your machine stopping it.

I wonder if this one might need turning off: Dell - Advanced Desktop Engineering

I have pm'd you about another possibility.
  • 0

#5
john545

john545

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hi again, and thanks for the help. Viewpoint files are deleted. And I was finally able to download ComboFix by simply turning off McAfee. Unfortunately I could not download the Recovery Console since the PC will not connect to the internet.

ComboFix log:

ComboFix 10-09-09.04 - Lilton Puckett 09/10/2010 23:00:39.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.221 [GMT -7:00]
Running from: c:\documents and settings\Lilton Puckett.FRECKLES\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 16:50 . 2004-06-08 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-08-02 04:49 . 2010-08-02 04:48 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-02 04:47 . 2010-08-02 04:47 -------- d-----w- c:\program files\ERUNT
2010-08-02 04:46 . 2010-08-02 04:09 -------- d-----w- c:\program files\WinUtilities
2010-08-02 03:59 . 2004-07-03 07:24 -------- d-----w- c:\program files\Yahoo!
2010-08-02 03:59 . 2010-02-22 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-02 02:47 . 2010-08-02 02:47 -------- d-----w- c:\documents and settings\Lilton Puckett.FRECKLES\Application Data\Malwarebytes
2010-08-02 02:47 . 2010-08-02 02:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 02:46 . 2010-08-02 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-26 05:23 . 2010-08-02 04:09 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-07-26 05:23 . 2010-08-02 04:09 33968 ----a-w- c:\windows\system32\anim.dll
2010-07-26 05:23 . 2010-08-02 04:09 258352 ----a-w- c:\windows\system32\unicows.dll
2010-07-26 05:23 . 2010-08-02 04:09 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-07-26 05:23 . 2010-08-02 04:09 2272 ----a-w- c:\windows\system32\W95INF16.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-14 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2004-03-04 211828]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"BuildBU"="c:\dell\bldbubg.exe" [2004-02-19 61440]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 50688]
"IPInSightMonitor 01"="c:\program files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 98304]
"2wSysTray"="c:\program files\2Wire\2PortalMon.exe" [2004-09-15 393216]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 22:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 07:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 08:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 23:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-08-05 01:28 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-10-06 15:05 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-12-12 19:22 217088 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-06-08 09:11 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 04:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://as.weatherstudio.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwfLYZRZ8Id0VX+iWljMnqy+7UPvYP6GYo0Wb/xTjIRZHZv9Ksj3miBlWfsnEgFmyXXXpyXkbdR2lg1hNsHMPly/G12Yu3kMTehcPdcmFWZ7x0ua1JakE/TQ==
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 23:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3280)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-09-10 23:17:16
ComboFix-quarantined-files.txt 2010-09-11 06:17
ComboFix2.txt 2010-09-10 17:21

Pre-Run: 16,396,800,000 bytes free
Post-Run: 16,382,898,176 bytes free

- - End Of File - - 919D73FDF4DD7718E869DEE6D6991DC7
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello john545,

Looks like ComboFix ran twice. We really need to have a look at the first run.

Try looking in :\Qoobox folder (most likely C:\Qoobox\ComboFix.txt) and pasting the contents of the text file back here. Note: ComboFix.txt are numbered so if there was more than one run for instance you might find C:\Qoobox\ComboFix2.txt. etc.

To do this go to Start > Explore and navigate to C:\Qoobox\ComboFix.txt

The one we are most likely looking for is the ComboFix2.txt.

Copy and paste that one back here please.
  • 0

#7
john545

john545

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Yes, ComboFix did run twice. The first time it said the version was out of date, so I downloaded and ran a second time.

BTW, after removing two viewpoint files, the laptop seems even slower than before.

Here is the first ComboFixrun:

ComboFix 10-09-01.04 - Lilton Puckett 09/10/2010 10:10:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.113 [GMT -7:00]
Running from: c:\documents and settings\Lilton Puckett.FRECKLES\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\patch.exe
c:\windows\system32\comrepl.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 16:50 . 2004-06-08 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-08-02 04:49 . 2010-08-02 04:48 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-02 04:47 . 2010-08-02 04:47 -------- d-----w- c:\program files\ERUNT
2010-08-02 04:46 . 2010-08-02 04:09 -------- d-----w- c:\program files\WinUtilities
2010-08-02 03:59 . 2004-07-03 07:24 -------- d-----w- c:\program files\Yahoo!
2010-08-02 03:59 . 2010-02-22 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-02 02:47 . 2010-08-02 02:47 -------- d-----w- c:\documents and settings\Lilton Puckett.FRECKLES\Application Data\Malwarebytes
2010-08-02 02:47 . 2010-08-02 02:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 02:46 . 2010-08-02 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-26 05:23 . 2010-08-02 04:09 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-07-26 05:23 . 2010-08-02 04:09 33968 ----a-w- c:\windows\system32\anim.dll
2010-07-26 05:23 . 2010-08-02 04:09 258352 ----a-w- c:\windows\system32\unicows.dll
2010-07-26 05:23 . 2010-08-02 04:09 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-07-26 05:23 . 2010-08-02 04:09 2272 ----a-w- c:\windows\system32\W95INF16.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-14 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2004-03-04 211828]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"BuildBU"="c:\dell\bldbubg.exe" [2004-02-19 61440]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 50688]
"IPInSightMonitor 01"="c:\program files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 98304]
"2wSysTray"="c:\program files\2Wire\2PortalMon.exe" [2004-09-15 393216]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 22:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 07:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 08:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 23:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-08-05 01:28 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-10-06 15:05 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-12-12 19:22 217088 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-06-08 09:11 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 04:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://as.weatherstudio.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwfLYZRZ8Id0VX+iWljMnqy+7UPvYP6GYo0Wb/xTjIRZHZv9Ksj3miBlWfsnEgFmyXXXpyXkbdR2lg1hNsHMPly/G12Yu3kMTehcPdcmFWZ7x0ua1JakE/TQ==
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 10:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-09-10 10:21:49
ComboFix-quarantined-files.txt 2010-09-10 17:21

Pre-Run: 16,456,364,032 bytes free
Post-Run: 16,417,628,160 bytes free

- - End Of File - - 7F5DF15EB12739FE9C9020A3DE3D8304
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello john545,

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
    IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
    O2 - BHO: (no name) - Disabled:{5CA3D70E-1895-11CF-8E15-001234567890} - No CLSID value found.
    O2 - BHO: (no name) - Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O2 - BHO: (no name) - Disabled:{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll File not found
    
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Next

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.

  • 0

#9
john545

john545

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hi again,

Here is OTL Run Fix log:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\Disabled:{5CA3D70E-1895-11CF-8E15-001234567890}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\Disabled:{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F5735C15-1FB2-41FE-BA12-242757E69DDE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5735C15-1FB2-41FE-BA12-242757E69DDE}\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lilton Puckett
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Lilton Puckett.FRECKLES
->Temp folder emptied: 1507 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LILTON~1~FRE

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 6780 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6928 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09112010_201521

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Here is the OTL Run Scan log:

OTL logfile created on: 9/11/2010 8:38:51 PM - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 128.00 Mb Available Physical Memory | 33.00% Memory free
921.00 Mb Paging File | 420.00 Mb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.89 Gb Total Space | 15.28 Gb Free Space | 54.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 247.22 Mb Total Space | 243.41 Mb Free Space | 98.46% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PUCKETT
Current User Name: Lilton Puckett
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\2Wire\2PortalMon.exe (2Wire, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Dell\AccessDirect\DadApp.exe ()
PRC - C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\SynTPFcs.dll (Synaptics, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\hpzipm12.exe (HP)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\DOCUME~1\LILTON~1.FRE\LOCALS~1\Temp\catchme.sys File not found
DRV - (MpFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (2WIREPCP) -- C:\WINDOWS\SYSTEM32\DRIVERS\2WirePCP.sys (2Wire, Inc.)
DRV - (MagicTune) -- C:\WINDOWS\SYSTEM32\DRIVERS\MTictwl.sys ()
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (SynTP) -- C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (tfsnudfa) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys (Sonic Solutions)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Inc)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys (Sonic Solutions)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys (SigmaTel, Inc.)
DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (Icam4USB) -- C:\WINDOWS\SYSTEM32\DRIVERS\Icam4USB.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577



O1 HOSTS File: ([2010/09/10 10:12:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe (2Wire, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BuildBU] c:\DELL\BLDBUBG.EXE ()
O4 - HKLM..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\DadApp.exe ()
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} http://download.yaho...rod/yregcfg.cab (RegConfig Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (YAddBook Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Lilton Puckett.FRECKLES\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lilton Puckett.FRECKLES\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/11 20:15:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/10 23:21:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/10 10:07:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/10 10:07:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/10 10:07:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/10 10:07:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/10 09:56:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/29 15:50:52 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2010/09/11 20:25:16 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/09/11 20:23:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/11 20:23:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/09/11 20:23:33 | 400,973,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/11 20:22:56 | 003,145,728 | ---- | M] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\ntuser.dat
[2010/09/11 20:22:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\NTUSER.INI
[2010/09/11 14:42:42 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/10 23:10:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/10 22:37:24 | 003,842,041 | R--- | M] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\ComboFix.exe
[2010/09/10 10:12:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/08/29 15:42:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2010/09/10 22:49:54 | 003,842,041 | R--- | C] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\ComboFix.exe
[2010/09/10 10:07:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/10 10:07:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/10 10:07:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/10 10:07:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/10 10:07:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/29 16:33:44 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\gmer.exe
[2005/03/13 13:52:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2005/03/13 13:33:18 | 000,025,294 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys
[2005/01/13 20:14:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/12/25 15:17:41 | 000,003,364 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/07/12 14:53:19 | 000,000,290 | ---- | C] () -- C:\WINDOWS\Net2fone.ini
[2004/07/03 20:57:14 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Local Settings\Application Data\fusioncache.dat
[2004/07/03 16:05:40 | 000,013,450 | ---- | C] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Application Data\wklnhst.dat
[2004/06/08 02:29:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/08 02:14:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/08 02:07:20 | 000,000,229 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/08 02:04:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/06/08 02:02:42 | 000,000,839 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/06/08 01:41:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/08 01:41:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/06/08 01:17:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 14:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/05 00:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/07/14 12:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
< End of report >
PRC - C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\2Wire\2PortalMon.exe (2Wire, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Dell\AccessDirect\DadApp.exe ()
PRC - C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\SynTPFcs.dll (Synaptics, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\hpzipm12.exe (HP)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\DOCUME~1\LILTON~1.FRE\LOCALS~1\Temp\catchme.sys File not found
DRV - (MpFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (2WIREPCP) -- C:\WINDOWS\SYSTEM32\DRIVERS\2WirePCP.sys (2Wire, Inc.)
DRV - (MagicTune) -- C:\WINDOWS\SYSTEM32\DRIVERS\MTictwl.sys ()
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (SynTP) -- C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (tfsnudfa) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys (Sonic Solutions)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Inc)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys (Sonic Solutions)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys (SigmaTel, Inc.)
DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (Icam4USB) -- C:\WINDOWS\SYSTEM32\DRIVERS\Icam4USB.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577



O1 HOSTS File: ([2010/09/10 10:12:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe (2Wire, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BuildBU] c:\DELL\BLDBUBG.EXE ()
O4 - HKLM..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\DadApp.exe ()
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} http://download.yaho...rod/yregcfg.cab (RegConfig Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (YAddBook Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Lilton Puckett.FRECKLES\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lilton Puckett.FRECKLES\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/11 20:15:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/10 23:21:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/10 10:07:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/10 10:07:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/10 10:07:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/10 10:07:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/10 09:56:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/29 15:50:52 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2010/09/11 20:48:10 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/11 20:25:16 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/09/11 20:23:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/11 20:23:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/09/11 20:23:33 | 400,973,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/11 20:22:56 | 003,145,728 | ---- | M] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\ntuser.dat
[2010/09/11 20:22:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\NTUSER.INI
[2010/09/10 23:10:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/10 22:37:24 | 003,842,041 | R--- | M] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\ComboFix.exe
[2010/09/10 10:12:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/08/29 15:42:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2010/09/10 22:49:54 | 003,842,041 | R--- | C] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\ComboFix.exe
[2010/09/10 10:07:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/10 10:07:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/10 10:07:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/10 10:07:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/10 10:07:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/29 16:33:44 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Desktop\gmer.exe
[2005/03/13 13:52:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2005/03/13 13:33:18 | 000,025,294 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys
[2005/01/13 20:14:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/12/25 15:17:41 | 000,003,364 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/07/12 14:53:19 | 000,000,290 | ---- | C] () -- C:\WINDOWS\Net2fone.ini
[2004/07/03 20:57:14 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Local Settings\Application Data\fusioncache.dat
[2004/07/03 16:05:40 | 000,013,450 | ---- | C] () -- C:\Documents and Settings\Lilton Puckett.FRECKLES\Application Data\wklnhst.dat
[2004/06/08 02:29:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/08 02:14:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/08 02:07:20 | 000,000,229 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/08 02:04:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/06/08 02:02:42 | 000,000,839 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/06/08 01:41:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/08 01:41:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/06/08 01:17:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 14:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/05 00:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/07/14 12:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll

< End of report >
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello john545,

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.

So when you return please post
  • MBAM log
  • Kaspersky scan results
  • and tell me how your computer is performing now

  • 0

Advertisements


#11
john545

john545

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
My original problem was that I could not connect to the internet(I verified the line good with another PC). So while I can download and transfer Malwarebytes from another machine, I cannot update it. For the same reason, I cannot run Kaspersky remotely.

However, I have not tried to connect since first reporting the problem. And since it's not my machine, I have to try to connect from another location. So if you think we may have solved it, I can go try that.
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello john545,

If you haven't got it solved try this with that machine:

Please go to Start > Control Panel > Network and Internet Connections > Network Connections. Then right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using dial-up, and left-click on the Properties option. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says "Obtain DNS servers automatically". Click OK twice, and restart your computer.

If that doesn't work try this one:

Go to Start > Run.... In the Open: field type cmd and press the OK button. This will open a Command Prompt.
Type or copy & paste the entire contents inside the QUOTE box below into the command window:

ipconfig /flushdns

Hit Enter and exit the Command Prompt.

Come back and tell me how you got on.
  • 0

#13
john545

john545

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
The first option has the settings you requested already in place. I also did the dns flush. No success.

I see that the little icon in the lower right corner indicates "network cable unplugged". But when I click the icon and open the properties window, there are 2 LAN connection options, and the cne connected to the DSL modem says "connected, firewalled". Troubleshooting option says the device is working. The 2Wire gateway modem is connected via a square ethernet connector, then to a USB port on the laptop. Modem lights are all solid green, I swiched USB ports, and also swapped with another cable, but no luck. The modem works fine with a wireless connection to a 2nd computer. So Im stumped :)

John
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi john545,

My apologies for the delay. The telecoms company was doing some work up the road and cut our whole street off. Most people were back up and running within an hour or so but they had to get a tech out to us and even then more work had to be done. Something wrong with the line and a cabinet thingy they have.

Turning to your problem

Let's try this:

Go to Start > Run and type: devmgmt.msc . Press OK, now Device Manager should open.

Expand the Network adapters.

Right click the items listed and choose uninstall. (There can be one, two or even three devices.)

Reboot your computer now, the network adapters should be installed automatically at reboot.

Come back and tell me if that has made a difference. :)
  • 0

#15
john545

john545

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Funny you had an outage the same day I did. But no worries about the delay. This is my parent's PC(they are in their 80s and still enjoy email and the internet), so not great urgency.

Network adaptor installed fine at reboot, but still no success. Network connection window still says the device is unplugged. Very puzzling since the only connection is a USB plug from the laptop to the DSL modem. And swapping USB ports doesnt help :)

John
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP