1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved someone please look at this for me

Discussion in 'Malware and Virus Removal Archive' started by jan roberts, 2010/07/17.

Page 1 of 3
  1. 2010/07/17
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    [Resolved] someone please look at this for me

    i had to trick it to get it.


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by jan at 15:33:30.10 on Sat 07/17/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1350 [GMT -4:00]

    AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\igfxpers.exe
    svchost.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Dell V310-V510 Series\dleamon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Dell V310-V510 Series\ezprint.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dleaserv.exe
    C:\WINDOWS\system32\dleacoms.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\jan\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\jan\Desktop\marvin.pif
    C:\Documents and Settings\jan\Desktop\marvin.pif

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://att.my.yahoo.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - No File
    TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [Google Update] "c:\documents and settings\jan\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
    mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
    mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE "
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [dleamon.exe] "c:\program files\dell v310-v510 series\dleamon.exe "
    mRun: [EzPrint] "c:\program files\dell v310-v510 series\ezprint.exe "
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
    DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140842262609
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: ?sC???
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\jan\applic~1\mozilla\firefox\profiles\cc3tm9zy.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - component: c:\documents and settings\jan\application data\mozilla\firefox\profiles\cc3tm9zy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\jan\application data\move networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\documents and settings\jan\application data\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\documents and settings\jan\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPWXM32.DLL
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
    R2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
    R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleaserv.exe [2010-7-13 98984]
    R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-7-13 600944]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-7-13 600944]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2009-12-8 93320]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
    S3 mbr;mbr;\??\c:\docume~1\jan\locals~1\temp\mbr.sys --> c:\docume~1\jan\locals~1\temp\mbr.sys [?]

    ============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1
    regfile=NOTEPAD.EXE %1
    scrfile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1

    =============== Created Last 30 ================

    2010-07-16 14:47:07 4958588 ----a-w- c:\windows\{00000003-00000000-00000002-00001102-00000004-20061102}.BAK
    2010-07-16 13:57:14 0 dc----w- c:\docume~1\alluse~1\applic~1\Dell V310-V510 Series
    2010-07-16 12:01:48 0 d-----w- c:\program files\ESET
    2010-07-14 11:08:11 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-13 18:08:48 406 ----a-w- c:\windows\system32\ioloBootDefrag.cfg
    2010-07-13 18:07:02 938328 ----a-w- c:\windows\system32\Incinerator.dll
    2010-07-13 18:06:30 8192 ----a-w- c:\windows\system32\smrgdf.exe
    2010-07-13 18:06:30 28672 ----a-w- c:\windows\system32\iolobtdfg.exe
    2010-07-13 18:06:20 0 d-----w- c:\program files\iolo
    2010-07-13 18:02:28 74703 ----a-w- c:\windows\system32\mfc45.dll
    2010-07-13 18:02:24 0 dc----w- c:\docume~1\alluse~1\applic~1\iolo
    2010-07-13 18:02:24 0 d-----w- c:\docume~1\jan\applic~1\iolo
    2010-07-13 17:53:29 40960 ----a-w- c:\windows\system32\dleavs.dll
    2010-07-13 17:53:24 438272 ----a-w- c:\windows\system32\dleacoin.dll
    2010-07-13 17:53:19 65106 ----a-w- c:\windows\system32\dleaprpr.chm
    2010-07-13 17:53:18 983121 ----a-w- c:\windows\system32\lxk_gf.dll
    2010-07-13 17:53:18 86016 ----a-w- c:\windows\system32\dleagcfg.dll
    2010-07-13 17:53:18 294912 ----a-w- c:\windows\system32\dleacui.dll
    2010-07-13 17:53:18 110592 ----a-w- c:\windows\system32\dleacuir.dll
    2010-07-13 17:53:17 8696 ----a-w- c:\windows\system32\dleacommuilogo_rtl.bmp
    2010-07-13 17:53:17 8696 ----a-w- c:\windows\system32\dleacommuilogo.bmp
    2010-07-13 17:52:37 0 d-----w- c:\program files\Dell
    2010-07-13 17:52:24 0 d-----w- c:\program files\Dell Toolbar
    2010-07-13 17:52:19 0 d-----w- c:\program files\Dell PC Fax
    2010-07-13 17:51:59 598696 ----a-w- c:\windows\system32\dleacoms.exe
    2010-07-13 17:51:58 372736 ----a-w- c:\windows\system32\dleacomm.dll
    2010-07-13 17:51:57 802816 ----a-w- c:\windows\system32\dleacomc.dll
    2010-07-13 17:51:56 86180 ----a-w- c:\windows\system32\DLEAcfg.dll
    2010-07-13 17:51:56 373416 ----a-w- c:\windows\system32\dleacfg.exe
    2010-07-13 17:51:56 2064 ----a-w- c:\windows\system32\dlea.loc
    2010-07-13 17:51:49 0 d-----w- c:\program files\Dell V310-V510 Series
    2010-07-13 17:23:58 0 d-----w- c:\program files\Disk Cleaner
    2010-07-13 17:23:33 5 ----a-w- c:\windows\system32\drivers\DELL_XPS_Dell DM051 .MRK
    2010-07-13 17:23:33 5 ----a-w- c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051 .MRK
    2010-07-13 17:11:58 0 d-----w- c:\program files\Citrix
    2010-07-08 23:41:37 0 d-----w- c:\program files\iPod
    2010-07-08 23:41:23 0 d-----w- c:\program files\iTunes
    2010-07-08 23:39:16 0 d-----w- c:\program files\Bonjour
    2010-07-06 10:37:18 0 dc----w- c:\docume~1\alluse~1\applic~1\{C3243856-7746-4A05-8837-51A28C1CDD82}
    2010-06-21 12:09:40 23 --sha-w- c:\windows\system32\edacded0.dat
    2010-06-21 12:09:40 23 ----a-w- c:\windows\system32\bcdadac7.xml

    ==================== Find3M ====================

    2010-07-13 17:11:42 61224 ----a-w- c:\documents and settings\jan\GoToAssistDownloadHelper.exe
    2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 20:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2010-05-18 20:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
    2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
    2008-06-20 23:43:31 56 --sh--r- c:\windows\system32\D3A869E4A2.sys
    2008-06-20 23:43:31 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-02-22 07:11:58 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
    2008-05-17 05:16:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051720080518\index.dat

    ============= FINISH: 15:37:10.27 ===============
     
    jan roberts,
    #1
  2. 2010/07/17
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    And the Attatch.txt please.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2010/07/17
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    petec,im going to have to do it again. i dont remember the other coming though. but i will wait for your go ahead to run it again.
    i have a post in hardware (second page) that hopefully explains maybe whats going on maybe not.
     
    jan roberts,
    #3
  5. 2010/07/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You posted same DDS.txt log.
    We need Attach.txt log.

    Also, you're not saying what are the issues...
     
    broni,
    #4
  6. 2010/07/18
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/24/2006 10:55:45 PM
    System Uptime: 7/17/2010 11:45:23 AM (13 hours ago)

    Motherboard: Dell Inc. | | 0RD203
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 144 GiB total, 104.379 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\9108A79E23C01
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\9108A79E23C01
    Service: NIC1394

    ==== System Restore Points ===================

    RP664: 4/19/2010 3:24:29 PM - Software Distribution Service 3.0
    RP665: 4/20/2010 12:03:54 PM - Software Distribution Service 3.0
    RP666: 4/21/2010 12:04:17 PM - Software Distribution Service 3.0
    RP667: 4/22/2010 3:10:59 PM - Software Distribution Service 3.0
    RP668: 4/23/2010 12:01:01 PM - Software Distribution Service 3.0
    RP669: 4/24/2010 12:01:34 PM - Software Distribution Service 3.0
    RP670: 4/25/2010 12:31:19 PM - Software Distribution Service 3.0
    RP671: 4/26/2010 1:24:20 PM - Software Distribution Service 3.0
    RP672: 4/27/2010 11:58:28 AM - Software Distribution Service 3.0
    RP673: 4/28/2010 11:40:48 AM - Software Distribution Service 3.0
    RP674: 4/29/2010 11:50:16 AM - Software Distribution Service 3.0
    RP675: 4/30/2010 2:16:13 PM - Software Distribution Service 3.0
    RP676: 5/1/2010 4:30:50 PM - Software Distribution Service 3.0
    RP677: 5/2/2010 12:23:49 PM - Software Distribution Service 3.0
    RP678: 5/3/2010 11:34:26 AM - Installed Java(TM) 6 Update 20
    RP679: 5/3/2010 12:22:53 PM - Software Distribution Service 3.0
    RP680: 5/4/2010 12:37:17 PM - Software Distribution Service 3.0
    RP681: 5/5/2010 1:07:33 PM - Software Distribution Service 3.0
    RP682: 5/6/2010 12:04:58 PM - Software Distribution Service 3.0
    RP683: 5/7/2010 12:09:48 PM - Software Distribution Service 3.0
    RP684: 5/8/2010 6:30:27 PM - Software Distribution Service 3.0
    RP685: 5/9/2010 12:04:58 PM - Software Distribution Service 3.0
    RP686: 5/10/2010 3:41:59 PM - Software Distribution Service 3.0
    RP687: 5/11/2010 11:48:38 AM - Software Distribution Service 3.0
    RP688: 5/11/2010 7:42:40 PM - Software Distribution Service 3.0
    RP689: 5/12/2010 12:02:24 PM - Software Distribution Service 3.0
    RP690: 5/13/2010 5:16:05 PM - Software Distribution Service 3.0
    RP691: 5/14/2010 6:42:23 PM - Software Distribution Service 3.0
    RP692: 5/15/2010 11:53:21 AM - Software Distribution Service 3.0
    RP693: 5/16/2010 12:14:02 PM - Software Distribution Service 3.0
    RP694: 5/17/2010 11:38:41 AM - Software Distribution Service 3.0
    RP695: 5/18/2010 11:46:08 AM - Software Distribution Service 3.0
    RP696: 5/19/2010 11:57:58 AM - Software Distribution Service 3.0
    RP697: 5/20/2010 12:05:21 PM - Software Distribution Service 3.0
    RP698: 5/21/2010 11:44:04 AM - Software Distribution Service 3.0
    RP699: 5/22/2010 2:54:53 PM - Software Distribution Service 3.0
    RP700: 5/23/2010 3:44:08 PM - System Checkpoint
    RP701: 5/24/2010 11:46:20 AM - Software Distribution Service 3.0
    RP702: 5/25/2010 11:45:42 AM - Software Distribution Service 3.0
    RP703: 5/25/2010 4:27:49 PM - Software Distribution Service 3.0
    RP704: 5/26/2010 11:45:43 AM - Software Distribution Service 3.0
    RP705: 5/27/2010 7:01:58 PM - Software Distribution Service 3.0
    RP706: 5/28/2010 7:55:28 PM - Software Distribution Service 3.0
    RP707: 5/30/2010 2:27:23 AM - Software Distribution Service 3.0
    RP708: 5/30/2010 12:30:05 PM - Software Distribution Service 3.0
    RP709: 5/31/2010 12:35:52 PM - Software Distribution Service 3.0
    RP710: 6/1/2010 1:56:23 PM - Software Distribution Service 3.0
    RP711: 6/2/2010 1:49:02 PM - Software Distribution Service 3.0
    RP712: 6/3/2010 12:04:30 PM - Software Distribution Service 3.0
    RP713: 6/4/2010 8:49:35 AM - Software Distribution Service 3.0
    RP714: 6/4/2010 1:30:22 PM - Software Distribution Service 3.0
    RP715: 6/5/2010 5:50:25 PM - Software Distribution Service 3.0
    RP716: 6/6/2010 12:45:53 PM - Software Distribution Service 3.0
    RP717: 6/7/2010 12:06:24 PM - Software Distribution Service 3.0
    RP718: 6/8/2010 12:08:45 PM - Software Distribution Service 3.0
    RP719: 6/9/2010 11:58:15 AM - Software Distribution Service 3.0
    RP720: 6/10/2010 12:09:36 PM - Software Distribution Service 3.0
    RP721: 6/11/2010 2:17:19 AM - Software Distribution Service 3.0
    RP722: 6/11/2010 11:52:34 AM - Software Distribution Service 3.0
    RP723: 6/12/2010 12:23:33 PM - Software Distribution Service 3.0
    RP724: 6/14/2010 3:03:48 AM - Software Distribution Service 3.0
    RP725: 6/14/2010 7:26:36 AM - Installed Microsoft Fix it 50027
    RP726: 6/14/2010 7:58:49 AM - Removed iTunes
    RP727: 6/14/2010 8:10:18 AM - Installed iTunes
    RP728: 6/14/2010 10:30:13 AM - Removed iTunes
    RP729: 6/14/2010 10:33:06 AM - Removed QuickTime
    RP730: 6/14/2010 10:46:46 AM - Installed iTunes
    RP731: 6/15/2010 5:11:30 AM - Software Distribution Service 3.0
    RP732: 6/16/2010 4:04:48 AM - Removed iTunes
    RP733: 6/16/2010 4:07:42 AM - Removed QuickTime
    RP734: 6/16/2010 4:27:11 AM - Installed iTunes
    RP735: 6/16/2010 5:37:34 AM - Removed Bonjour
    RP736: 6/16/2010 5:46:14 AM - Removed iTunes
    RP737: 6/16/2010 5:49:14 AM - Removed QuickTime
    RP738: 6/16/2010 5:53:59 AM - Software Distribution Service 3.0
    RP739: 6/16/2010 6:00:20 AM - Installed iTunes
    RP740: 6/16/2010 7:14:01 AM - Removed OverDrive Media Console
    RP741: 6/16/2010 7:16:00 AM - Removed iTunes
    RP742: 6/16/2010 7:18:49 AM - Removed QuickTime
    RP743: 6/16/2010 7:27:21 AM - Installed iTunes
    RP744: 6/16/2010 7:51:07 AM - Installed OverDrive Media Console
    RP745: 6/16/2010 8:42:04 AM - Installed %1 %2.
    RP746: 6/16/2010 2:29:52 PM - Restore Operation
    RP747: 6/18/2010 6:11:54 AM - System Checkpoint
    RP748: 6/19/2010 1:27:35 AM - Software Distribution Service 3.0
    RP749: 6/20/2010 6:48:49 AM - Software Distribution Service 3.0
    RP750: 6/21/2010 7:55:17 AM - Software Distribution Service 3.0
    RP751: 6/21/2010 12:33:11 PM - Software Distribution Service 3.0
    RP752: 6/22/2010 12:05:07 PM - Software Distribution Service 3.0
    RP753: 6/23/2010 7:23:44 AM - Software Distribution Service 3.0
    RP754: 6/24/2010 8:31:10 PM - Software Distribution Service 3.0
    RP755: 6/26/2010 6:09:57 AM - Software Distribution Service 3.0
    RP756: 6/27/2010 8:04:41 AM - Software Distribution Service 3.0
    RP757: 6/28/2010 7:59:22 AM - Software Distribution Service 3.0
    RP758: 6/29/2010 1:06:54 PM - Software Distribution Service 3.0
    RP759: 6/29/2010 1:19:10 PM - Software Distribution Service 3.0
    RP760: 6/30/2010 7:56:01 AM - Software Distribution Service 3.0
    RP761: 7/1/2010 8:22:15 PM - Software Distribution Service 3.0
    RP762: 7/2/2010 11:38:41 PM - Software Distribution Service 3.0
    RP763: 7/5/2010 5:32:43 AM - Software Distribution Service 3.0
    RP764: 7/6/2010 6:37:16 AM - Installed GEAR driver installer for x86 and x64.
    RP765: 7/6/2010 6:56:43 AM - Removed GEAR driver installer for x86 and x64.
    RP766: 7/6/2010 6:57:36 AM - Removed QuickTime
    RP767: 7/6/2010 6:59:24 AM - Removed iTunes
    RP768: 7/6/2010 7:01:35 AM - Removed OverDrive Media Console
    RP769: 7/6/2010 7:09:58 AM - Installed iTunes
    RP770: 7/6/2010 8:00:39 AM - Software Distribution Service 3.0
    RP771: 7/8/2010 4:42:51 AM - Software Distribution Service 3.0
    RP772: 7/8/2010 7:08:50 PM - Removed iTunes
    RP773: 7/8/2010 7:11:53 PM - Removed Apple Application Support
    RP774: 7/8/2010 7:13:14 PM - Removed Apple Mobile Device Support
    RP775: 7/8/2010 7:13:54 PM - Removed Apple Software Update
    RP776: 7/8/2010 7:15:09 PM - Removed Bonjour
    RP777: 7/8/2010 7:16:19 PM - Removed QuickTime
    RP778: 7/8/2010 7:41:13 PM - Installed iTunes
    RP779: 7/8/2010 7:53:42 PM - Installed GEAR driver installer for x86 and x64.
    RP780: 7/9/2010 8:25:10 AM - Software Distribution Service 3.0
    RP781: 7/10/2010 11:19:49 AM - Software Distribution Service 3.0
    RP782: 7/11/2010 8:00:24 AM - Software Distribution Service 3.0
    RP783: 7/13/2010 9:45:46 AM - Software Distribution Service 3.0
    RP784: 7/13/2010 1:23:07 PM - Installed Dell System Software
    RP785: 7/13/2010 1:23:23 PM - Installed Desktop System Software
    RP786: 7/14/2010 7:23:52 AM - Software Distribution Service 3.0
    RP787: 7/14/2010 7:35:28 AM - Software Distribution Service 3.0
    RP788: 7/15/2010 7:59:21 AM - Software Distribution Service 3.0
    RP789: 7/16/2010 8:08:02 AM - Software Distribution Service 3.0
    RP790: 7/17/2010 11:59:07 AM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    ABBYY FineReader 6.0 Sprint
    Adobe Acrobat 5.0
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.2.3
    Adobe Shockwave Player
    Adobe SVG Viewer 3.0
    AOLIcon
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Display Driver
    Audible Download Manager
    Belarc Advisor 7.2
    Bonjour
    Creative MediaSource
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Driver Download Manager
    Dell Driver Reset Tool
    Dell PC TuneUp
    Dell Support Center (Support Software)
    Dell System Restore
    Dell V310-V510 Series
    DellSupport
    Digital Line Detect
    Disk Cleaner (remove only)
    Dr Watson for Microsoft Windows OneCare Live v0.9.0929.18
    GEAR driver installer for x86 and x64
    Google Chrome
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Google Update Helper
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    Internet Explorer Default Page
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 20
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Macromedia Flash Player
    McAfee SiteAdvisor
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft XML Parser
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    Move Media Player
    Mozilla Firefox (3.0.11)
    MSN
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    neroxml
    PowerDVD 5.5
    QuickTime
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    SigmaTel Audio
    Sonic Encoders
    Sonic RecordNow!
    Sonic Update Manager
    Sound Blaster Audigy 2 ZS
    SpywareBlaster 4.3
    TBS WMP Plug-in
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB968220)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VCRedistSetup
    Viewpoint Media Player
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Sign-in Assistant
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 10
    Windows Media Player 10 Hotfix - KB895316
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Media Center Edition 2005 KB895198
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    7/17/2010 7:53:50 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 00123FA9E933 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
    7/17/2010 7:48:44 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 00123FA9E933 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    7/14/2010 7:35:57 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB972696 (Definition 1.85.2035.0).
    7/14/2010 7:35:35 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.85.1948.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error code: 0x80070643 Error description: Fatal error during installation.

    ==== End Of File ===========================
     
    Last edited by a moderator: 2010/07/18
    jan roberts,
    #5
  7. 2010/07/18
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    broni
    this started out as a hardware problem,i have post over there.arie suggested that i run malware tried and that was a total failure,last post #15 i think is about that.
    it is a mess, and i am afraid to shut it down in i cant get it to start up again. that happen about 2 am yesterday morning press and hold didnt do anything. but tried again about 1pm and she started up no problem.
    event viewer is messed up show on when computer is shut down and unplugged. everything is just messed up. i really need help. i got a pop up that says" usb device is not recognized" i have printer and wireless keyboard/mouse receiver in usb and they are supposed to be fine.
    im so sorry that it took so long to get the attach scan posted. tried and tried and finally got it done YAY!!!
     
    jan roberts,
    #6
  8. 2010/07/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #7
  9. 2010/07/18
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    broni here is mbam log

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4325

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7/18/2010 8:02:42 PM
    mbam-log-2010-07-18 (20-02-42).txt

    Scan type: Quick scan
    Objects scanned: 143868
    Time elapsed: 32 minute(s), 58 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ( "%1" /S) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1 ") -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    jan roberts,
    #8
  10. 2010/07/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on :)
     
    broni,
    #9
  11. 2010/07/19
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    broni i completed the five hour gmer early this morning,but could not post it. i could not post because i could not get any icon on my desktop to work. except recycle bin. all i had to do was get here and do ctrl+v and we would be on our way of getting computer fixed. icons diappeared come back. windowsbbs popped up with an "open with" box and i no idea about that. my clock stopped at 547am and its really 7am and i couldnt use start button had to push power button of course killing the ctrl v
    the gmer scan just stopped and i looked over and the scan button was back so i figured that it was finished running. clicked on copy and that is when the fun started. it was way to much fun for me. so tomorrow i ll run the scan again all five hours of it and changed the name of where im going to post the log so maybe i can post it. but todays my birthday and i have had way too much fun to do it again. it was interesting,i didnt know my desktop could do all that stuff it was doing.
     
    jan roberts,
    #10
  12. 2010/07/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Happy Birthday! :)

    Skip GMER for now and run this...

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #11
  13. 2010/07/19
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    broni what about spywareblaster,didnt see that on list,or i missed it
     
    jan roberts,
    #12
  14. 2010/07/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Don't worry about it.
     
    broni,
    #13
  15. 2010/07/19
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    here it is

    ComboFix 10-07-18.05 - jan 07/19/2010 14:04:08.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1469 [GMT -4:00]
    Running from: c:\documents and settings\jan\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Administrator\GoToAssistDownloadHelper.exe
    c:\documents and settings\jan\GoToAssistDownloadHelper.exe
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051 .MRK
    c:\windows\system32\drivers\DELL_XPS_Dell DM051 .MRK

    .
    ((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
    .

    2010-07-16 14:46 . 2010-07-16 14:46 518 ----a-w- c:\documents and settings\jan\Application Data\iolo\Registry\Last\restore.bat
    2010-07-16 13:57 . 2010-07-16 13:57 -------- dc----w- c:\documents and settings\All Users\Application Data\Dell V310-V510 Series
    2010-07-14 11:08 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-13 18:16 . 2010-07-13 18:16 1479 ----a-w- c:\documents and settings\jan\Application Data\iolo\restore.bat
    2010-07-13 18:08 . 2010-07-13 18:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
    2010-07-13 18:07 . 2009-06-26 20:05 938328 ----a-w- c:\windows\system32\Incinerator.dll
    2010-07-13 18:06 . 2009-01-15 20:43 8192 ----a-w- c:\windows\system32\smrgdf.exe
    2010-07-13 18:06 . 2009-01-15 20:43 28672 ----a-w- c:\windows\system32\iolobtdfg.exe
    2010-07-13 18:06 . 2010-07-13 18:06 -------- d-----w- c:\program files\iolo
    2010-07-13 18:02 . 2010-07-13 18:02 74703 ----a-w- c:\windows\system32\mfc45.dll
    2010-07-13 18:02 . 2010-07-13 19:07 -------- dc----w- c:\documents and settings\All Users\Application Data\iolo
    2010-07-13 18:02 . 2010-07-13 18:16 -------- d-----w- c:\documents and settings\jan\Application Data\iolo
    2010-07-13 17:53 . 2008-03-05 01:55 40960 ----a-w- c:\windows\system32\dleavs.dll
    2010-07-13 17:53 . 2009-12-16 15:12 438272 ----a-w- c:\windows\system32\dleacoin.dll
    2010-07-13 17:53 . 2009-11-04 12:14 157696 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\dleadrpp.dll
    2010-07-13 17:53 . 2009-11-09 06:59 86016 ----a-w- c:\windows\system32\dleagcfg.dll
    2010-07-13 17:53 . 2009-10-21 09:06 110592 ----a-w- c:\windows\system32\dleacuir.dll
    2010-07-13 17:53 . 2009-10-21 09:06 294912 ----a-w- c:\windows\system32\dleacui.dll
    2010-07-13 17:53 . 2008-04-30 05:32 983121 ----a-w- c:\windows\system32\lxk_gf.dll
    2010-07-13 17:51 . 2010-01-07 20:09 598696 ----a-w- c:\windows\system32\dleacoms.exe
    2010-07-13 17:51 . 2009-12-09 18:36 372736 ----a-w- c:\windows\system32\dleacomm.dll
    2010-07-13 17:51 . 2009-12-09 18:35 802816 ----a-w- c:\windows\system32\dleacomc.dll
    2010-07-13 17:51 . 2010-01-07 20:09 373416 ----a-w- c:\windows\system32\dleacfg.exe
    2010-07-13 17:51 . 2009-11-26 07:49 86180 ----a-w- c:\windows\system32\DLEAcfg.dll
    2010-07-13 17:51 . 2010-07-13 17:53 -------- d-----w- c:\program files\Dell V310-V510 Series
    2010-07-13 17:23 . 2010-07-13 17:29 -------- d-----w- c:\program files\Disk Cleaner
    2010-07-13 17:11 . 2010-07-13 17:11 -------- d-----w- c:\program files\Citrix
    2010-07-08 23:41 . 2010-07-08 23:41 -------- d-----w- c:\program files\iPod
    2010-07-08 23:41 . 2010-07-08 23:42 -------- d-----w- c:\program files\iTunes
    2010-07-08 23:40 . 2010-07-13 15:39 -------- d-----w- c:\program files\QuickTime
    2010-07-08 23:39 . 2010-07-08 23:39 -------- d-----w- c:\program files\Apple Software Update
    2010-07-08 23:39 . 2010-07-08 23:39 -------- d-----w- c:\program files\Bonjour
    2010-07-08 23:38 . 2010-07-08 23:41 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-08 23:24 . 2009-12-16 18:42 43008 ----a-w- c:\documents and settings\jan\Application Data\Mozilla\Firefox\Profiles\cc3tm9zy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2010-07-08 23:24 . 2009-12-16 18:42 872960 ----a-w- c:\documents and settings\jan\Application Data\Mozilla\Firefox\Profiles\cc3tm9zy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2010-07-08 23:24 . 2009-12-16 18:42 340480 ----a-w- c:\documents and settings\jan\Application Data\Mozilla\Firefox\Profiles\cc3tm9zy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2010-07-08 23:24 . 2009-12-16 18:41 346624 ----a-w- c:\documents and settings\jan\Application Data\Mozilla\Firefox\Profiles\cc3tm9zy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2010-07-06 10:37 . 2010-07-08 23:53 -------- dc----w- c:\documents and settings\All Users\Application Data\{C3243856-7746-4A05-8837-51A28C1CDD82}
    2010-07-06 10:36 . 2010-07-06 10:36 -------- d-----w- c:\documents and settings\jan\Local Settings\Application Data\Downloaded Installations
    2010-06-23 11:40 . 2010-06-23 11:40 501936 -c--a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb14.tmp.exe
    2010-06-21 12:09 . 2010-06-21 12:09 23 --sha-w- c:\windows\system32\edacded0.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-19 17:49 . 2008-03-01 14:51 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-07-16 14:46 . 2007-12-09 20:05 -------- d-----w- c:\program files\PCFriendly
    2010-07-13 18:06 . 2010-07-13 17:52 -------- d-----w- c:\program files\Dell
    2010-07-13 17:52 . 2010-07-13 17:52 -------- d-----w- c:\program files\Dell Toolbar
    2010-07-13 17:52 . 2010-07-13 17:52 -------- d-----w- c:\program files\Dell PC Fax
    2010-07-13 17:27 . 2006-02-25 06:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-07-13 15:41 . 2006-02-25 05:26 -------- d-----w- c:\program files\Google
    2010-07-09 13:09 . 2007-04-06 14:19 -------- d-----w- c:\program files\SpywareBlaster
    2010-06-29 17:08 . 2010-04-09 19:45 -------- d-----w- c:\program files\Microsoft Security Essentials
    2010-06-16 12:44 . 2010-06-16 12:44 -------- d-----w- c:\documents and settings\jan\Application Data\ElevatedDiagnostics
    2010-06-16 00:01 . 2010-06-16 00:01 72504 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
    2010-06-14 14:31 . 2004-08-19 21:04 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-08 18:31 . 2006-07-23 07:09 -------- d-----w- c:\documents and settings\jan\Application Data\Apple Computer
    2010-06-04 13:00 . 2009-05-09 22:31 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-06-01 17:37 . 2010-04-09 19:47 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-28 00:20 . 2010-05-28 00:20 503808 ----a-w- c:\documents and settings\jan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7477cf11-n\msvcp71.dll
    2010-05-28 00:20 . 2010-05-28 00:20 499712 ----a-w- c:\documents and settings\jan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7477cf11-n\jmc.dll
    2010-05-28 00:20 . 2010-05-28 00:20 348160 ----a-w- c:\documents and settings\jan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7477cf11-n\msvcr71.dll
    2010-05-28 00:20 . 2010-05-28 00:20 61440 ----a-w- c:\documents and settings\jan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-25f46101-n\decora-sse.dll
    2010-05-28 00:20 . 2010-05-28 00:20 12800 ----a-w- c:\documents and settings\jan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-25f46101-n\decora-d3d.dll
    2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 20:35 . 2010-05-18 20:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2010-05-18 20:35 . 2010-05-18 20:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-06 10:41 . 2004-08-19 20:49 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 05:22 . 2004-08-19 20:49 1851264 ----a-w- c:\windows\system32\win32k.sys
    2008-06-20 23:43 . 2006-11-10 15:31 56 --sh--r- c:\windows\system32\D3A869E4A2.sys
    2008-06-20 23:43 . 2006-11-10 15:31 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "DellSupport "= "c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "Google Update "= "c:\documents and settings\jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-25 135664]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "IntelMeM "= "c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
    "CTSysVol "= "c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "CTDVDDET "= "c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
    "CTHelper "= "CTHELPER.EXE" [2007-04-09 19456]
    "UpdReg "= "c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
    "SigmatelSysTrayApp "= "stsystra.exe" [2005-03-23 339968]
    "googletalk "= "c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
    "dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
    "dleamon.exe "= "c:\program files\Dell V310-V510 Series\dleamon.exe" [2010-01-18 770728]
    "EzPrint "= "c:\program files\Dell V310-V510 Series\ezprint.exe" [2010-01-18 139944]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-4 24576]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\AIM\\aim.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Audible\\Bin\\AudibleDownloadHelper.exe "=
    "c:\\Program Files\\att-nap\\McciBrowser.exe "=
    "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\WINDOWS\\system32\\dleacoms.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009

    R2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
    R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleaserv.exe [7/13/2010 1:53 PM 98984]
    R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [7/13/2010 2:06 PM 600944]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [7/13/2010 2:06 PM 600944]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/8/2009 6:04 PM 93320]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 7:11 AM 135664]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 11:11]

    2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 11:11]

    2010-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1948461421-2004685971-4226772609-1005Core.job
    - c:\documents and settings\jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-17 05:16]

    2010-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1948461421-2004685971-4226772609-1005UA.job
    - c:\documents and settings\jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-17 05:16]

    2010-07-19 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://att.my.yahoo.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    FF - ProfilePath - c:\documents and settings\jan\Application Data\Mozilla\Firefox\Profiles\cc3tm9zy.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - component: c:\documents and settings\jan\Application Data\Mozilla\Firefox\Profiles\cc3tm9zy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\jan\Application Data\Move Networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\documents and settings\jan\Application Data\Move Networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\documents and settings\jan\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWXM32.DLL
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-19 14:09
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    Completion time: 2010-07-19 14:12:11
    ComboFix-quarantined-files.txt 2010-07-19 18:12
    ComboFix2.txt 2008-12-01 01:23

    Pre-Run: 110,128,185,344 bytes free
    Post-Run: 110,138,134,528 bytes free

    - - End Of File - - A97280A9C2429EC2EF705EAB94341327
     
    jan roberts,
    #14
  16. 2010/07/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I strongly suggest, you uninstall iolo System Mechanic.
    Brings nothing good, but may break something.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\system32\D3A869E4A2.sys

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #15
  17. 2010/07/19
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    hmm broni
    i've already got rid of combofix.eek?
     
    jan roberts,
    #16
  18. 2010/07/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I didn't ask you to.
    Download fresh copy and run my script.

    What about System Mechanic?
     
    broni,
    #17
  19. 2010/07/19
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    broni i cant find system mechanic,i thought that iolo had something to do with itunes. i will get combofix back and will never get rid of anything unless you say get rid of it,i mean it.
     
    jan roberts,
    #18
  20. 2010/07/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Probably some leftovers.
    We'll take care of it later...
     
    broni,
    #19
  21. 2010/07/19
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    trying to do script now on the copy and paste am i supposed to go into c\windows\system32\D3A869E4a2.sys and copy and paste onto notepad or just type it(which is what i have done,but...)
     
    jan roberts,
    #20
Page 1 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...