Jump to content

Redirect Virus fsharproj


Recommended Posts

Our computer has been infected with a redirect virus for about a week. We've been running rkill then Malwarebytes quick scan then full scan. It says it's removed the virus but it's still there. If I don't run Malware everyday, other viruses will pop up but they seem to be cleaned when the Malware is run. I've seen this particular virus addressed on other threads and it's been removed with ComboFix, but I'm leery about doing this without help. Any advice would be greatly appreciated.

This is the last quick scan log from earlier today:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6842

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

6/12/2011 2:41:02 PM

mbam-log-2011-06-12 (14-41-02).txt

Scan type: Quick scan

Objects scanned: 195678

Time elapsed: 8 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Thanks for the help! I'm posting the last MBAM log, but I can't seem to get DDS to run. it keeps getting hung up about a minute into the scan and then i have to do a hard reboot. Thanks again!

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6864

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/15/2011 9:03:08 PM

mbam-log-2011-06-15 (21-03-08).txt

Scan type: Quick scan

Objects scanned: 205882

Time elapsed: 13 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 5

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\system32\ati2dvag32.dll (Trojan.Tracur.PGen) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{03A5CB6A-EFF1-474D-A23A-ED0D8DD5B194} (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03A5CB6A-EFF1-474D-A23A-ED0D8DD5B194} (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{03A5CB6A-EFF1-474D-A23A-ED0D8DD5B194} (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{03A5CB6A-EFF1-474D-A23A-ED0D8DD5B194} (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\ati2dvag32.dll (Trojan.Tracur.PGen) -> Delete on reboot.

Link to post
Share on other sites

  • Staff

Hi,

Try this instead:

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

Here are the two logs. Thanks again!!

OTL Extras logfile created on: 6/18/2011 10:42:11 PM - Run 1

OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\wlry\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.98 Mb Total Physical Memory | 487.39 Mb Available Physical Memory | 48.02% Memory free

1.64 Gb Paging File | 1.28 Gb Available in Paging File | 78.01% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 34.91 Gb Total Space | 5.10 Gb Free Space | 14.60% Space Free | Partition Type: NTFS

Drive E: | 37.27 Gb Total Space | 27.46 Gb Free Space | 73.68% Space Free | Partition Type: NTFS

Computer Name: IBM-2DA6DE1445C | User Name: wlry | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\igfxres32.exe" = C:\WINDOWS\system32\igfxres32.exe:*:Enabled:Windows Update Service

"C:\WINDOWS\system32\PortableDeviceWMDRM32.exe" = C:\WINDOWS\system32\PortableDeviceWMDRM32.exe:*:Enabled:Windows Update Service

"C:\WINDOWS\system32\clbcatq32.exe" = C:\WINDOWS\system32\clbcatq32.exe:*:Enabled:Windows Update Service

"C:\WINDOWS\system32\mstscax32.exe" = C:\WINDOWS\system32\mstscax32.exe:*:Enabled:Windows Update Service

"C:\WINDOWS\system32\ati2dvag32.exe" = C:\WINDOWS\system32\ati2dvag32.exe:*:Enabled:Windows Update Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)

"C:\WINDOWS\system32\igfxres32.exe" = C:\WINDOWS\system32\igfxres32.exe:*:Enabled:Windows Update Service

"C:\WINDOWS\system32\PortableDeviceWMDRM32.exe" = C:\WINDOWS\system32\PortableDeviceWMDRM32.exe:*:Enabled:Windows Update Service

"C:\WINDOWS\system32\mstscax32.exe" = C:\WINDOWS\system32\mstscax32.exe:*:Enabled:Windows Update Service

"C:\WINDOWS\system32\clbcatq32.exe" = C:\WINDOWS\system32\clbcatq32.exe:*:Enabled:Windows Update Service

"C:\WINDOWS\system32\ati2dvag32.exe" = C:\WINDOWS\system32\ati2dvag32.exe:*:Enabled:Windows Update Service

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business

"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools

"{054C3038-FFAC-446D-9682-E25891DC2E05}" = QuickBooks Product Listing Service

"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks

"{0700E22B-A424-40A5-BD20-04BF618CA0F9}" = QuickBooks Premier Edition 2010

"{0700E22B-A427-40A5-BD20-04BF618CA0F9}" = QuickBooks Premier: Nonprofit Edition 2010

"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module

"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data

"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0

"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 17

"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug

"{2A3CAC59-129F-4465-A9CC-85021F0CA66D}" = Nicktoons Basketball

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service

"{4C5D15D2-5351-4F05-A96E-56C20554F977}" = RollerCoaster Tycoon 2 Triple Thrill Pack

"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service

"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit SDK for Java 2, v1.4.1

"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes

"{710C0BB2-FE39-484E-BB23-C9B96835A14A}" = Access IBM Message Center

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG

"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service

"{80380166-A872-4B78-B98A-33447A032BDF}" = ThinkCentre Wallpaper

"{81E76DE9-BBCB-449C-91BB-6E4E5436D496}" = Adobe Audition 1.0

"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD

"{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A7E6A962-C086-47E3-BAEC-9C84AF292820}" = SpongeBob SquarePants - Battle for Bikini Bottom

"{A9255718-8A40-45F9-B738-93655FBD4F6F}" = QuickBooks Online Backup

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)

"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = Access IBM Cleanup Utility

"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite

"{E0FE3547-5683-441C-8CD2-AC651A4AE359}" = Thomas & Friends - Misty Island Rescue

"{EA70AC94-2533-4103-8722-3093961BA7E7}" = Print Workshop 2009 LE

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"AboutTime_is1" = AboutTime

"Access IBM Tools" = Access IBM Tools

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"IBM Access Support" = IBM Access Support

"ie8" = Windows Internet Explorer 8

"InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit SDK for Java 2, v1.4.1

"InstallShield_{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG

"InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MouseSuite98" = Mouse Suite

"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"PROSet" = Intel® PRO Network Adapters and Drivers

"QuickTime" = QuickTime

"RealVNC_is1" = VNC Free Edition 4.1.2

"SK_USBKeyboard" = IBM Rapid Access Keyboard (III, IIIe)

"StartUp Manager" = StartUp Manager

"Support.com" = Support.com Software

"The Game Of Life" = The Game Of Life

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 6/18/2011 3:00:48 AM | Computer Name = IBM-2DA6DE1445C | Source = MsiInstaller | ID = 10005

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer

has encountered an unexpected error installing this package. This may indicate

a problem with this package. The error code is 2721. The arguments are: CA_ScheduleUpdateAssemblyRB.3643236F_FC70_11D3_A536_0090278A1BB8,

,

Error - 6/18/2011 3:00:48 AM | Computer Name = IBM-2DA6DE1445C | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB980773'

could not be installed. Error code 1603. Additional information is available in

the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework

2.0-KB2418241_20110618_070046328-Msi0.txt.

Error - 6/18/2011 3:00:48 AM | Computer Name = IBM-2DA6DE1445C | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2418241'

could not be installed. Error code 1603. Additional information is available in

the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework

2.0-KB2418241_20110618_070046328-Msi0.txt.

Error - 6/18/2011 3:00:49 AM | Computer Name = IBM-2DA6DE1445C | Source = HotFixInstaller | ID = 5000

Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2418241,

P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10

2721.

Error - 6/18/2011 3:00:54 AM | Computer Name = IBM-2DA6DE1445C | Source = MsiInstaller | ID = 10005

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer

has encountered an unexpected error installing this package. This may indicate

a problem with this package. The error code is 2721. The arguments are: CA_ScheduleUpdateAssemblyRB.3643236F_FC70_11D3_A536_0090278A1BB8,

,

Error - 6/18/2011 3:00:54 AM | Computer Name = IBM-2DA6DE1445C | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB976576'

could not be installed. Error code 1603. Additional information is available in

the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework

2.0-KB976576_20110618_070052390-Msi0.txt.

Error - 6/18/2011 3:00:55 AM | Computer Name = IBM-2DA6DE1445C | Source = HotFixInstaller | ID = 5000

Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb976576,

P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10

2721.

Error - 6/18/2011 3:01:03 AM | Computer Name = IBM-2DA6DE1445C | Source = MsiInstaller | ID = 10005

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer

has encountered an unexpected error installing this package. This may indicate

a problem with this package. The error code is 2721. The arguments are: CA_ScheduleUpdateAssemblyRB.3643236F_FC70_11D3_A536_0090278A1BB8,

,

Error - 6/18/2011 3:01:03 AM | Computer Name = IBM-2DA6DE1445C | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2518864'

could not be installed. Error code 1603. Additional information is available in

the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework

2.0-KB2518864_20110618_070059781-Msi0.txt.

Error - 6/18/2011 3:01:03 AM | Computer Name = IBM-2DA6DE1445C | Source = HotFixInstaller | ID = 5000

Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2518864,

P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10

2721.

[ System Events ]

Error - 6/17/2011 4:33:26 AM | Computer Name = IBM-2DA6DE1445C | Source = Service Control Manager | ID = 7000

Description = The Intuit QuickBooks FCS service failed to start due to the following

error: %%1053

Error - 6/18/2011 12:18:48 AM | Computer Name = IBM-2DA6DE1445C | Source = DCOM | ID = 10005

Description = DCOM got error "%1053" attempting to start the service QBFCService

with arguments "" in order to run the server: {E2F551B5-D7E4-351C-A975-2E8EEE4D1917}

Error - 6/18/2011 12:18:48 AM | Computer Name = IBM-2DA6DE1445C | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Intuit QuickBooks FCS

service to connect.

Error - 6/18/2011 12:18:48 AM | Computer Name = IBM-2DA6DE1445C | Source = Service Control Manager | ID = 7000

Description = The Intuit QuickBooks FCS service failed to start due to the following

error: %%1053

Error - 6/18/2011 3:00:30 AM | Computer Name = IBM-2DA6DE1445C | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0

SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909).

Error - 6/18/2011 3:00:42 AM | Computer Name = IBM-2DA6DE1445C | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Microsoft .NET Framework 3.5 SP1 Update for Windows Server

2003 and Windows XP x86 (KB982168).

Error - 6/18/2011 3:00:47 AM | Computer Name = IBM-2DA6DE1445C | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on

Windows Server 2003 and Windows XP x86 (KB2478658).

Error - 6/18/2011 3:00:54 AM | Computer Name = IBM-2DA6DE1445C | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 and

3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241).

Error - 6/18/2011 3:01:01 AM | Computer Name = IBM-2DA6DE1445C | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0

SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524).

Error - 6/18/2011 3:01:16 AM | Computer Name = IBM-2DA6DE1445C | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on

Windows Server 2003 and Windows XP x86 (KB2518864).

< End of report >

Link to post
Share on other sites

OTL logfile created on: 6/18/2011 10:42:11 PM - Run 1

OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\wlry\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.98 Mb Total Physical Memory | 487.39 Mb Available Physical Memory | 48.02% Memory free

1.64 Gb Paging File | 1.28 Gb Available in Paging File | 78.01% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 34.91 Gb Total Space | 5.10 Gb Free Space | 14.60% Space Free | Partition Type: NTFS

Drive E: | 37.27 Gb Total Space | 27.46 Gb Free Space | 73.68% Space Free | Partition Type: NTFS

Computer Name: IBM-2DA6DE1445C | User Name: wlry | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/18 22:41:08 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\wlry\Desktop\OTL.exe

PRC - [2011/04/05 08:10:28 | 001,149,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

PRC - [2010/10/29 17:12:22 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe

PRC - [2009/10/11 04:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe

PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/11/02 14:58:20 | 000,610,304 | ---- | M] (SwapDrive, Inc.) -- C:\Program Files\QuickBooks Online Backup\OnlineBackup.exe

PRC - [2006/09/13 14:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe

PRC - [2005/01/07 21:30:56 | 000,864,256 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe

PRC - [2003/09/30 13:05:00 | 000,536,576 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

PRC - [2003/05/21 17:03:24 | 000,131,072 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE

PRC - [2002/11/08 19:50:32 | 000,098,304 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

PRC - [2002/10/16 04:59:54 | 001,622,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Support.com\Bin\tgcmd.exe

PRC - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

PRC - [2002/07/01 20:24:34 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\SKDAEMON.EXE

PRC - [2002/03/14 20:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe

========== Modules (SafeList) ==========

MOD - [2011/06/18 22:41:08 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\wlry\Desktop\OTL.exe

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2008/04/13 20:12:05 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\security.dll

MOD - [2002/05/29 15:00:16 | 000,053,248 | ---- | M] (SupportSoft) -- C:\Program Files\Support.com\Bin\sdcidle.dll

MOD - [2001/04/28 10:58:00 | 000,049,152 | ---- | M] (Silitek Corp.) -- C:\WINDOWS\system32\SKHOOKS.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RpcSs32) Remote Procedure Call (RPC)

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2011/04/05 08:26:34 | 000,045,056 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2009/08/18 03:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe -- (QuickBooksDB20)

SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)

SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)

SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

SRV - [2006/09/13 14:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17)

SRV - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)

DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2004/09/03 01:01:16 | 000,396,480 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)

DRV - [2003/05/05 22:25:48 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)

DRV - [2003/01/21 02:28:18 | 000,018,048 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pelps2m.sys -- (pelps2m)

DRV - [2003/01/10 17:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PELMouse.SYS -- (pelmouse)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6A CB A5 03 F1 EF 4D 47 A2 3A ED 0D 8D D5 B1 94 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.wlry.org/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/08 09:47:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/08 10:08:45 | 000,000,000 | ---D | M]

[2009/11/06 07:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Extensions

[2011/06/15 17:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions

[2011/06/09 21:19:29 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{00103b1a-a829-41f3-b951-7ae4bd9f4d90}

[2011/06/14 13:41:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{0d743df1-aaaf-4154-983b-8f47ae5e02a4}

[2011/06/10 09:50:59 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{1a8a9baf-588f-4cc0-8b7d-86d373c3f7de}

[2011/06/10 20:40:13 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{203857d6-86c0-4ec7-9dfa-fa67936b7663}

[2011/06/09 21:43:59 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{22ee17e9-f884-4780-8710-ca2aa3fbc4e0}

[2011/06/10 15:46:59 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{25491e9d-e975-4128-99be-33e2454a1097}

[2011/06/13 08:38:54 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{2a42e3e9-7b10-45d7-8b71-20f4cd2716c1}

[2011/06/13 22:06:34 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{2b507efd-efa2-4d95-8180-948be61d0613}

[2011/06/12 14:21:48 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{3003d11b-716b-49a2-8adf-4d144e9af1ba}

[2011/06/10 09:37:01 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{33078d1e-4c7d-4be2-a755-bf11b9fb38aa}

[2011/06/10 02:56:36 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{42556547-1997-46ba-be62-f36d92f1d095}

[2011/06/15 17:20:26 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{4dd95feb-b036-4a5b-90d8-30c47580ac71}

[2011/06/12 12:19:14 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{8f7dcf5f-1aad-4b6d-bef6-ef337ce75e99}

[2011/06/10 09:23:35 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{9ee5f807-d632-4c10-a4eb-7d30aa49979b}

[2011/06/14 14:50:26 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{af453844-14e3-4c5b-8546-28fce0eaa87b}

[2011/06/09 21:58:07 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{afd456e5-5494-479a-b741-b140e54afefe}

[2011/06/12 14:02:17 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{b81949d8-1d0e-42aa-b477-8afef20feeea}

[2011/06/11 14:22:44 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{bc35e675-671a-4385-95dc-72476f0fe3fc}

[2011/06/14 08:58:01 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{c441891b-2496-4c7d-9d42-36acbecbee7a}

[2011/06/13 14:39:53 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{cb57c045-c0c2-435a-80ae-b6c44d2222dd}

[2011/06/12 09:04:24 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{d61d82c8-9ca5-4c31-9a2f-c9b678d48461}

[2011/06/15 07:56:58 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{d72da610-4982-412f-872e-7f3ccce350c5}

[2011/06/12 12:08:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\wlry\Application Data\Mozilla\Firefox\Profiles\mv2wcs6q.default\extensions\{da0c989b-937b-4283-b7cf-a6500bddecc9}

[2011/06/08 09:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) --

[2008/12/13 19:23:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/11/22 04:01:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/18 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (bcdc78f6) - {AD22D0FB-F5BA-7FD2-DD04-794E65CE3412} - C:\WINDOWS\system32\l2gpstore32.dll (CrypKey Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link)

O4 - HKLM..\Run: [Hot Key Kbd Daemon] C:\WINDOWS\System32\SKDAEMON.EXE ()

O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)

O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)

O4 - HKLM..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)

O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [uC_Start] C:\IBMTOOLS\Updater\ucstartup.exe ()

O4 - HKCU..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)

O4 - HKCU..\Run: [OnlineBackupScheduler] C:\Program Files\QuickBooks Online Backup\OnlineBackup.exe (SwapDrive, Inc.)

O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Online Backup Scheduler.lnk = C:\WINDOWS\Installer\{A9255718-8A40-45F9-B738-93655FBD4F6F}\_C90BDFE323B95CEE248723.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O12 - Plugin for: .spop - File not found

O15 - HKCU\..Trusted Domains: intuit.com ([community] https in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290011261437 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290011249890 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\l2gpstore32.dll) - C:\WINDOWS\system32\l2gpstore32.dll (CrypKey Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\wlry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\wlry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/01/07 18:43:46 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007/03/04 10:06:19 | 000,000,000 | -H-- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{0e8e284b-b8a2-11de-8c46-000d60efb342}\Shell - "" = AutoRun

O33 - MountPoints2\{0e8e284b-b8a2-11de-8c46-000d60efb342}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{0e8e284b-b8a2-11de-8c46-000d60efb342}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\WindowsEasyTransfer\x86\.\MigSetup.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/18 22:41:06 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\wlry\Desktop\OTL.exe

[2011/06/15 22:51:40 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys

[2011/06/13 21:58:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2011/06/10 10:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2011/06/09 19:11:39 | 000,772,096 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\ippromon32.exe

[2011/06/09 19:11:38 | 000,171,008 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\l2gpstore32.dll

[2011/06/08 10:08:46 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/06/07 21:22:42 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2011/06/07 21:13:36 | 000,000,000 | --SD | C] -- C:\ComboFix

[2011/06/07 21:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/06/07 21:07:47 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/06/06 21:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/06/06 21:21:37 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/06/06 21:21:20 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\wlry\Desktop\mbam-setup-1.46.exe

[2011/06/06 21:08:36 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2011/06/06 21:08:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\wlry\Recent

[2011/06/06 20:22:50 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam(2).sys

[2011/06/06 18:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wlry\Application Data\Malwarebytes

[2011/06/06 18:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/06/06 18:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[9 C:\Documents and Settings\wlry\My Documents\*.tmp files -> C:\Documents and Settings\wlry\My Documents\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\wlry\Desktop\*.tmp files -> C:\Documents and Settings\wlry\Desktop\*.tmp -> ]

[1 C:\Documents and Settings\wlry\*.tmp files -> C:\Documents and Settings\wlry\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/18 22:41:08 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\wlry\Desktop\OTL.exe

[2011/06/18 16:46:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/06/16 10:47:53 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/06/16 10:47:42 | 000,002,363 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Online Backup Scheduler.lnk

[2011/06/16 10:47:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/06/16 10:47:30 | 1064,357,888 | -HS- | M] () -- C:\hiberfil.sys

[2011/06/16 03:05:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/06/14 17:33:14 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\wlry\Desktop\Microsoft Word.lnk

[2011/06/13 22:05:14 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\wlry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/06/13 21:46:36 | 000,000,089 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini

[2011/06/12 12:20:15 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\1c2f2fa4

[2011/06/12 12:17:06 | 000,000,102 | ---- | M] () -- C:\WINDOWS\System32\906051540

[2011/06/09 19:11:38 | 000,171,008 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\l2gpstore32.dll

[2011/06/09 19:11:35 | 000,772,096 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\ippromon32.exe

[2011/06/08 20:06:01 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2011/06/08 20:06:01 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

[2011/06/08 10:08:46 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/06/08 09:47:24 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\wlry\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/06/08 09:47:24 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/06/07 14:14:00 | 000,000,115 | ---- | M] () -- C:\WINDOWS\disney.ini

[2011/06/06 21:21:40 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/06/06 20:37:00 | 000,711,728 | ---- | M] () -- C:\WINDOWS\is-DNSK4.exe

[2011/06/06 20:22:55 | 000,711,168 | ---- | M] () -- C:\WINDOWS\is-9TK3D.exe

[2011/06/06 19:50:11 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\16441124

[2011/06/06 19:45:52 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16441124

[2011/06/06 19:45:51 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16441124r

[2011/06/06 18:05:02 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17948452r

[2011/06/06 18:05:02 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17948452

[2011/06/06 10:21:34 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17948452

[2011/05/30 18:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam(2).sys

[9 C:\Documents and Settings\wlry\My Documents\*.tmp files -> C:\Documents and Settings\wlry\My Documents\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\wlry\Desktop\*.tmp files -> C:\Documents and Settings\wlry\Desktop\*.tmp -> ]

[1 C:\Documents and Settings\wlry\*.tmp files -> C:\Documents and Settings\wlry\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/13 22:05:14 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\wlry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/06/13 22:05:14 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\wlry\Start Menu\Programs\Internet Explorer.lnk

[2011/06/12 12:46:52 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\wlry\Desktop\rkill.com

[2011/06/12 12:20:15 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\1c2f2fa4

[2011/06/10 15:32:19 | 1064,357,888 | -HS- | C] () -- C:\hiberfil.sys

[2011/06/09 19:11:36 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\906051540

[2011/06/08 20:06:01 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn

[2011/06/08 20:06:01 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

[2011/06/08 09:47:24 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\wlry\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/06/08 09:47:24 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2011/06/08 09:47:24 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/06/06 21:21:40 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/06/06 20:37:00 | 000,711,728 | ---- | C] () -- C:\WINDOWS\is-DNSK4.exe

[2011/06/06 20:22:55 | 000,711,168 | ---- | C] () -- C:\WINDOWS\is-9TK3D.exe

[2011/06/06 19:38:02 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16441124r

[2011/06/06 19:38:02 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16441124

[2011/06/06 19:37:54 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16441124

[2011/06/06 10:21:41 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17948452r

[2011/06/06 10:21:41 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17948452

[2011/06/06 10:21:34 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17948452

[2011/04/01 16:48:31 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2011/04/01 16:48:30 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2011/04/01 16:48:30 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2011/04/01 16:48:13 | 000,000,299 | ---- | C] () -- C:\WINDOWS\EReg515.dat

[2011/04/01 16:46:07 | 000,000,115 | ---- | C] () -- C:\WINDOWS\disney.ini

[2011/02/12 12:03:23 | 000,030,464 | ---- | C] () -- C:\WINDOWS\macromix.dll

[2011/02/11 17:30:11 | 000,000,259 | ---- | C] () -- C:\WINDOWS\CHICKA.INI

[2011/02/11 17:30:11 | 000,000,046 | ---- | C] () -- C:\WINDOWS\DAVIDSON.INI

[2011/02/11 17:30:10 | 000,004,512 | ---- | C] () -- C:\WINDOWS\HMEW.DLL

[2011/02/09 18:39:19 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2011/01/28 10:29:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/01/13 16:32:39 | 000,000,652 | ---- | C] () -- C:\WINDOWS\hegames.ini

[2010/12/07 20:42:35 | 000,000,201 | ---- | C] () -- C:\WINDOWS\ka.ini

[2010/11/30 08:57:53 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2010/11/30 08:57:53 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2010/11/30 08:57:25 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2010/11/30 08:57:25 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2010/11/30 08:57:25 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2010/11/28 15:32:57 | 001,082,784 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/11/20 11:18:35 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini

[2010/11/17 20:35:58 | 000,000,312 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/11/17 12:45:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2010/05/10 18:08:27 | 000,000,065 | ---- | C] () -- C:\WINDOWS\PrintWorkShop2009LE.ini

[2009/04/11 07:14:19 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7040.dat

[2009/04/11 07:13:58 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI

[2008/01/28 09:34:30 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\wlry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/01/26 14:52:56 | 000,001,855 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008/01/08 21:13:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/01/08 18:28:47 | 000,000,474 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2008/01/08 18:28:30 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7020.dat

[2008/01/08 18:12:42 | 000,000,127 | -H-- | C] () -- C:\Documents and Settings\wlry\Local Settings\Application Data\fusioncache.dat

[2008/01/07 21:10:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/01/07 19:19:49 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI

[2008/01/07 18:43:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SKDAEMON.EXE

[2007/10/29 15:40:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007/10/29 15:39:15 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

[2007/10/29 15:38:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll

[2007/10/29 15:38:36 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll

[2007/10/29 15:32:05 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Welcome.ini

[2007/10/29 15:26:05 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll

[2007/10/29 15:25:47 | 000,004,902 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini

[2007/10/29 15:25:47 | 000,000,267 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini

[2007/10/29 15:14:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2007/10/29 15:07:46 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006/07/17 16:11:36 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll

[2006/02/09 07:20:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini

[2003/05/05 13:53:36 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll

[2003/02/19 17:39:14 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/02/19 17:32:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2003/02/19 17:25:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2003/02/19 17:19:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003/02/19 17:18:54 | 000,551,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2002/01/09 21:38:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe

[2001/08/23 11:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN

[2001/08/23 11:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT

[1980/01/01 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[1980/01/01 04:00:00 | 000,489,840 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[1980/01/01 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[1980/01/01 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[1980/01/01 04:00:00 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll

[1980/01/01 04:00:00 | 000,087,886 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[1980/01/01 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[1980/01/01 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[1980/01/01 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[1980/01/01 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

Link to post
Share on other sites

I am so FRUSTRATED!!! I can't get ComboFix to run. It gets to the blue screen where it's supposed to say ComboFix is preparing to run and it just hangs there. It's a blue screen with a flashing cursor. I've let it sit there for half an hour and nothing. Thanks for any help you can give me!

Link to post
Share on other sites

  • Staff

Try this instead.

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall /nombr

See if it will run successfully now. Stop it after half an hour of no activity.

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

  • Staff

Hi,

What happens when you click them?

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Let me know how it goes.

Link to post
Share on other sites

When I click run on the TDSSKiller it does nothing. dds.scr starts to scan and then just locks up and I have to do a hard reboot. ComboFix gets to the blue screen and then nothing, hard rebbot again. When I tried it in safe mode with your command prompt, it locked up after creating the restore point. I was able to download and run the Avira AntiVirus and was able to run SUPERAntiSpyware. This is a computer I brought from a work because I'm doing their books and it has Quick Books on it. It hadn't been updated in a long time. When I turned on automatic updates there were over 150 of them. It had SpyWare Nuker on it which I have since found out is Malware? MalewareBytes got rid of it. It has two hard drives C: and E:. So I don't know if maybe I'm doing something wrong. If something is turned on that needs to be checked or unchecked. Let me know if I need to do what you posted in your last post or if I need to start all over and look at some other issues that this computer might have? I don't know alot about this stuff but I am good at following step by step instructions ;)

Link to post
Share on other sites

HELP!!! I had already burned and ran the AVIRA rescue disk before I read your last post. It took me awhile to figure out how to change my boot sequence. However after running the scan, my computer will no longer boot up. I reset all the boot sequences to what they were but Windows will not load now. :(

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.