PDA

View Full Version : Infected System File


mmfavwest
2009-12-26, 20:15
http://forums.spybot.info/showthread.php?t=54095
mmfavwest
2009-12-26, 20:29
This has been a gnarly, time-consuming problem for me. I hope you will consider reopening my thread
http://forums.spybot.info/showthread.php?t=54095
The infected computer is not able to connect to the internet.

As Blade instructed, I downloaded GMER and DD via flashdrive. The GMER results follow, but DD seemed to hang. When I double-clicked DD nothing seemed to be happening except the CPU use went to 100%. I waited an hour and nothing changed.

I have backed up everything, but I have not used System Restore or wiped a hard drive before. Thanks.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2009-12-25 23:02:44
Windows 5.1.2600 Service Pack 3
Running: 8pky1uck.exe; Driver: C:\DOCUME~1\martha\LOCALS~1\Temp\fxlyqpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device -> \Driver\atapi \Device\Harddisk0\DR0 87341618

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
mmfavwest
2009-12-27, 00:28
I figured out how to disable script blocker and ran dds. Here are the two logs it created. Thank you so much!

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/20/2006 3:06:09 PM
System Uptime: 12/26/2009 2:51:55 PM (1 hours ago)

Motherboard: Dell Inc. | | 0HJ054
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 56.917 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1058: 9/27/2009 2:14:11 AM - Software Distribution Service 3.0
RP1059: 9/28/2009 2:07:54 PM - System Checkpoint
RP1060: 9/29/2009 2:37:49 PM - System Checkpoint
RP1061: 9/30/2009 4:00:23 PM - System Checkpoint
RP1062: 10/1/2009 6:22:52 PM - System Checkpoint
RP1063: 10/2/2009 9:12:19 PM - System Checkpoint
RP1064: 10/4/2009 1:01:39 PM - System Checkpoint
RP1065: 10/4/2009 10:51:09 PM - Software Distribution Service 3.0
RP1066: 10/6/2009 12:23:47 PM - System Checkpoint
RP1067: 10/7/2009 5:50:51 PM - System Checkpoint
RP1068: 10/9/2009 6:23:36 PM - System Checkpoint
RP1069: 10/11/2009 2:01:07 PM - System Checkpoint
RP1070: 10/12/2009 2:22:16 PM - System Checkpoint
RP1071: 10/13/2009 5:06:59 PM - System Checkpoint
RP1072: 10/14/2009 8:29:00 PM - System Checkpoint
RP1073: 10/14/2009 11:41:07 PM - Software Distribution Service 3.0
RP1074: 10/16/2009 2:20:34 PM - System Checkpoint
RP1075: 10/18/2009 10:31:23 AM - System Checkpoint
RP1076: 10/19/2009 11:29:26 AM - System Checkpoint
RP1077: 10/20/2009 12:07:53 AM - Software Distribution Service 3.0
RP1078: 10/21/2009 8:22:11 AM - System Checkpoint
RP1079: 10/22/2009 10:52:57 AM - System Checkpoint
RP1080: 10/23/2009 2:53:23 PM - System Checkpoint
RP1081: 10/24/2009 9:43:00 PM - System Checkpoint
RP1082: 10/26/2009 1:06:45 PM - System Checkpoint
RP1083: 10/27/2009 1:07:28 PM - System Checkpoint
RP1084: 10/28/2009 4:37:03 PM - System Checkpoint
RP1085: 10/28/2009 10:44:22 PM - Software Distribution Service 3.0
RP1086: 10/30/2009 12:11:41 PM - System Checkpoint
RP1087: 10/31/2009 1:08:37 PM - System Checkpoint
RP1088: 11/2/2009 11:24:45 AM - System Checkpoint
RP1089: 11/2/2009 1:33:17 PM - Software Distribution Service 3.0
RP1090: 11/3/2009 2:16:10 PM - System Checkpoint
RP1091: 11/4/2009 6:06:26 PM - System Checkpoint
RP1092: 11/5/2009 7:27:07 PM - System Checkpoint
RP1093: 11/6/2009 8:22:18 PM - System Checkpoint
RP1094: 11/8/2009 12:43:42 PM - System Checkpoint
RP1095: 11/9/2009 7:29:05 PM - System Checkpoint
RP1096: 11/12/2009 12:49:08 PM - System Checkpoint
RP1097: 11/13/2009 4:51:24 PM - System Checkpoint
RP1098: 11/13/2009 11:45:23 PM - Software Distribution Service 3.0
RP1099: 11/15/2009 7:22:59 PM - System Checkpoint
RP1100: 11/16/2009 7:51:27 PM - System Checkpoint
RP1101: 11/17/2009 10:08:03 PM - System Checkpoint
RP1102: 11/19/2009 8:04:02 AM - System Checkpoint
RP1103: 11/20/2009 2:21:56 PM - System Checkpoint
RP1104: 11/22/2009 12:07:28 PM - System Checkpoint
RP1105: 11/23/2009 1:12:14 PM - System Checkpoint
RP1106: 11/24/2009 3:44:36 PM - System Checkpoint
RP1107: 11/25/2009 6:19:00 PM - System Checkpoint
RP1108: 11/26/2009 12:44:51 AM - Software Distribution Service 3.0
RP1109: 11/27/2009 9:03:56 AM - System Checkpoint
RP1110: 11/27/2009 11:17:12 PM - Software Distribution Service 3.0
RP1111: 11/29/2009 2:05:04 PM - System Checkpoint
RP1112: 11/30/2009 11:43:46 AM - Software Distribution Service 3.0
RP1113: 12/1/2009 12:42:25 PM - System Checkpoint
RP1114: 12/2/2009 1:00:12 PM - System Checkpoint
RP1115: 12/3/2009 4:42:12 PM - System Checkpoint
RP1116: 12/4/2009 6:10:48 PM - System Checkpoint
RP1117: 12/5/2009 5:51:44 PM - Software Distribution Service 3.0
RP1118: 12/6/2009 10:06:06 PM - System Checkpoint
RP1119: 12/8/2009 12:23:37 AM - System Checkpoint
RP1120: 12/9/2009 4:17:57 AM - System Checkpoint
RP1121: 12/9/2009 7:18:58 PM - Software Distribution Service 3.0
RP1122: 12/9/2009 11:35:34 PM - Software Distribution Service 3.0
RP1123: 12/10/2009 12:37:14 AM - Software Distribution Service 3.0
RP1124: 12/10/2009 11:19:43 AM - Installed McAfee Virtual Technician
RP1125: 12/10/2009 4:36:47 PM - Software Distribution Service 3.0
RP1126: 12/11/2009 3:00:19 AM - Software Distribution Service 3.0
RP1127: 12/11/2009 11:38:02 AM - Software Distribution Service 3.0
RP1128: 12/11/2009 7:46:40 PM - Installed Windows Internet Explorer 8.
RP1129: 12/11/2009 10:46:33 PM - Removed Get High Speed Internet!
RP1130: 12/11/2009 11:26:04 PM - Software Distribution Service 3.0
RP1131: 12/12/2009 1:34:48 PM - Software Distribution Service 3.0
RP1132: 12/12/2009 6:21:50 PM - Microsoft Antimalware Checkpoint
RP1133: 12/12/2009 7:00:48 PM - Software Distribution Service 3.0
RP1134: 12/12/2009 9:31:41 PM - Software Distribution Service 3.0
RP1135: 12/18/2009 5:27:13 PM - System Checkpoint
RP1136: 12/18/2009 5:35:49 PM - Microsoft Antimalware Checkpoint
RP1137: 12/19/2009 6:31:24 PM - System Checkpoint
RP1138: 12/19/2009 7:00:16 PM - Software Distribution Service 3.0
RP1139: 12/20/2009 11:29:17 AM - Microsoft Antimalware Checkpoint
RP1140: 12/21/2009 1:49:10 PM - System Checkpoint
RP1141: 12/22/2009 11:15:49 AM - Microsoft Antimalware Checkpoint
RP1142: 12/23/2009 6:43:49 PM - System Checkpoint
RP1143: 12/25/2009 7:00:17 PM - Software Distribution Service 3.0
RP1144: 12/25/2009 7:35:31 PM - Installed DirectX
RP1145: 12/25/2009 8:49:32 PM - Microsoft Antimalware Checkpoint

==== Installed Programs ======================

924PLC32
ABBYY FineReader 6.0 Sprint
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Age of Empires III
Age of Mythology
AOLIcon
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AutoUpdate
avast! Antivirus
Baldur's Gate(TM) II - Shadows of Amn(TM) Bonus CD
Baldur's Gate(TM) II - Throne of Bhaal (TM)
Bonjour
Civilization III - Gold Edition
Civilization: Call To Power
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
D&D 3.5 DM Tools v0.40.5
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Photo AIO Printer 924
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dragon Age: Origins
EarthLink setup files
EducateU
ELIcon
ERUNT 1.1j
ESPNMotion
GemMaster Mystic
Gnumeric Spreadsheet (With Gtk+ 2.6.10) 1.6.3-win32-2
Hexwar Game Launcher
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
InstallMgr
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing Platinum 20
McAfee QuickClean 6.1
McAfee Virtual Technician
MCU
MGI PhotoSuite 8.1 (Remove Only)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 6-9 Converter
Modem Helper
Mozilla Firefox (3.0.15)
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
Neverwinter Nights 2
NVIDIA PhysX
OpenOffice.org 2.4
Otto
Pidgin
PrimoPDF -- brought to you by Nitro PDF Software
Project64 1.6
QuickTime
RealPlayer Basic
Rome - Total War
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
RunAlyzer
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype™ 3.8
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
TeamSpeak 2 RC2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Ventrilo Client
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
Yahoo! Messenger
Zed 3

==== Event Viewer Messages From Past Week ========

12/25/2009 9:35:58 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.F&threatid=2147629654 User: NEWTHING\martha Name: Virus:Win32/Alureon.F ID: 2147629654 Severity: Severe Category: Virus Path: driver:atapi Action: Remove Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. To see how to finish removing spyware and other potentially unwanted software, see this support article on the Microsoft Security website. Signature Version: AV: 1.71.745.0, AS: 1.71.745.0 Engine Version: 1.1.5302.0
12/25/2009 8:37:31 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\atapi.sys could not be copied into the DLL cache. The specific error code is 0x00000000 [The operation completed successfully. ]. This file is necessary to maintain system stability.
12/25/2009 8:02:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows CardSpace service to connect.
12/25/2009 8:02:36 PM, error: Service Control Manager [7000] - The Windows CardSpace service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/25/2009 6:46:48 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/25/2009 6:46:48 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/25/2009 6:46:48 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/25/2009 6:46:48 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/25/2009 6:46:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/25/2009 6:38:08 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service dlcc_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441069}
12/25/2009 6:38:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dlcc_device service to connect.
12/25/2009 6:38:04 PM, error: Service Control Manager [7000] - The dlcc_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/25/2009 6:36:46 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
12/25/2009 6:36:46 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
12/22/2009 12:11:16 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/22/2009 11:25:36 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.F&threatid=2147629654 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Alureon.F ID: 2147629654 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.71.745.0, AS: 1.71.745.0 Engine Version: 1.1.5302.0
12/22/2009 11:15:51 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.F&threatid=2147629654 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Alureon.F ID: 2147629654 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.71.745.0, AS: 1.71.745.0 Engine Version: 1.1.5302.0
12/22/2009 11:13:58 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\atapi.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/21/2009 12:11:17 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/21/2009 12:11:17 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/21/2009 12:11:17 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/21/2009 12:11:17 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/21/2009 12:11:15 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/20/2009 2:05:01 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/20/2009 2:05:01 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/20/2009 2:05:01 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/20/2009 2:05:01 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/20/2009 2:05:00 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/20/2009 12:11:16 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/20/2009 12:11:16 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/20/2009 12:11:16 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/20/2009 12:11:16 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/20/2009 12:11:15 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/19/2009 4:16:40 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NEWTHING\martha Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/19/2009 4:16:40 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NEWTHING\martha Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/19/2009 4:16:40 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NEWTHING\martha Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/19/2009 4:16:40 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5302.0&avdelta=1.71.745.0&asdelta=1.71.745.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NEWTHING\martha Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/19/2009 4:16:38 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.71.745.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/19/2009 2:23:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the crd service to connect.
12/19/2009 2:23:31 PM, error: Service Control Manager [7000] - The crd service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/19/2009 2:12:43 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================


DDS (Ver_09-12-01.01) - NTFSx86
Run by martha at 15:13:53.67 on Sat 12/26/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.450 [GMT -8:00]

AV: avast! antivirus 4.8.1368 [VPS 091127-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning enabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [McAfee QuickClean Imonitor] c:\program files\mcafee\mcafee quickclean\Plguni.exe /START
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\martha\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\martha\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169777981605
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\martha\applic~1\mozilla\firefox\profiles\cf8kp9ez.default\
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-11 114768]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-11 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-11 138680]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S1 byaxaycr;byaxaycr;\??\c:\windows\system32\drivers\byaxaycr.sys --> c:\windows\system32\drivers\byaxaycr.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-11 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-11 352920]

=============== Created Last 30 ================

2009-12-26 05:35:58 30784 ----a-w- c:\windows\system32\drivers\hmfnerko.sys
2009-12-26 05:29:27 96512 ------w- c:\windows\system32\drivers\atapi.sys47A98563
2009-12-26 05:29:27 30784 ----a-w- c:\windows\system32\drivers\umaecjcn.sys
2009-12-26 05:19:26 96512 ------w- c:\windows\system32\drivers\atapi.sysABABF7EF
2009-12-26 05:19:26 30784 ----a-w- c:\windows\system32\drivers\hdoyoclr.sys
2009-12-26 05:09:26 96512 ------w- c:\windows\system32\drivers\atapi.sys4261C3E3
2009-12-26 05:09:26 30784 ----a-w- c:\windows\system32\drivers\fdlexgbl.sys
2009-12-26 04:59:25 96512 ------w- c:\windows\system32\drivers\atapi.sys4F47BBB5
2009-12-26 04:59:25 30784 ----a-w- c:\windows\system32\drivers\ogtyaigk.sys
2009-12-26 04:49:32 96512 ----a-w- c:\windows\system32\drivers\atapi.sys4ABE2D83
2009-12-26 04:49:32 30784 ----a-w- c:\windows\system32\drivers\qiakcicn.sys
2009-12-26 03:37:02 0 d-----w- c:\windows\system32\AGEIA
2009-12-26 03:35:50 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-12-26 03:09:19 0 d-----w- c:\program files\Dragon Age
2009-12-26 03:09:12 0 d-----w- c:\program files\common files\BioWare
2009-12-13 03:03:24 0 d-----w- c:\windows\ie8updates
2009-12-13 02:35:16 30784 ----a-w- c:\windows\system32\drivers\wkjcbkvc.sys
2009-12-12 22:29:40 0 d-----w- c:\program files\Trend Micro
2009-12-12 21:19:51 2 ----a-w- c:\windows\msoffice.ini
2009-12-12 19:33:17 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-12 19:33:17 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-12 06:33:24 0 d-sh--w- c:\documents and settings\martha\IECompatCache
2009-12-12 06:24:00 0 d-sh--w- c:\documents and settings\martha\IETldCache
2009-12-12 03:45:06 0 dc-h--w- c:\windows\ie8
2009-12-11 22:37:19 0 d-----w- c:\docume~1\martha\applic~1\McAfee
2009-12-11 22:37:02 0 d-----w- c:\program files\McAfee
2009-12-11 19:38:10 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-11 19:25:37 0 d-----w- c:\program files\Microsoft Security Essentials
2009-12-11 06:28:33 0 d-----w- c:\docume~1\martha\applic~1\Malwarebytes
2009-12-11 06:28:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-11 06:28:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-11 06:28:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-11 06:28:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-11 02:34:36 0 d-----w- c:\program files\Safer Networking
2009-12-11 01:34:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2009-12-11 01:23:13 0 d-----w- c:\program files\Citrix
2009-12-11 01:22:52 61224 ----a-w- c:\documents and settings\martha\GoToAssistDownloadHelper.exe
2009-12-10 22:09:46 3248 ----a-w- c:\windows\system32\wbem\Outlook_01ca79e57b7e8ea6.mof

==================== Find3M ====================

2009-12-26 05:36:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-21 02:29:52 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-10 00:54:47 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-10-29 07:46:51 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2009-10-29 07:45:37 5940736 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-29 07:45:37 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2009-10-29 07:45:37 1208832 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2009-10-29 07:45:35 594432 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-29 07:45:35 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-29 07:45:35 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2009-10-29 07:45:34 1985536 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2009-10-29 07:45:34 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2009-10-29 07:45:33 11069952 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2009-10-29 07:45:32 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2009-10-28 14:40:47 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-08-11 22:17:18 88 -csh--r- c:\windows\system32\1AE28C3BC9.sys
2009-01-02 03:10:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010120090102\index.dat

============= FINISH: 15:16:19.21 ===============
mmfavwest
2009-12-28, 03:12
Dear Friends,
You can close this thread. I have reset the system on my Dell with PC Restore.

Although we never exactly connected, and I might have screwed up the way I posted and re-posted, nevertheless this forum has been extremely helpful. I'm going to post another thread to try to make sure your volunteers don't spend time on this.

Thank you, Blade, and all you Anti-Malware Volunteers!

http://forums.spybot.info/showthread.php?t=54396