Thread: Start up Problem
View Single Post
Old 06-23-2009, 10:07 PM   #1 (permalink)
jfw04
Registered User
 
Join Date: Aug 2008
Posts: 20
OS: xp


Start up Problem
Hey guys. Sorry I hadn't managed to get to my apartment the last few weekends where my computer was located and was unable to respond to your posts so my thread was shut down. However, I now have my computer at home and will be able to respond in a timely manner.

The problem I am referring to can be found here: Start up problem

I followed the latest instructions and ran combo fix. I got an error "Date is '~' Run in reduced functionality mode, yes, no"

I also didn't have the "Microsoft Windows Recovery Console" and was unable to attain an internet connection to download it. (although I do have a working wireless connection to my other computer)

Anyways here is the log, thank you again for your continued assistance:

ComboFix 09-06-07.05 - Jeremy 06/17/2009 0:00.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1401 [GMT -4:00]
Running from: c:\documents and settings\Jeremy\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-06-16 01:37 . 2009-06-16 01:37 -------- d-----w- c:\windows\LastGood
2009-05-23 17:17 . 2009-05-23 17:17 390664 ----a-w- c:\documents and settings\Jeremy\Application Data\Real\RealPlayer\Update\RealPlayer11.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 21:20 . 2006-08-02 02:13 76184 -c--a-w- c:\documents and settings\Jeremy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-01 01:40 . 2006-09-08 01:20 -------- d-----w- c:\program files\Dl_cats
2009-05-30 00:12 . 2008-08-28 19:52 -------- d-----w- c:\program files\Panda Security
2009-05-26 00:41 . 2006-08-07 21:38 -------- d-----w- c:\program files\Encore
2009-05-26 00:41 . 2006-07-31 12:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-26 00:27 . 2007-09-12 09:01 -------- d-----w- c:\program files\REFPROP
2009-05-26 00:17 . 2008-12-19 03:11 -------- d-----w- c:\program files\AutoCAD Civil 3D 2009
2009-05-26 00:15 . 2007-04-30 14:54 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-05-26 00:15 . 2007-04-30 14:54 -------- d-----w- c:\program files\Autodesk
2009-05-26 00:15 . 2007-04-30 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-05-25 23:53 . 2007-10-17 08:41 -------- d-----w- c:\program files\AutoCAD Civil 3D 2008
2009-05-25 23:47 . 2007-04-30 14:55 -------- d-----w- c:\program files\AutoCAD 2008
2009-05-24 07:02 . 2009-01-13 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-23 17:56 . 2009-01-14 02:05 -------- d-----w- c:\program files\Rhapsody
2009-05-23 17:53 . 2007-11-29 06:08 -------- d-----w- c:\program files\Full Tilt Poker
2009-03-25 03:35 . 2009-03-25 03:35 624096 -c--a-w- c:\windows\system32\rn.tmp
2008-01-19 18:26 . 2008-01-19 18:19 58619176 -c--a-w- c:\program files\iTunesSetup.exe
2008-01-02 01:12 . 2008-01-02 01:12 1362812 -c--a-w- c:\program files\supcom_patch_3217_to_3220.exe
2007-12-29 02:52 . 2007-12-29 02:52 608744 -c--a-w- c:\program files\10_FOOT.exe
2007-12-29 02:51 . 2007-12-29 02:51 1530160 -c--a-w- c:\program files\Specialty.exe
2007-12-29 02:50 . 2007-12-29 02:50 3363139 -c--a-w- c:\program files\Lighting.exe
2007-12-29 02:36 . 2007-12-29 02:36 16469848 -c--a-w- c:\program files\Furniture.exe
2007-12-29 02:33 . 2007-12-29 02:33 676500 -c--a-w- c:\program files\12 Furnishings.exe
2007-12-29 02:32 . 2007-12-29 02:32 903030 -c--a-w- c:\program files\Plumbing.exe
2007-12-29 02:31 . 2007-12-29 02:31 567739 -c--a-w- c:\program files\Electrical.exe
2007-12-29 02:30 . 2007-12-29 02:11 6913973 -c--a-w- c:\program files\Cabinets.exe
2007-12-29 02:09 . 2007-12-29 02:08 6116610 -c--a-w- c:\program files\11 Equipment.exe
2007-12-29 02:07 . 2007-12-29 02:06 1539327 -c--a-w- c:\program files\10 Specialties.exe
2007-12-29 02:03 . 2007-12-29 02:03 15383765 -c--a-w- c:\program files\02 Site.exe
2007-12-28 17:53 . 2007-12-28 17:52 21321008 -c--a-w- c:\program files\QuickTimeInstaller.exe
2006-08-02 00:07 . 2006-08-02 00:07 56 --sh--r- c:\windows\system32\9485F0ABA8.sys
2006-10-06 23:22 . 2006-08-02 02:11 88 --sh--r- c:\windows\system32\A8ABF08594.sys
1601-01-01 00:12 . 1601-01-01 00:12 0 -csha-w- c:\windows\system32\dunanume.dll
2006-10-06 23:22 . 2006-08-02 00:07 5224 -csha-w- c:\windows\system32\KGyGaAvL.sys
1601-01-01 00:12 . 1601-01-01 00:12 0 -csha-w- c:\windows\system32\puhelupi.dll
1601-01-01 00:12 . 1601-01-01 00:12 0 -csha-w- c:\windows\system32\wuripowi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-10 7561216]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-27 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-11-08 16384]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-03-02 18944]

c:\documents and settings\Jeremy\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2009-1-20 1564672]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-9-28 6144]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\Jeremy\My Documents\My Pictures\Wall Papers\Tara Reid.jpg
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\twex.exe,"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3D max\\3dsmax.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1154478539\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Internet Explorer\\iexplore.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [1/20/2009 3:21 PM 238848]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [8/16/2005 10:06 PM 26488]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/23/2008 8:24 PM 24652]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [11/27/2006 1:54 PM 39048]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
*Deregistered* - TDSSserv.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55d21f11-1500-11dd-b9bc-00142253f85f}]
\Shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c4d4340-c8b4-11dd-ba00-0016b698575b}]
\Shell\AutoRun\command - L:\FalloutLauncher.exe
.
Contents of the 'Scheduled Tasks' folder

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2005-08-16 00:12]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
TCP: {C4D012DD-1A5A-4794-93FD-1120B279D2D7} = 128.118.25.3,130.203.1.4
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 00:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\TDSSpqlt.sys 60416 bytes executable
c:\docume~1\Jeremy\LOCALS~1\Temp\TDSSd768.tmp 102400 bytes executable
c:\docume~1\Jeremy\LOCALS~1\Temp\TDSSd778.tmp 617472 bytes executable
c:\windows\system32\twain32
c:\windows\system32\TDSShrsr.dll 29696 bytes executable
c:\windows\system32\TDSSkkbi.log 19899 bytes
c:\windows\system32\TDSSlxwp.dll 2753 bytes
c:\windows\system32\TDSSoiqn.dll 35840 bytes executable
c:\windows\system32\TDSSorvd.dat 441 bytes
c:\windows\system32\TDSSrtqp.dll 31232 bytes executable
c:\windows\system32\TDSSxfum.dll 61440 bytes executable

scan completed successfully
hidden files: 11

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpqlt.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2668950972-758518906-3952906369-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3d,69,20,c8,d5,4c,34,83,5f,82,3c,82,5e,59,a3,a7,76,3f,7d,ef,66,df,2e,
76,1b,1d,31,9d,c5,cc,51,9b,14,5f,17,d6,b7,71,19,6d,35,ca,b9,6b,fd,48,80,7c,\
"??"=hex:dd,ae,71,b1,c6,bb,2e,0c,40,eb,05,95,bb,7e,82,bb

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=expand:"\\systemroot\\system32\\drivers\\TDSSpqlt.sys"
"group"="file system"
.
Completion time: 2009-06-17 0:06
ComboFix-quarantined-files.txt 2009-06-17 04:06
ComboFix2.txt 2008-08-31 20:33

Pre-Run: 158,173,179,904 bytes free
Post-Run: 158,376,574,976 bytes free

204 --- E O F --- 2009-06-16 07:00
Last edited by jfw04; 06-23-2009 at 10:08 PM.
jfw04 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here