BleepingComputer.com: Cannot run MBAM, Rkill or Combo Fix - all .exe not responding

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 6 Pages +
  • 1
  • 2
  • 3
  • 4
  • 5
  • Last »
  • You cannot start a new topic
  • This topic is locked

Cannot run MBAM, Rkill or Combo Fix - all .exe not responding

#31 User is offline   thcbytes 

  • Bleepin' Teacher
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 12,271
  • Joined: 09-December 08
  • Gender:Male

Posted 21 November 2009 - 06:14 PM

Arghhh :(
Sorry.

What specifically preceded the "crash"?
Do you have your Windows XP install disc?
When you boot you should get a quick option to boot Windows Xp or the Recovery Console. Please boot up and use your down arrow to enter the Recovery Console! See below.....

Please save the following instructions into Notepad and print it out as this webpage would not be available when you're carrying out the process.

Restart your computer
Before Windows loads, you will be prompted to choose which Operating System to start.
Use the up and down arrow key to select Microsoft Windows Recovery Console.
You must enter which Windows installation to log onto. Type 1 and press enter.
At the C:\Windows prompt, type the following bolded text, and press Enter:

cd erdnt\hiv-backup

6. At the next prompt, type the following bolded text, and press Enter:

batch erdnt.con

7. The erunt backups will begin copying.
8. At the next prompt, type the following bolded text, and press Enter:

exit

Windows will now begin loading.
Success?

Please post back the answers to my questions also.

Kind regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html

#32 User is offline   JCONTELL 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 55
  • Joined: 15-November 09

Posted 22 November 2009 - 02:02 PM

I was able to complete the steps you recommended however, windows did not start. There is a count down of seconds until Windows starts and then everything starts over..."We apologize for the inconvenience, but Windows did not start successfully..... "

In the instructions you gave it said to hit "type 1" but that was D: and it did not recognize the commands. Next I hit type 2 - which brought up the C prompt and all the commands seemed to work. This is probably insignificant, huh???

I cannot put my hands on the Windows XP install disc at the moment but it has to be somewhere - is that the next step - to find the disc and reinstall XP? What if I can't find it?

Here is what was done prior to the freeze which caused the "crash". I went to AVG and reactivated the protection - I had disabled to rerun MBAM. My husband and mother went to the following sites: www.suddenlink.net (e-mail); www.accuweather.com; www.foodnetwork.com and www.betcoastal.com. They did not realize the computer was still having issues. Since we started communication I haven't downloaded anything (my husband and mom said they haven't either - just visited the sites mentioned above).

I have a feeling this is BAD!

#33 User is offline   thcbytes 

  • Bleepin' Teacher
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 12,271
  • Joined: 09-December 08
  • Gender:Male

Posted 22 November 2009 - 06:03 PM

Yes. We want all the commands for the C:\drive.

No!!! All hope is not lost. I may very well be able to get you booting again. I absolutely will be able to help you recover your files and folders even if we can't get your computer booting.

Alright.

Do this first....
  • Restart your computer
  • Before Windows loads, you will be prompted to choose which Operating System to start.
  • Use the up and down arrow key to select Microsoft Windows Recovery Console.
  • You must enter which Windows installation to log onto. Type 2 and press enter. The C:\ prompt!
  • A command prompt will open
  • Type the green bolded one line at a time and press Enter after entering each line.

chkdsk /r
fixboot
ren C:\Boot.ini Boot.ini.bak
bootcfg /rebuild
  • The first prompt should ask Add installation to boot list? (Yes/No/All).
  • Type Y in response to this question and press Enter.
  • The next prompt asks you to Enter Load Identifier:
  • This is the name of the operating system, type Windows XP Professional and press Enter.
  • The final prompt asks you to Enter OS Load options:
  • Type /Fastdetect here and press Enter.
  • Type exit and press Enter.
Reboot.

Success?

Thanks,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html

#34 User is offline   JCONTELL 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 55
  • Joined: 15-November 09

Posted 22 November 2009 - 08:18 PM

Thanks for the positive attitude!

That didn't work. On the screen with the Windows Recovery Console option it now shows Windows XP Professional and Windows XP Media Center Addition - I only remember one of those options before I did those last steps. I think it was the XP Media Center Edition. Let me know my next step oh great computer guru.

#35 User is offline   JCONTELL 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 55
  • Joined: 15-November 09

Posted 22 November 2009 - 09:37 PM

OOPS - I meant Windows XP Media Center Edition - should I try those same steps and use Windows XP Media Center Edition instead of Windows XP Professional?

#36 User is offline   thcbytes 

  • Bleepin' Teacher
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 12,271
  • Joined: 09-December 08
  • Gender:Male

Posted 22 November 2009 - 09:39 PM

Hang in there.....

==========

Got some work for you to do now :( .....

==========

First....

Restart your computer
Before Windows loads, you will be prompted to choose which Operating System to start.
Use the up and down arrow key to select Microsoft Windows Recovery Console.
You must enter which Windows installation to log onto. Type the number that corresponds to your OS and press enter.
At the C:\Windows prompt, type the following bolded text, and press Enter:

copy c:\windows\system32\dllcache\pciide.sys c:\windows\system32\drivers

At the next prompt, type the following bolded text, and press Enter:

exit

Windows will now begin loading.
Success?

==========

Next......

Restart your computer
Before Windows loads, you will be prompted to choose which Operating System to start.
Use the up and down arrow key to select Microsoft Windows Recovery Console.
You must enter which Windows installation to log onto. Type the number that corresponds to your OS and press enter.
At the C:\Windows prompt, type the following bolded text, and press Enter:

cd erdnt\subs

At the next prompt, type the following bolded text, and press Enter:

batch erdnt.con

The erunt backups will begin copying.
At the next prompt, type the following bolded text, and press Enter:

exit

Windows will now begin loading.
Success?

==========

Next......

Let's now create a boot disc so that you can access your files and folders and so I can get a look at a log.....

*** Please print these instructions ***
  • Download Hiren's BootCD Iso to the desktop of a clean computer.
  • Extract the zipped HirensBootCD.zip to your desktop.
  • Open the extracted HirensBootCD folder and extract the zipped HirensBootCD.iso.
  • Double click the BurnToCD.cmd bat file contained in the HirensBootCD folder. This will launch BurnCDCC.
  • Insert a blank CD in your drive.
  • Press Start. This will burn the image to disc. After it has completed...
  • Restart your sick computer and boot from the HBCD you created.
    • If your PC is not booting from the CD, you need to change the boot order:
      • Restart your PC
      • As soon as you get an image, press the Setup key. This is usually F2, F10, F12 or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
      • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
      • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
      • The tab should now show your current boot order.
      • If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
      • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.

    • Your PC should now boot from your CD.
    • Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

  • When the CD boots choose "Start MiniWindowsXP". Allow Windows to load. You will see a typical Windows Desktop.
  • You will be able to access your sick drive and save files/folders from here. Let me know when you have gotten this far and I can guide you.
  • If you have an Ethernet connection you can double click the Network icon on the desktop to gain internet access. You will need to choose the "BootCDWinTools" icon on your Desktop. Choose "Menu" - "Browsers" - "Opera".
  • You should now be connected to the internet.
  • Navigate here to the forum and click this link.
  • Download the program and save it to the desktop.
  • Once saved, close all other windows then double click the program to run it.
  • When completed, a log will open.
  • Save the log to the desktop using File>Save as, then post the log in a reply.

    Please note: If you are unable to connect to the internet then please download to a flash drive on a clean computer and transfer to the sick computer to run!


  • In addition you now have access to all your files and folders amoungst many other utilities that we might need to use later. :(
  • If you double click your Windows Explorer icon on your desktop you will be able to access your hard drive.

Post when ready. You can post from your HBCD Opera browser. I would prefer that if your able.

Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html

#37 User is offline   JCONTELL 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 55
  • Joined: 15-November 09

Posted 22 November 2009 - 09:57 PM

YES! the first step worked - on to the next step.

#38 User is offline   JCONTELL 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 55
  • Joined: 15-November 09

Posted 22 November 2009 - 10:00 PM

Yippee - second step a success!

#39 User is offline   JCONTELL 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 55
  • Joined: 15-November 09

Posted 22 November 2009 - 10:05 PM

I've got to do the next step from another computer tomorrow. I'm working on my company laptop and I cannot burn a CD. Have a GREAT evening.

#40 User is offline   thcbytes 

  • Bleepin' Teacher
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 12,271
  • Joined: 09-December 08
  • Gender:Male

Posted 22 November 2009 - 10:22 PM

Cool :(

You can create the HBCD if you desire but it is not necessary if you are now able to boot!

Warning!!!! Your computer is still infected. Please limit use of that computer and only visit sites I direct you to for now!!!!

Lets see a log. Please right click and delete OTL and Combofix.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

==========

With your next post please provide:

* OTL.txt
* Extra.txt
* RootRepeal log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html

#41 User is offline   JCONTELL 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 55
  • Joined: 15-November 09

Posted 23 November 2009 - 11:46 AM

OTL logfile created on: 11/23/2009 10:39:22 AM - Run 2
OTL by OldTimer - Version 3.1.7.0 Folder = C:\Documents and Settings\Owner.JENNIFER\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.42 Mb Total Physical Memory | 571.96 Mb Available Physical Memory | 55.94% Memory free
2.21 Gb Paging File | 1.85 Gb Available in Paging File | 83.78% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.03 Gb Total Space | 155.88 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive D: | 4.27 Gb Total Space | 2.38 Gb Free Space | 55.81% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNIFER
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/23 09:44:25 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.JENNIFER\Desktop\OTL.exe
PRC - [2008/08/30 10:22:33 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/08/30 10:22:33 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/04/13 18:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/13 18:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 21:45:36 | 01,675,264 | ---- | M] (D-Link) -- C:\Program Files\D-Link\D-Link Wireless N DWA-130\AirNCFG.exe
PRC - [2007/12/11 12:10:26 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/12/11 12:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/12/11 10:56:54 | 00,286,720 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/06/25 10:29:20 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2007/02/06 13:32:56 | 00,138,240 | ---- | M] (Countrywide Home Loans) -- C:\Program Files\Countrywide\Bprint.exe
PRC - [2007/01/19 10:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2007/01/15 13:23:48 | 00,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/07/25 17:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/07/21 16:15:40 | 00,122,880 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
PRC - [2006/07/21 16:15:40 | 00,086,016 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
PRC - [2006/05/21 23:50:14 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/12/28 05:21:37 | 00,270,336 | ---- | M] () -- C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
PRC - [2005/12/15 13:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2005/12/09 19:44:40 | 00,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/11/04 15:04:48 | 00,176,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2005/10/11 13:47:58 | 02,168,360 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
PRC - [2005/09/14 12:38:00 | 14,820,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/09/06 15:51:08 | 00,053,248 | ---- | M] (Alexandria Software Consulting) -- C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
PRC - [2005/09/06 15:50:50 | 00,045,056 | ---- | M] (Nortel Networks) -- C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE
PRC - [2005/08/05 22:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2005/08/05 22:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
PRC - [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2004/12/08 18:57:36 | 00,550,912 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
PRC - [2003/09/29 06:10:00 | 00,237,657 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\mcshield.exe
PRC - [2003/09/29 06:10:00 | 00,081,990 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe
PRC - [2003/09/29 06:10:00 | 00,069,706 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
PRC - [2003/09/10 02:11:00 | 00,127,058 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2003/09/10 02:11:00 | 00,106,586 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2002/10/06 23:23:20 | 00,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
PRC - [2002/09/27 00:13:22 | 00,172,032 | ---- | M] () -- C:\Program Files\Digital Lifeline\bin\mpbtn.exe
PRC - [2002/04/17 09:49:16 | 00,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 09:42:56 | 00,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (SafeList) ==========

MOD - [2009/11/23 09:44:25 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.JENNIFER\Desktop\OTL.exe
MOD - [2008/04/13 18:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 18:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2004/02/11 16:58:16 | 00,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner.JENNIFER\Local Settings\Temp\IadHide5.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (KodakCCS)
SRV - [2008/08/30 10:22:33 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/12/11 12:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/08/09 01:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/26 09:40:30 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/01/19 10:49:26 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/07/27 20:00:40 | 01,306,624 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2006/07/25 17:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 17:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/07/21 16:15:40 | 00,122,880 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2006/07/21 16:15:40 | 00,086,016 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2006/05/21 23:50:14 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/12/15 13:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2005/09/18 09:32:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/09/06 15:51:08 | 00,053,248 | ---- | M] (Alexandria Software Consulting) -- C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe -- (tunnelguardservice)
SRV - [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2005/08/03 19:05:55 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2003/09/29 06:10:00 | 00,237,657 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\mcshield.exe -- (McShield)
SRV - [2003/09/29 06:10:00 | 00,069,706 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe -- (McTaskManager)
SRV - [2003/09/10 02:11:00 | 00,106,586 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/01 13:15:36 | 00,560,896 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/23 12:57:34 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\iPassP.sys -- (iPassP) iPass Protocol (IEEE 802.1x)
DRV - [2007/05/12 15:39:32 | 00,028,195 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2006/11/02 16:57:04 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/08/28 21:48:26 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/28 21:48:26 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/05/21 23:48:20 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/05/09 16:47:10 | 00,024,521 | ---- | M] (Nortel Networks) -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2006/05/09 16:46:42 | 00,155,216 | ---- | M] (Nortel Networks NA, Inc.) -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2006/05/09 16:46:42 | 00,155,216 | ---- | M] (Nortel Networks NA, Inc.) -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2005/10/28 11:01:28 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/10/28 11:01:28 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/10/28 11:01:28 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/09/23 15:26:40 | 01,094,751 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/09/20 10:22:37 | 00,009,344 | R--- | M] (Hewlett Packard) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/09/18 09:32:00 | 03,493,984 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/09/14 12:38:00 | 03,856,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/29 18:11:04 | 00,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 18:11:02 | 00,034,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/09 16:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/07 18:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/10/07 19:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/10 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/09/29 06:10:00 | 00,083,008 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2003/01/10 15:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 22:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001/08/17 11:50:00 | 00,320,384 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\drivers\mgaum.sys -- (mgau)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...P&M=GT4023E
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...P&M=GT4023E
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.suddenlink.net/
IE - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006\S-1-5-21-1556071746-3924876222-4190336600-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 07:41:56 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (no name) - {5448e61a-7de6-4d1e-9422-042f91ac1359} - File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [combofix] C:\thcbytes\CF31243.cfx File not found
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-130] C:\Program Files\D-Link\D-Link Wireless N DWA-130\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [hofesavega] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [kesetotev] C:\WINDOWS\System32\jiyanoge.DLL File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe File not found
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PrintScreen] C:\Program Files\Countrywide\Bprint.exe (Countrywide Home Loans)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-18..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TunnelGuard Tray Monitor.lnk = C:\WINDOWS\Installer\{5650A422-0789-473F-B2C7-6C3D10CC9FFB}\Icon079d381e2.exe ()
O4 - Startup: C:\Documents and Settings\Owner.JENNIFER\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006\..Trusted Domains: cwinsider.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1556071746-3924876222-4190336600-1006\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0AA2D4B3-27C3-42CB-B671-8B6CF97AE4FE} https://www.cwinsider.com/cwi/frntd/advantedge/TSAEButn.cab (TSAEButton Class)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.cwinsider.com/cwi/go.asp?http:/...rt//ScriptX.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2797548A-1E33-4717-A979-586A8539415F} https://ioriginateb.countrywide.com/NXF/Acc...Accelerator.cab (Cache Class)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://ive.cwinsider.com/,DanaInfo=.aPmcGs...va+iNotes6W.cab (iNotes6 Class)
O16 - DPF: {413D6754-BFD4-47FE-9346-319559290BFA} https://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab (HTECtrl Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7114683A-020D-4D16-80FD-6ACE384B66DF} https://ive.cwinsider.com:11002/fpspr70.cab (FarPoint Spread 7.0 (OLEDB))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...ows-i586-jc.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} http://advweb.countrywide.com/supportfiles/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.38.44/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://countrywide.webex.com/client/T25L/t...ing/ieatgpc.cab (GpcContainer Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: hutijujof - {bed19cac-7876-4ab6-9b55-b156ece3c7a3} - C:\WINDOWS\System32\jiyanoge.dll File not found
O22 - SharedTaskScheduler: {bed19cac-7876-4ab6-9b55-b156ece3c7a3} - kupuhivus - C:\WINDOWS\System32\jiyanoge.dll File not found
O24 - Desktop Components:0 () - http://www.webkinz.com/assets/images/splash/splash.jpg
O24 - Desktop Components:1 () - http://www.webkinz.com/assets/images/logos...ebkinz_fill.png
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 19:13:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/23 09:44:24 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.JENNIFER\Desktop\OTL.exe
[2009/11/20 16:51:48 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/20 16:51:46 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/20 16:45:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/20 12:11:34 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/20 12:11:23 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/20 12:11:23 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/20 12:11:19 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/20 12:11:18 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/20 12:11:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/11/20 12:11:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/20 12:10:49 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/20 12:10:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/20 11:24:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/11/20 11:16:50 | 00,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciide.sys
[2009/11/20 11:16:50 | 00,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciide.sys
[2009/11/18 20:47:52 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/17 15:32:26 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/17 15:31:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/17 15:31:10 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/17 15:31:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/17 15:31:10 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/15 17:37:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/15 17:16:58 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/15 17:15:15 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/10/25 17:00:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[3 C:\Documents and Settings\Owner.JENNIFER\My Documents\*.tmp files -> C:\Documents and Settings\Owner.JENNIFER\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/23 10:35:56 | 00,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{77E18416-5DDE-42EA-84B3-F7E3BE09103C}
[2009/11/23 10:35:40 | 00,000,006 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{77E18416-5DDE-42EA-84B3-F7E3BE09103C}
[2009/11/23 09:44:25 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.JENNIFER\Desktop\OTL.exe
[2009/11/23 09:37:39 | 00,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/23 09:37:39 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/23 09:37:39 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/23 09:35:18 | 00,542,720 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/11/23 09:35:17 | 00,401,408 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/11/23 09:34:22 | 00,000,965 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/23 09:34:19 | 00,002,455 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TunnelGuard Tray Monitor.lnk
[2009/11/23 09:34:15 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/23 09:34:05 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2009/11/23 09:33:59 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/23 09:33:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/23 09:33:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/23 09:33:27 | 10,721,56672 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/22 21:12:37 | 04,718,592 | ---- | M] () -- C:\Documents and Settings\Owner.JENNIFER\NTUSER.DAT
[2009/11/22 21:12:37 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner.JENNIFER\ntuser.ini
[2009/11/22 21:05:17 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/11/22 14:41:40 | 00,000,453 | RHS- | M] () -- C:\boot.ini
[2009/11/21 08:16:51 | 45,542,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/21 08:16:25 | 00,098,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/20 16:51:50 | 00,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/20 13:51:08 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/11/20 13:51:06 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/20 12:11:23 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/20 12:11:23 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/20 12:11:23 | 00,001,546 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/20 12:11:19 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/20 12:11:18 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/20 12:11:18 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/20 12:11:11 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/20 12:11:11 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/20 11:19:11 | 00,000,282 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/20 11:18:36 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/18 20:29:44 | 00,843,167 | ---- | M] () -- C:\Documents and Settings\Owner.JENNIFER\Desktop\SecurityCheck.exe
[2009/11/18 19:54:45 | 00,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/18 19:38:00 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/18 19:27:56 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rinuluge
[2009/11/17 15:32:38 | 00,000,279 | RHS- | M] () -- C:\WINDOWS\Boot.ini.bak
[2009/11/17 15:23:29 | 00,055,808 | ---- | M] () -- C:\Documents and Settings\Owner.JENNIFER\My Documents\Resume - Jennifer Deering.doc
[2009/11/17 11:49:37 | 00,288,256 | ---- | M] () -- C:\Documents and Settings\Owner.JENNIFER\Desktop\exeHelper.com
[2009/11/17 11:47:27 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Owner.JENNIFER\Desktop\rkill.pif
[2009/11/16 15:16:00 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Owner.JENNIFER\Desktop\Win32kDiag.exe
[2009/11/16 14:49:59 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Owner.JENNIFER\Desktop\rkill.exe
[2009/11/16 14:47:59 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Owner.JENNIFER\Desktop\rkill.com
[2009/11/16 14:45:24 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Owner.JENNIFER\Desktop\rkill.scr
[2009/11/14 16:53:11 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/04 17:45:13 | 00,058,368 | ---- | M] () -- C:\Documents and Settings\Owner.JENNIFER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/04 13:44:49 | 01,163,264 | ---- | M] () -- C:\Documents and Settings\Owner.JENNIFER\My Documents\Christmas McLain family gathering.doc
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[3 C:\Documents and Settings\Owner.JENNIFER\My Documents\*.tmp files -> C:\Documents and Settings\Owner.JENNIFER\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/22 13:04:22 | 00,000,453 | RHS- | C] () -- C:\boot.ini
[2009/11/20 16:51:50 | 00,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/20 12:11:23 | 00,001,546 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/20 12:11:18 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/20 12:11:11 | 45,542,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/20 12:11:11 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/20 12:11:11 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/20 12:11:11 | 00,098,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/18 20:29:40 | 00,843,167 | ---- | C] () -- C:\Documents and Settings\Owner.JENNIFER\Desktop\SecurityCheck.exe
[2009/11/17 15:32:38 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/11/17 15:32:34 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/17 15:31:10 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/17 15:31:10 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/17 15:31:10 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/17 15:31:10 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/17 15:31:10 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/17 11:49:36 | 00,288,256 | ---- | C] () -- C:\Documents and Settings\Owner.JENNIFER\Desktop\exeHelper.com
[2009/11/16 15:16:00 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Owner.JENNIFER\Desktop\Win32kDiag.exe
[2009/11/16 14:49:59 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Owner.JENNIFER\Desktop\rkill.exe
[2009/11/16 14:47:59 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Owner.JENNIFER\Desktop\rkill.com
[2009/11/16 14:45:23 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Owner.JENNIFER\Desktop\rkill.scr
[2009/11/16 14:44:15 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Owner.JENNIFER\Desktop\rkill.pif
[2009/11/14 16:53:11 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/11/14 16:53:11 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/11/04 13:44:48 | 01,163,264 | ---- | C] () -- C:\Documents and Settings\Owner.JENNIFER\My Documents\Christmas McLain family gathering.doc
[2009/06/28 14:28:40 | 00,000,314 | ---- | C] () -- C:\Documents and Settings\Owner.JENNIFER\Application Data\1c64-ec47-1438-983d_6279rc
[2009/06/10 10:44:58 | 00,245,760 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll
[2009/06/10 10:44:57 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008/07/02 09:37:35 | 00,000,252 | ---- | C] () -- C:\Documents and Settings\Owner.JENNIFER\Application Data\wklnhst.dat
[2008/05/12 14:31:24 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPPAPR01.DLL
[2008/03/11 13:51:26 | 00,002,143 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/12/16 16:08:09 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/23 12:57:09 | 25,711,936 | ---- | C] () -- C:\Program Files\ipass & NortelVPNClient & TunnelGuard.EXE
[2007/02/07 14:57:56 | 00,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/02/06 13:32:58 | 00,110,592 | --S- | C] () -- C:\WINDOWS\System32\TSDocClient.dll
[2006/11/29 15:49:55 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/29 15:49:55 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/11/21 14:48:33 | 00,000,515 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2006/11/21 14:48:22 | 00,001,257 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2006/11/21 14:44:11 | 00,020,340 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/11/17 12:34:40 | 00,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/08/07 19:29:04 | 00,058,368 | ---- | C] () -- C:\Documents and Settings\Owner.JENNIFER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/24 11:59:55 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\Owner.JENNIFER\Local Settings\Application Data\fusioncache.dat
[2006/07/17 16:17:05 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/17 16:01:17 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner.JENNIFER\Application Data\desktop.ini
[2006/07/17 16:01:15 | 04,795,784 | -H-- | C] () -- C:\Documents and Settings\Owner.JENNIFER\Local Settings\Application Data\IconCache.db
[2006/07/17 16:01:15 | 00,013,104 | ---- | C] () -- C:\Documents and Settings\Owner.JENNIFER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/02 13:18:02 | 00,294,040 | ---- | C] () -- C:\WINDOWS\HTEWEB.DLL
[2006/05/22 10:18:06 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/22 10:18:06 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/22 10:18:05 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/22 10:18:03 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/22 10:18:02 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/22 10:18:02 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/22 10:17:59 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/21 23:50:30 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/05/21 23:45:53 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/05/21 23:45:53 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/05/21 23:45:53 | 00,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2006/05/21 23:39:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/08/05 23:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 11:38:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 19:13:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2005/01/09 19:07:13 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2005/01/09 19:07:13 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2005/01/09 19:05:45 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2005/01/09 19:05:45 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2005/01/09 17:49:24 | 00,000,279 | RHS- | C] () -- C:\WINDOWS\Boot.ini.bak
[2005/01/09 17:49:16 | 00,001,272 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 17:49:16 | 00,000,522 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 17:49:11 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2005/01/09 17:49:11 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2005/01/09 17:48:33 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2005/01/09 17:48:33 | 00,000,965 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/09 17:48:30 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2005/01/09 17:48:30 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2005/01/09 17:48:30 | 00,000,282 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/01/09 17:48:24 | 00,282,112 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2005/01/09 17:48:24 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2005/01/09 17:48:23 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2005/01/09 17:48:22 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2005/01/09 17:48:22 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2005/01/09 17:48:22 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2005/01/09 17:48:22 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2005/01/09 17:48:22 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2005/01/09 17:48:22 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2005/01/09 17:48:22 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2005/01/09 17:48:21 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2005/01/09 17:48:21 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2005/01/09 17:48:21 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2005/01/09 17:48:21 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2005/01/09 17:48:21 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2005/01/09 17:48:17 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2005/01/09 17:48:17 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2005/01/09 17:48:17 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2005/01/09 17:48:17 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2005/01/09 17:48:17 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2005/01/09 17:48:17 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2005/01/09 17:48:17 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2005/01/09 17:48:17 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2005/01/09 17:48:17 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2005/01/09 17:48:17 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2005/01/09 17:48:16 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2005/01/09 17:48:09 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2005/01/09 17:48:09 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2005/01/09 17:48:09 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2005/01/09 17:48:08 | 00,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2005/01/09 17:48:07 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2005/01/09 17:48:06 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2005/01/09 17:48:06 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2005/01/09 17:48:05 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2005/01/09 17:48:03 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2005/01/09 17:48:01 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2005/01/09 17:48:01 | 00,356,352 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2005/01/09 17:47:52 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2005/01/09 17:47:51 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2005/01/09 17:47:51 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2005/01/09 17:47:51 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2005/01/09 17:47:49 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2005/01/09 17:47:49 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2005/01/09 11:00:35 | 00,525,770 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2005/01/09 11:00:34 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/09 11:00:14 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/17 23:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2005/01/09 11:00:14 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2005/01/09 19:13:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2009/11/20 12:10:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2006/05/21 23:51:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2006/05/21 23:48:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
[2009/10/15 11:18:00 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\0cca759
[2006/05/21 23:44:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/07/17 16:20:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2007/12/16 15:23:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/12/16 15:25:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/11/20 12:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/20 12:10:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006/08/07 20:39:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2005/01/09 11:00:14 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/09/25 08:59:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/11/21 15:03:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2008/05/12 14:33:04 | 00,020,340 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/18 20:57:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iPass
[2006/12/02 15:30:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2009/10/25 17:00:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/09/17 06:08:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2006/05/21 23:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2006/10/17 09:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2006/09/19 09:04:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2009/06/10 10:44:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/12/07 19:24:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/05/21 23:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/10/23 12:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2006/11/10 10:24:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2006/05/21 23:33:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy
[2006/05/21 23:48:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/11/20 13:51:08 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/21 23:48:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2007/10/23 12:36:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/11/15 19:09:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/06/08 19:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/18 12:00:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2005/01/09 11:00:14 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Default User\Application Data\desktop.ini
[2005/01/09 19:13:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Identities
[2006/05/21 23:45:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2006/05/21 23:51:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2006/05/21 23:48:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
[2008/10/22 13:03:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gail\Application Data\Adobe
[2005/01/09 11:00:14 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\gail\Application Data\desktop.ini
[2006/12/05 14:15:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gail\Application Data\HP
[2005/01/09 19:13:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gail\Application Data\Identities
[2008/10/22 13:03:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gail\Application Data\Macromedia
[2009/11/20 12:10:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\gail\Application Data\Microsoft
[2006/05/21 23:51:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gail\Application Data\SampleView
[2006/12/05 14:15:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gail\Application Data\Share-to-Web Upload Folder
[2006/05/21 23:48:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gail\Application Data\You've Got Pictures Screensaver
[2006/07/17 16:02:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2009/11/20 12:10:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/20 12:10:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/06/28 14:29:23 | 00,000,314 | ---- | M] () -- C:\Documents and Settings\Owner.JENNIFER\Application Data\1c64-ec47-1438-983d_6279rc
[2008/07/14 08:24:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\Adobe
[2008/05/19 12:34:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\AdobeUM
[2007/12/16 16:08:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\Apple Computer
[2008/02/10 16:49:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\CyberLink
[2005/01/09 11:00:14 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner.JENNIFER\Application Data\desktop.ini
[2006/10/19 13:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\Google
[2006/07/17 17:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\Help
[2006/07/17 16:26:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\Hewlett-Packard
[2006/11/21 15:03:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\HP
[2005/01/09 19:13:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\Identities
[2009/06/10 10:40:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\InstallShield
[2007/08/06 14:32:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\Juniper Networks
[2007/02/14 18:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\Macromedia
[2009/09/17 06:08:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\Malwarebytes
[2006/07/17 16:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\McAfee.com Personal Firewall
[2007/10/05 16:20:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\Microsoft
[2009/06/28 14:28:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\My Sam's Club Digital Photo Center
[2006/05/21 23:51:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\SampleView
[2006/07/17 16:24:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\Share-to-Web Upload Folder
[2008/01/13 19:03:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\Sony Corporation
[2006/07/31 14:32:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\Sun
[2006/07/17 17:15:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\Symantec
[2008/07/02 09:37:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\Template
[2007/06/08 19:02:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\Viewpoint
[2008/02/15 10:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\webex
[2008/07/02 09:42:53 | 00,000,252 | ---- | M] () -- C:\Documents and Settings\Owner.JENNIFER\Application Data\wklnhst.dat
[2006/05/21 23:48:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JENNIFER\Application Data\You've Got Pictures Screensaver
[2009/10/12 22:06:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/23 09:33:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#42 User is offline   JCONTELL 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 55
  • Joined: 15-November 09

Posted 23 November 2009 - 11:48 AM

OTL Extras logfile created on: 11/23/2009 10:39:22 AM - Run 2
OTL by OldTimer - Version 3.1.7.0 Folder = C:\Documents and Settings\Owner.JENNIFER\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.42 Mb Total Physical Memory | 571.96 Mb Available Physical Memory | 55.94% Memory free
2.21 Gb Paging File | 1.85 Gb Available in Paging File | 83.78% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.03 Gb Total Space | 155.88 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive D: | 4.27 Gb Total Space | 2.38 Gb Free Space | 55.81% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNIFER
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\Owner.JENNIFER\Desktop\alg.exe" = C:\Documents and Settings\Owner.JENNIFER\Desktop\alg.exe:*:Enabled:Application Layer Gateway Service -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE" = C:\Program Files\Nortel Networks\TunnelGuard\platforms\win32\TGIconApp.EXE:*:Enabled:TGIconApp -- (Nortel Networks)
"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" = C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe:*:Enabled:UpdaterUI -- File not found
"C:\Program Files\iPod\bin\iPodService.exe" = C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{5650A422-0789-473F-B2C7-6C3D10CC9FFB}" = Nortel Networks TunnelGuard
"{59224777-298D-4E9C-9AEB-4A91BDA01B27}" = McAfee VirusScan Enterprise
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{606E5C0D-6039-42A7-988E-9D51DE773AFF}" = hppFonts
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AB6FFA58-F491-11D3-8951-000000027010}" = iPassConnect
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF4C0369-D75B-45A6-9153-47BD4B55C3E6}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E94E150C-762B-4cd1-8A54-7228A07C0710}" = HP LaserJet 3050/3052/3055/3390/3392 3.0
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F25B14A1-3863-41B6-9F8A-931DECA6D384}" = D-Link Wireless N DWA-130
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BB0D1C-672C-4E84-BD36-1760DA0131E6}" = Adv06Setup
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"BigFix" = BigFix
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Digital Lifeline" = Digital Lifeline
"Google Desktop" = Google Desktop
"gtw_logo" = gtw_logo
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"NVIDIA Drivers" = NVIDIA Drivers
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Photags Music Express" = iConcepts Music Express
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"PokerStars.net" = PokerStars.net
"RealPlayer 6.0" = RealPlayer Basic
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Terminal Server Client" = Terminal Services Client
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1556071746-3924876222-4190336600-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/15/2009 10:10:43 PM | Computer Name = JENNIFER | Source = Application Error | ID = 1000
Description = Faulting application kodak software updater.exe, version 0.0.0.0,
faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/16/2009 4:46:27 PM | Computer Name = JENNIFER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/16/2009 4:46:51 PM | Computer Name = JENNIFER | Source = Application Error | ID = 1000
Description = Faulting application meautodetect.exe, version 1.0.0.1, faulting module
meautodetect.exe, version 1.0.0.1, fault address 0x0001e061.

Error - 11/16/2009 4:48:49 PM | Computer Name = JENNIFER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/16/2009 4:50:33 PM | Computer Name = JENNIFER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/17/2009 1:47:51 PM | Computer Name = JENNIFER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/17/2009 5:08:06 PM | Computer Name = JENNIFER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/18/2009 9:24:11 PM | Computer Name = JENNIFER | Source = Application Error | ID = 1000
Description = Faulting application meautodetect.exe, version 1.0.0.1, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 11/18/2009 9:55:41 PM | Computer Name = JENNIFER | Source = Application Error | ID = 1000
Description = Faulting application ANIWZCSdS.exe, version 1.0.3.7034, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00014acd.

Error - 11/20/2009 1:14:20 PM | Computer Name = JENNIFER | Source = Application Error | ID = 1000
Description = Faulting application meautodetect.exe, version 1.0.0.1, faulting module
meautodetect.exe, version 1.0.0.1, fault address 0x0001e066.

[ System Events ]
Error - 11/20/2009 11:34:47 AM | Computer Name = JENNIFER | Source = PSched | ID = 14103
Description = QoS [Adapter {77E18416-5DDE-42EA-84B3-F7E3BE09103C}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 11/20/2009 1:07:13 PM | Computer Name = JENNIFER | Source = PSched | ID = 14103
Description = QoS [Adapter {77E18416-5DDE-42EA-84B3-F7E3BE09103C}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 11/20/2009 4:27:43 PM | Computer Name = JENNIFER | Source = PSched | ID = 14103
Description = QoS [Adapter {77E18416-5DDE-42EA-84B3-F7E3BE09103C}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 11/20/2009 10:05:31 PM | Computer Name = JENNIFER | Source = PSched | ID = 14103
Description = QoS [Adapter {77E18416-5DDE-42EA-84B3-F7E3BE09103C}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 11/21/2009 12:04:47 AM | Computer Name = JENNIFER | Source = PSched | ID = 14103
Description = QoS [Adapter {77E18416-5DDE-42EA-84B3-F7E3BE09103C}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 11/21/2009 3:58:45 PM | Computer Name = JENNIFER | Source = Print | ID = 6161
Description = The document http://www.foodnetwork.com/food/cda/recipe.../0,1946,FOOD_99
owned by Owner failed to print on printer HP LaserJet 3050 Series PCL 6. Data type:
NT EMF 1.008. Size of the spool file in bytes: 217188. Number of bytes printed:
0. Total number of pages in the document: 3. Number of pages printed: 0. Client
machine: \\JENNIFER. Win32 error code returned by the print processor: 259 (0x103).


Error - 11/22/2009 10:56:03 PM | Computer Name = JENNIFER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.106 for the Network Card with network
address 00219183F99A has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/22/2009 10:56:08 PM | Computer Name = JENNIFER | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetbiosSmb because
another computer on the network has the same name. The server could not start.

Error - 11/23/2009 11:34:26 AM | Computer Name = JENNIFER | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{77E18416-5DDE-42EA-84B3-F7E3BE09103C}
because another computer on the network has the same name. The server could not
start.

Error - 11/23/2009 12:35:35 PM | Computer Name = JENNIFER | Source = PSched | ID = 14103
Description = QoS [Adapter {77E18416-5DDE-42EA-84B3-F7E3BE09103C}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.


< End of report >

#43 User is offline   JCONTELL 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 55
  • Joined: 15-November 09

Posted 23 November 2009 - 12:15 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/23 11:13
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF5CFF000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AA2000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF4317000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

#44 User is offline   thcbytes 

  • Bleepin' Teacher
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 12,271
  • Joined: 09-December 08
  • Gender:Male

Posted 23 November 2009 - 02:59 PM

Good job. :(

Let's continue.....

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Viewpoint Media Player
Registry Mechanic 8.0
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Coupon Printer for Windows
McAfee VirusScan Enterprise

Additional instructions can be found here if needed.

==========

Download and run this please.

==========

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - [2006/07/25 17:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2003/09/29 06:10:00 | 00,237,657 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\mcshield.exe
PRC - [2003/09/29 06:10:00 | 00,081,990 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe
PRC - [2003/09/29 06:10:00 | 00,069,706 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
PRC - [2003/09/10 02:11:00 | 00,127,058 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2003/09/10 02:11:00 | 00,106,586 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
SRV - [2003/09/29 06:10:00 | 00,069,706 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe -- (McTaskManager)
SRV - [2003/09/10 02:11:00 | 00,106,586 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
DRV - [2003/09/29 06:10:00 | 00,083,008 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (no name) - {5448e61a-7de6-4d1e-9422-042f91ac1359} - File not found
O4 - HKLM..\Run: [combofix] C:\thcbytes\CF31243.cfx File not found
O4 - HKLM..\Run: [hofesavega] File not found
O4 - HKLM..\Run: [kesetotev] C:\WINDOWS\System32\jiyanoge.DLL File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe File not found
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-18..\Run: [Power2GoExpress] File not found
[2009/11/20 12:11:23 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/20 12:11:23 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/20 12:11:19 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/20 12:11:18 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/20 12:11:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/11/20 12:11:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/20 12:10:49 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/20 12:10:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/20 11:24:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/11/21 08:16:51 | 45,542,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/21 08:16:25 | 00,098,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/20 12:11:23 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/20 12:11:23 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/20 12:11:23 | 00,001,546 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/20 12:11:19 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/20 12:11:18 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/20 12:11:18 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/20 12:11:11 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/20 12:11:11 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

:Files
C:\Program Files\Avg
C:\Program Files\Network Associates

:Reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" 

:Commands
[emptytemp]
[Reboot]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

==========

Install AVG free antivirus
  • Visit http://free.avg.com/download?prd=afe to download AVG Free setup file to your desktop.
  • Double click the downloaded setup file to Install AVG Free then update it.
  • On the left side click Computer scanner and select Scan whole computer.
  • When the scan finished under Result Overview tap at the end of scan result click Export overview to file
  • Select File Type: All files Name:scan.txt and save it on your desktop.
  • Under Warnings tap press Remove all unhealed infections. Then close the application.
  • Copy/paste the content of scan.txt located on your desktop to your reply.

==========

We need to create an OTL Quick Scan
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here

==========

With your next post please provide:

* How is it running now?
* OTL fix log
* AVG log
* OTL.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html

#45 User is offline   JCONTELL 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 55
  • Joined: 15-November 09

Posted 23 November 2009 - 11:26 PM

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named AluSchedulerSvc.exe was found!
No active process named mcshield.exe was found!
No active process named shstat.exe was found!
No active process named vstskmgr.exe was found!
No active process named naPrdMgr.exe was found!
No active process named FrameworkService.exe was found!
No service named McTaskManager was found to stop!
Unable to stop service McTaskManager!
File C:\Program Files\Network Associates\VirusScan\vstskmgr.exe not found.
No service named McAfeeFramework was found to stop!
Unable to stop service McAfeeFramework!
File C:\Program Files\Network Associates\Common Framework\FrameworkService.exe not found.
No service named NaiAvFilter1 was found to stop!
Unable to stop service NaiAvFilter1!
File C:\WINDOWS\system32\drivers\naiavf5x.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5448e61a-7de6-4d1e-9422-042f91ac1359}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5448e61a-7de6-4d1e-9422-042f91ac1359}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hofesavega deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kesetotev deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\McAfeeUpdaterUI not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSKDetectorExe deleted successfully.
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ShStatEXE not found.
File C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress not found.
C:\WINDOWS\system32\drivers\avgtdix.sys moved successfully.
C:\WINDOWS\system32\avgrsstx.dll moved successfully.
C:\WINDOWS\system32\drivers\avgldx86.sys moved successfully.
C:\WINDOWS\system32\drivers\avgmfx86.sys moved successfully.
C:\WINDOWS\System32\drivers\Avg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Update folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome\skin folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome\content\Languages folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome\content\html folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome\content folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48 folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome\skin folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome\content\Languages folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome\content\html folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome\content folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40 folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome\skin folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome\content\Languages folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome\content\html folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome\content folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39 folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\chrome\skin folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\chrome\content\Languages folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\chrome\content\html folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\chrome\content folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\chrome folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23 folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\icons\default folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\icons folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libsex folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\Languages folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\ex folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\avg folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar\Firefox folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar folder moved successfully.
C:\Program Files\AVG\AVG9\Icons folder moved successfully.
C:\Program Files\AVG\AVG9 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\download\ads folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\download folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Lsdb\Prev folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Lsdb folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Chjw folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
C:\WINDOWS\temp\f2175d1a-266e-4c0d-9cde-7ce3daa0bbcf folder moved successfully.
C:\WINDOWS\temp\d66b214f-c1ae-4199-9ea5-7d9f27f5c655 folder moved successfully.
C:\WINDOWS\temp folder moved successfully.
File C:\WINDOWS\System32\drivers\Avg\incavi.avm not found.
File C:\WINDOWS\System32\drivers\Avg\microavi.avg not found.
File C:\WINDOWS\System32\drivers\avgtdix.sys not found.
File C:\WINDOWS\System32\avgrsstx.dll not found.
C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk moved successfully.
File C:\WINDOWS\System32\drivers\avgldx86.sys not found.
File C:\WINDOWS\System32\drivers\Avg\iavichjw.avm not found.
File C:\WINDOWS\System32\drivers\avgmfx86.sys not found.
File C:\WINDOWS\System32\drivers\Avg\avi7.avg not found.
File C:\WINDOWS\System32\drivers\Avg\miniavi.avg not found.
========== FILES ==========
File\Folder C:\Program Files\Avg not found.
File\Folder C:\Program Files\Network Associates not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: gail
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Owner

User: Owner.JENNIFER
->Temp folder emptied: 216389883 bytes
->Temporary Internet Files folder emptied: 69343404 bytes
->Java cache emptied: 6420425 bytes

User: OWNER~1~JEN

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33292 bytes
RecycleBin emptied: 4115420 bytes

Total Files Cleaned = 282.75 mb


OTL by OldTimer - Version 3.1.7.0 log created on 11232009_222305

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner.JENNIFER\Local Settings\Temp\IadHide5.dll moved successfully.

Registry entries deleted on Reboot...

Share this topic:


  • 6 Pages +
  • 1
  • 2
  • 3
  • 4
  • 5
  • Last »
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users