Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Center/Protection System


  • This topic is locked This topic is locked
19 replies to this topic

#1 bg523

bg523

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 16 September 2009 - 03:59 PM

Hello...

For the past week, I have been encountering the fake anti-virus 'Protection Systems,' sometimes calling itself Windows Security Center. I am constantly getting nag screens, pop ups and bubbles saying my system is infected. My google searches are redirected at times. Also, sometimes my system will shut down by way of a countdown, but I've stopped it recently running shutdown -a.

I have tried with Malwarebytes and it seemed to get rid of it at first, but it just keeps coming back. Then I couldn't even update Malwarebytes anymore, and now, after trying to uninstall it, it won't reinstall even after renaming the file. I have also scanned with Avira Antivir, and all it did was temporarily kill the processes. I have tried all of this in safe mode as well.

Any help would be greatly appreciated. Thanks in advance.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Brian at 15:16:33.23 on Wed 09/16/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1556 [GMT -5:00]

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A1E92BC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88D1D69C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A2FD47C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8993D51C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A18F7FC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88D376E4-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A24C644-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A0E82B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A29050C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89E9FB64-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8A02BC1C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89AAF054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88FCEB64-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A2C399C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88DB992C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8A2928D4-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88CD7DDC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A163DDC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88DAF8A4-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8A3B5DDC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88D41914-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88C93DDC-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A316994-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8991828C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88CD951C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {895FB99C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A2DC424-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {891F67D4-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {898C61BC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A2C07CC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A30C1E4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88FF9DDC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A2788CC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88E7D35C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8951FC24-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88B1B52C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8A2EC36C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8905D47C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A13299C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {890029A4-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A26ABCC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88CCFA5C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A2143FC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8971ECEC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8A39651C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {894AB6DC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89765274-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A28C054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88CEF564-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8A13473C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8909F8B4-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8A264804-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A2E2DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A39AA8C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8A158C1C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88D7C054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89F9761C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8925B7E4-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89049614-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88F6B52C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A21F63C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A1748CC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88D9CA5C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8A069714-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {890918B4-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88CECC1C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A51FD74-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88FF1DDC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A5C7A2C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {896E3A5C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8966F564-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88E9E594-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {89080C1C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8A50C6DC-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A24770C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A313A94-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88D03DDC-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FDEDDC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A2F9C24-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88FDCC34-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8A15F89C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88FE7054-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88DFA564-FFA4-00D8-0D24-347CA8A3377C}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A22363C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88DB4C1C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {89D628A4-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8901EA5C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8908F9B4-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A3EF544-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8A170A74-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A1437DC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89804B34-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A26A8B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88CF445C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {89F413D4-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88C31A64-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8A5A6994-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A46EA6C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8A148DDC-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A34F72C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated) {89058C1C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88D407DC-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A558334-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A1BC054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88AD0B64-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8901489C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88C65C1C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88FF06B4-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88CD1C1C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8A16488C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88CFF9A4-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A314DDC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A5B063C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88ED15AC-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89E1C4EC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88C6C20C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89EDA8CC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {899D5DDC-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8A2643DC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A0F9C2C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A15F63C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A3F663C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {89070C1C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88DACC24-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88FCB054-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {88F374EC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A23E49C-FFA4-00CC-0D24-347CA8A3377C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\wscsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Documents and Settings\Brian\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
mSearchAssistant = hxxp://www.google.com
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\compan~1\installs\cpn\ycomp5_5_7_0.dll
TB: Burn4Free Toolbar: {4f11acbb-393f-4c86-a214-ff3d0d155cc3} - c:\program files\burn4free toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [Protection System] "c:\program files\protection system\psystem.exe" -noscan
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_09\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15015/CTSUEng.cab
DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} - hxxp://secure2.comned.com/signuptemplates/AktiveSekurity.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - hxxp://secure2.comned.com/signuptemplates/securelogin-devel.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} - hxxp://www.odysseusmarketing.com/actsetup.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - hxxp://www.livemetallica.com/nugster/dlControl.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15016/CTPID.cab
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brian\applic~1\mozilla\firefox\profiles\n57y4bed.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-28 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-28 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-28 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-28 55656]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PFModNT.sys [2004-11-23 15840]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-6 29744]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2006-6-20 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2006-6-20 77104]
S3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [2005-2-12 167673]

=============== Created Last 30 ================

2009-09-16 01:34 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-16 01:34 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-16 01:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-16 01:32 4,045,528 a------- C:\hublah.exe
2009-09-15 18:26 31,232 a------- c:\windows\system32\wingenocx.dll
2009-09-15 18:26 <DIR> --d----- c:\program files\Protection System
2009-09-15 17:36 <DIR> --d----- c:\docume~1\brian\applic~1\Uniblue
2009-09-14 16:08 1,008,640 a------- c:\windows\system32\wscsvc32.exe
2009-09-14 00:02 <DIR> --d----- c:\program files\mbytes
2009-09-12 03:08 <DIR> --d----- c:\program files\360Share Pro
2009-09-03 14:18 587 a------- c:\windows\system32\runrefog.lnk
2009-09-03 14:18 587 a------- c:\windows\system32\runkgb.lnk
2009-09-02 01:48 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-09-02 01:48 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-09-02 01:41 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-09-02 01:16 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-09-02 01:16 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-09-02 01:16 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2009-09-02 01:13 464,384 -c------ c:\windows\system32\dllcache\imapi2fs.dll
2009-09-02 01:13 62,592 -c------ c:\windows\system32\dllcache\cdrom.sys
2009-09-02 01:13 464,384 -------- c:\windows\system32\imapi2fs.dll
2009-09-02 01:13 317,952 -c------ c:\windows\system32\dllcache\imapi2.dll
2009-09-02 01:13 317,952 -------- c:\windows\system32\imapi2.dll
2009-08-26 03:26 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-08-26 03:26 21,504 a------- c:\windows\system32\drivers\hidserv.dll
2009-08-26 03:17 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-26 03:16 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-26 03:16 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-26 03:16 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-26 03:16 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-26 03:16 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-26 03:16 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-26 03:16 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-26 03:10 <DIR> --d----- c:\program files\MSXML 6.0
2009-08-26 03:03 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-25 01:22 <DIR> --d----- c:\docume~1\brian\applic~1\Malwarebytes
2009-08-25 01:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-20 16:55 101,343 a------- C:\Bookmarks 2009-08-20.json
2009-08-19 17:04 <DIR> --d----- c:\docume~1\brian\applic~1\pdtsoftware
2009-08-19 17:04 <DIR> --d----- c:\program files\QDEX

==================== Find3M ====================

2009-09-16 12:23 402 a------- C:\sccfg.sys
2009-08-05 10:17 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 04:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 00:51 98,304 a------- c:\windows\DUMP6e98.tmp
2009-07-28 23:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 23:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-24 16:37 98,304 a------- c:\windows\DUMP80f7.tmp
2009-07-17 13:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-06-29 11:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 11:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 11:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-25 03:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 03:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 03:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 03:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 03:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 03:44 56,320 a------- c:\windows\system32\secur32.dll
2005-03-16 09:01 1,974,272 a------- c:\program files\PcSetup.exe
2005-01-04 00:37 56 ---shr-- c:\windows\system32\91B1AF42A3.sys
2005-01-04 00:37 1,890 ac-sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 15:18:13.15 ===============

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:55 PM

Posted 30 September 2009 - 08:46 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 bg523

bg523
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 03 October 2009 - 01:20 PM

Hi. Since the original post, I think that I cleared most of it up; but I'm not confident it is free of infection. Gone are the pop ups and stuff, though. However, my system has been restarting abruptly, and the screen going blank(could be a power issue).


DDS (Ver_09-09-29.01) - NTFSx86
Run by Brian at 13:10:20.28 on Sat 10/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1513 [GMT -5:00]

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A1E92BC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88D1D69C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A2FD47C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8993D51C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A18F7FC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88D376E4-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A24C644-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A0E82B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A29050C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{89E9FB64-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8A02BC1C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{89AAF054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88FCEB64-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A2C399C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88DB992C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8A2928D4-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88CD7DDC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A163DDC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88DAF8A4-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8A3B5DDC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88D41914-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88C93DDC-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A316994-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8991828C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88CD951C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{895FB99C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A2DC424-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{891F67D4-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{898C61BC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A2C07CC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A30C1E4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88FF9DDC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A2788CC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88E7D35C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8951FC24-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{88B1B52C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8A2EC36C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8905D47C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A13299C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{890029A4-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A26ABCC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88CCFA5C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A2143FC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8971ECEC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8A39651C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{894AB6DC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{89765274-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A28C054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88CEF564-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8A13473C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8909F8B4-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8A264804-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A2E2DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A39AA8C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8A158C1C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{88D7C054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{89F9761C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{00000000-0000-0000-0000-000000000000}
AV: Protection System *On-access scanning enabled* (Outdated)

{28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8925B7E4-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{89049614-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88F6B52C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A21F63C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A1748CC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88D9CA5C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8A069714-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{890918B4-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88CECC1C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A51FD74-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88FF1DDC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A5C7A2C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{896E3A5C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8966F564-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88E9E594-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{89080C1C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8A50C6DC-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A24770C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A313A94-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88D03DDC-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{88FDEDDC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A2F9C24-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88FDCC34-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8A15F89C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88FE7054-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88DFA564-FFA4-00D8-0D24-347CA8A3377C}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated)

{AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A22363C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88DB4C1C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{89D628A4-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8901EA5C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8908F9B4-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A3EF544-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8A170A74-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A1437DC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{89804B34-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A26A8B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88CF445C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{89F413D4-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88C31A64-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8A5A6994-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A46EA6C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8A148DDC-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A34F72C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)

{89058C1C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88D407DC-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A558334-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A1BC054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{88AD0B64-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8901489C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88C65C1C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88FF06B4-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88CD1C1C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8A16488C-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88CFF9A4-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A314DDC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A5B063C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88ED15AC-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{89E1C4EC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{88C6C20C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{89EDA8CC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{899D5DDC-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{8A2643DC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A0F9C2C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A15F63C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A3F663C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{89070C1C-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88DACC24-FFA4-00D8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88FCB054-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)

{88F374EC-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

{8A23E49C-FFA4-00CC-0D24-347CA8A3377C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brian\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
mSearchAssistant = hxxp://www.google.com
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

c:\progra~1\yahoo!\compan~1\installs\cpn\ycomp5_5_7_0.dll
TB: Burn4Free Toolbar: {4f11acbb-393f-4c86-a214-ff3d0d155cc3} - c:\program files\burn4free

toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program

files\yahoo!\messenger\yhexbmes0521.dll
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_09\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe"

/runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program

files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} -

c:\program files\java\jre1.5.0_09\bin\ssv.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} -

c:\program files\yahoo!\messenger\yhexbmes0521.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -

hxxp://www.creative.com/su/ocx/15015/CTSUEng.cab
DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} -

hxxp://secure2.comned.com/signuptemplates/AktiveSekurity.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -

hxxp://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -

hxxp://secure2.comned.com/signuptemplates/securelogin-devel.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} - hxxp://www.odysseusmarketing.com/actsetup.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} -

hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} -

hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -

hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - hxxp://www.livemetallica.com/nugster/dlControl.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} -

hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15016/CTPID.cab
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brian\applic~1\mozilla\firefox\profiles\n57y4bed.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-17 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-17

108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-17 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-28 55656]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-9-22

269648]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PFModNT.sys [2004-11-23 15840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-9-22 19160]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program

files\google\google desktop search\GoogleDesktop.exe [2008-7-6 29744]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2006-6-20

43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2006-6-20 77104]
S3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [2005-2-12 167673]

=============== Created Last 30 ================

2009-09-22 17:21 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 17:21 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-22 17:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 15:21 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-17 01:02 <DIR> --d----- c:\program files\Avira
2009-09-17 01:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-09-16 16:37 <DIR> --d----- c:\windows\system32\scripting
2009-09-16 16:36 <DIR> --d----- c:\windows\system32\en
2009-09-16 16:36 <DIR> --d----- c:\windows\system32\bits
2009-09-16 16:36 <DIR> --d----- c:\windows\l2schemas
2009-09-16 16:29 <DIR> --d----- c:\windows\EHome
2009-09-16 16:24 197 a------- c:\windows\system32\MRT.INI
2009-09-16 01:32 4,045,528 a------- C:\hublah.exe
2009-09-15 17:36 <DIR> --d----- c:\docume~1\brian\applic~1\Uniblue
2009-09-14 00:02 <DIR> --d----- c:\program files\mbytes
2009-09-12 03:08 <DIR> --d----- c:\program files\360Share Pro
2009-09-03 14:18 587 a------- c:\windows\system32\runrefog.lnk
2009-09-03 14:18 587 a------- c:\windows\system32\runkgb.lnk

==================== Find3M ====================

2009-09-16 16:39 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-02 01:48 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-09-02 01:48 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-09-02 01:41 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-09-02 01:16 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-09-02 01:16 0 a---h---

c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-26 03:26 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 00:51 98,304 a------- c:\windows\DUMP6e98.tmp
2009-07-28 23:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 23:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-24 16:37 98,304 a------- c:\windows\DUMP80f7.tmp
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2005-03-16 09:01 1,974,272 a------- c:\program files\PcSetup.exe
2005-01-04 00:37 56 ---shr-- c:\windows\system32\91B1AF42A3.sys
2005-01-04 00:37 1,890 ac-sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 13:11:19.40 ===============

appreciate the help!

Attached Files



#4 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:06:55 PM

Posted 03 October 2009 - 03:38 PM

Hi and welcome to Bleeping Computer.

My name is SpySentinel and I will be helping you with your malware problem. Sorry for the delay, we have been very busy lately.



Step #1
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Step #2

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
Step #3

Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Edited by SpySentinel, 03 October 2009 - 03:39 PM.

Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#5 bg523

bg523
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 03 October 2009 - 04:53 PM

Here are the OTL and MBAM logs. I attached the RootRepeal log.

OTL Extras logfile created on: 10/3/2009 4:11:50 PM - Run 1
OTL by OldTimer - Version 3.0.18.2 Folder = C:\Documents and Settings\Brian\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.22% Memory free
3.85 Gb Paging File | 3.48 Gb Available in Paging File | 90.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 19.04 Gb Free Space | 24.95% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 6.67 Gb Free Space | 8.95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRANT-EB1670778
Current User Name: Brian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lock folder with Folder Lock] -- C:\Program Files\Folder Lock\Folder Lock.exe %1 (NewSoftwares.net Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WinMX\WinMX.exe" = C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application -- (Frontcode Technologies)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971 -- ()
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Documents and Settings\Brian\Local Settings\Temp\~os484.tmp\ossproxy.exe" = C:\Documents and Settings\Brian\Local Settings\Temp\~os484.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"C:\Documents and Settings\Brian\Local Settings\Temp\~os261.tmp\ossproxy.exe" = C:\Documents and Settings\Brian\Local Settings\Temp\~os261.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"c:\windows\system32\rk.exe" = c:\windows\system32\rk.exe:*:Enabled:rk.exe -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\eDonkey2000\edonkey2000.exe" = C:\Program Files\eDonkey2000\edonkey2000.exe:*:Enabled:edonkey2000 -- File not found
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- File not found
"C:\Documents and Settings\Brian\Local Settings\Temp\~os10E3.tmp\ossproxy.exe" = C:\Documents and Settings\Brian\Local Settings\Temp\~os10E3.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\Brian\Local Settings\Temp\~os16E.tmp\ossproxy.exe" = C:\Documents and Settings\Brian\Local Settings\Temp\~os16E.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1136636096\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1136636096\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1136636096\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1136636096\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Documents and Settings\Brian\Local Settings\Temp\~osA06.tmp\ossproxy.exe" = C:\Documents and Settings\Brian\Local Settings\Temp\~osA06.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"c:\Documents and Settings\Brian\Local Settings\Temp\~os6E1.tmp\ossproxy.exe" = c:\Documents and Settings\Brian\Local Settings\Temp\~os6E1.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Xolox\mldonkey\mlnet.exe" = C:\Program Files\Xolox\mldonkey\mlnet.exe:*:Enabled:MLdonkey - multiuser P2P daemon -- File not found
"C:\Program Files\Xolox\XoloxEXE.exe" = C:\Program Files\Xolox\XoloxEXE.exe:*:Enabled:Xolox -- File not found
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"c:\windows\system32\rlvknlg.exe" = c:\windows\system32\rlvknlg.exe:*:Enabled:rlvknlg.exe -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Disabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Avira\AntiVir Desktop\update.exe" = C:\Program Files\Avira\AntiVir Desktop\update.exe:*:Enabled:update.exe -- (Avira GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{21BCE515-D5A3-11D4-8E33-0010B53EC668}" = Ulead Photo Express 4.0 My Custom Edition
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{78F79C84-BFD5-4D79-A07D-F39A3CF428DC}" = HLPIndex
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro Trial
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A918DE8A-98C8-0900-0000-000000100021}" = LG VX5200 USB - Handset Manager V9
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600813}" = MSN Messenger 7.0
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{af3a4f65-267f-4774-a676-8204722d2456}" = RelevantKnowledge
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR
"{F4EE98D3-507A-4160-8F65-710C37A8FBB8}" = Opera 9.02
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"1Click DVD Copy 4.2" = 1Click DVD Copy 4.2
"360Share Pro" = 360Share Pro(remove only)
"ActiveXControlPad" = Microsoft ActiveX Control Pad
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AIM Ad Hack_is1" = AIM Ad Hack
"AIM_6.0" = AIM 6.0
"AOL Instant Messenger" = AOL Instant Messenger
"AudioConSole" = Creative Audio Console
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent 3.3
"Burn My Files_is1" = Burn My Files
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"CopyToDVD_is1" = CopyToDVD
"Creative PC-CAM Center" = Creative PC-CAM Center
"Creative WebCam Monitor" = Creative WebCam Monitor
"Creative WebCam Pro" = Creative WebCam Pro Driver
"Creative WebCam Pro Manual English" = Creative WebCam Pro Manual (English)
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"Cucusoft DVD to Zune + Zune Video Converter Suite_is1" = Cucusoft DVD to Zune + Zune Video Converter Suite 7.15.7.8
"DeleteProdVVFW90Low_US" = IBM ViaVoice Personal 9.0 - US English
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"FixTunes" = FixTunes (remove only)
"FLAC" = FLAC Installer 1.1.2a (remove only)
"Folder Lock" = Folder Lock
"Fonts" = Fonts
"Free History Eraser_is1" = Free History Eraser
"Gadwin PrintScreen" = Gadwin PrintScreen
"GoldWave v5.10" = GoldWave v5.10
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 1.99.1
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NeroVision!UninstallKey" = NeroVision Express 3
"Netscape Browser" = Netscape Browser (remove only)
"New.net" = New.net Domains 7.48
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"QuickTime" = QuickTime
"Radio@Netscape" = Radio@Netscape
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"The Weather Channel Toolbar" = The Weather Channel Toolbar
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"VSO PhotoDVD_is1" = PhotoDVD 2.0.9
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMX" = WinMX
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"x2VCD" = Super DVD Ripper (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OpenOffice.org 1.1.0" = OpenOffice.org 1.1.0

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 9/28/2009 2:19:58 AM | Computer Name = GRANT-EB1670778 | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/29/2009 2:19:26 AM | Computer Name = GRANT-EB1670778 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 00112FA4DF13.

Error - 9/30/2009 2:19:28 AM | Computer Name = GRANT-EB1670778 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 00112FA4DF13.

Error - 10/1/2009 2:19:30 AM | Computer Name = GRANT-EB1670778 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 00112FA4DF13.

Error - 10/2/2009 2:19:32 AM | Computer Name = GRANT-EB1670778 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 00112FA4DF13.

Error - 10/2/2009 4:37:34 AM | Computer Name = GRANT-EB1670778 | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 10/2/2009 4:49:36 PM | Computer Name = GRANT-EB1670778 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 00112FA4DF13 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/2/2009 4:51:35 PM | Computer Name = GRANT-EB1670778 | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 10/2/2009 4:52:33 PM | Computer Name = GRANT-EB1670778 | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 10/2/2009 5:35:07 PM | Computer Name = GRANT-EB1670778 | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}


< End of report >

OTL logfile created on: 10/3/2009 4:11:50 PM - Run 1
OTL by OldTimer - Version 3.0.18.2 Folder = C:\Documents and Settings\Brian\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.22% Memory free
3.85 Gb Paging File | 3.48 Gb Available in Paging File | 90.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 19.04 Gb Free Space | 24.95% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 6.67 Gb Free Space | 8.95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRANT-EB1670778
Current User Name: Brian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\System32\drivers\KodakCCS.exe (Eastman Kodak Company)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\ZuneBusEnum.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Brian\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (KodakCCS [Auto | Running]) -- C:\WINDOWS\System32\drivers\KodakCCS.exe (Eastman Kodak Company)
SRV - (MBAMService [Auto | Running]) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ZuneBusEnum [Auto | Running]) -- C:\WINDOWS\System32\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc [On_Demand | Stopped]) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (DcCam [System | Running]) -- C:\WINDOWS\System32\DRIVERS\DcCam.sys (Eastman Kodak Company)
DRV - (DcFpoint [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\DcFpoint.sys (Eastman Kodak Company)
DRV - (DCFS2K [Auto | Running]) -- C:\WINDOWS\System32\drivers\dcfs2k.sys (Eastman Kodak Company)
DRV - (DcLps [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\DcLps.sys (Eastman Kodak Company)
DRV - (DcPTP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\DcPTP.sys (Eastman Kodak Company)
DRV - (emupia [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (Exportit [System | Stopped]) -- C:\WINDOWS\System32\DRIVERS\exportit.sys (Eastman Kodak Company)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (ha10kx2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (lgatbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgatbus.sys (MCCI)
DRV - (lgatmdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgatmdm.sys (MCCI)
DRV - (MA8032C [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MA8032C.sys (Mobile Action Technology Inc.)
DRV - (MA8032M [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MA8032M.sys (Mobile Action Technology Inc.)
DRV - (MA8032U [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MA8032U.sys (Mobile Action Technology Inc.)
DRV - (MaVctrl [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\MaVc2K.sys (Mobile Action Technology Inc.)
DRV - (MBAMProtector [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (NuidFltr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (Pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys (VSO Software)
DRV - (PD1030VID [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\p1030vid.sys (Creative Technology Ltd.)
DRV - (PfDetNT [Auto | Running]) -- C:\WINDOWS\System32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (windrvNT [Auto | Running]) -- C:\WINDOWS\System32\windrvNT.sys ()
DRV - (WinUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\WinUSB.sys (Microsoft Corporation)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\yukonwxp.sys (Marvell Semiconductor Inc.)
DRV - (zumbus [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\zumbus.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.2.4
FF - prefs.js..extensions.enabledItems: {62ED169D-7F2E-449a-A88D-F4E6F153051F}:1.52
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:1.5.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/27 03:01:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/20 18:55:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 00:25:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2008/10/01 21:27:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2008/10/01 21:27:13 | 00,000,000 | ---D | M]

[2008/08/26 20:08:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Extensions
[2008/08/26 20:08:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2006/01/16 18:43:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\19u8hvbz.BG\extensions
[2006/01/16 18:43:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\19u8hvbz.BG\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/02 16:45:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\n57y4bed.default\extensions
[2006/05/15 12:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\n57y4bed.default\extensions\{00D4154F-96D3-41ff-8E8E-113596D8670B}
[2009/09/29 01:48:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\n57y4bed.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2006/05/15 12:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\n57y4bed.default\extensions\{07D70F98-08D3-432e-8BD6-496AD6481A68}
[2009/09/28 00:59:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\n57y4bed.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2006/05/15 12:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\n57y4bed.default\extensions\{2A10B180-05EF-11D9-8C50-444553540001}
[2009/09/28 00:59:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\n57y4bed.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2008/07/05 18:15:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\n57y4bed.default\extensions\{5359A5B3-9AFD-49ee-8C39-0A8F97A2A2D6}
[2009/09/11 02:00:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\n57y4bed.default\extensions\{62ED169D-7F2E-449a-A88D-F4E6F153051F}
[2006/05/15 12:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\n57y4bed.default\extensions\{798502a0-e6a6-11d9-8cd6-0800200c9a66}
[2006/05/15 12:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\n57y4bed.default\extensions\{caad1bbc-cf5d-9b9b-3a37-a1061684b0a7}
[2009/08/25 13:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\n57y4bed.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/28 00:59:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\n57y4bed.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2006/05/15 12:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\n57y4bed.default\extensions\{E800A8D5-6B36-4854-9F21-443F8CBFF835}
[2009/09/28 00:59:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\n57y4bed.default\extensions\personas@christopher.beard
[2005/07/03 21:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\n57y4bed.default\extensions\temp
[2005/11/03 14:17:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\wiswf556.Brian\extensions
[2005/11/03 14:17:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\mozilla\Firefox\Profiles\wiswf556.Brian\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/24 20:40:10 | 00,001,712 | ---- | M] () -- C:\Documents and Settings\Brian\Application Data\Mozilla\FireFox\Profiles\n57y4bed.default\searchplugins\askjeeves.xml
[2008/11/30 16:40:40 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\Brian\Application Data\Mozilla\FireFox\Profiles\n57y4bed.default\searchplugins\weathercom.xml
[2008/11/30 16:40:08 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\Brian\Application Data\Mozilla\FireFox\Profiles\n57y4bed.default\searchplugins\webster.xml
[2008/06/21 06:20:04 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Brian\Application Data\Mozilla\FireFox\Profiles\n57y4bed.default\searchplugins\wikipedia-en.xml
[2009/10/02 16:45:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 00:25:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2006/05/15 12:49:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{AF8637B0-18E3-44D3-86B7-55E09D9C4261}
[2009/09/10 00:25:03 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 00:25:03 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/06 16:13:40 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2004/09/08 23:03:50 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2007/12/19 07:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/09/10 00:25:06 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/14 23:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2005/12/06 20:55:21 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2006/05/19 20:09:37 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2006/05/19 20:09:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2006/05/19 20:09:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2006/05/19 20:09:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2006/05/19 20:09:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2006/05/19 20:09:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2006/05/19 20:09:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/12/06 20:55:42 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2005/12/06 20:55:14 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2009/08/15 12:31:45 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/15 12:31:45 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/15 12:31:45 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/15 12:31:45 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/15 12:31:45 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/15 12:31:45 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/15 12:31:45 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe File not found
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2006/02/03 20:47:12 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2006/02/03 20:47:12 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2006/02/03 20:47:12 | 00,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15015/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} http://secure2.comned.com/signuptemplates/AktiveSekurity.cab (SekureL0gin.SekureKontrol)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comned.com/signuptemplates/...login-devel.cab (SecureLogin class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} http://www.odysseusmarketing.com/actsetup.cab (CActSetupObj Object)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_01)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} http://www.livemetallica.com/nugster/dlControl.CAB (dlControl.UserControl1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab (iTunesDetector Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15016/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/11 17:21:06 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[19 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2009/09/17 01:02:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/09/15 17:36:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\Uniblue
[2009/09/12 03:08:00 | 00,000,000 | ---D | C] -- C:\Program Files\360Share Pro
[2009/09/17 18:07:25 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/09/17 01:02:51 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/09/22 17:21:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/14 00:02:04 | 00,000,000 | ---D | C] -- C:\Program Files\mbytes
[2009/10/03 16:10:31 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brian\Desktop\OTL.exe
[2009/09/22 17:21:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/22 17:21:08 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/17 01:18:43 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brian\Desktop\mbam-setup.exe
[2009/09/17 01:02:56 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/09/17 01:02:56 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/09/17 01:02:56 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/09/17 01:02:55 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/09/16 16:54:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/09/16 16:37:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/09/16 16:36:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/09/16 16:36:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/09/16 16:36:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/09/16 16:29:15 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/09/16 16:29:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/09/16 01:32:04 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\hublah.exe
[2005/08/22 18:07:42 | 01,974,272 | ---- | C] (VSO Software) -- C:\Program Files\PcSetup.exe
[2004/11/23 21:03:21 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[19 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\Brian\My Documents\*.tmp files]
[2009/10/03 16:10:32 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian\Desktop\OTL.exe
[2009/10/03 12:00:00 | 00,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Brian.job
[2009/10/02 21:00:01 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Brian.job
[2009/10/02 16:35:11 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000004-20021102}.CDF
[2009/10/02 16:34:31 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/02 16:34:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/02 16:34:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/02 16:34:26 | 21,467,50464 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/02 15:41:58 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/02 02:30:27 | 01,098,160 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\sports.yahoo.com screen capture 2009-10-2-2-30-22.png
[2009/10/01 02:46:58 | 00,388,598 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\centralillinoisproud.com screen capture 2009-10-1-2-46-57.png
[2009/09/30 20:03:00 | 00,000,254 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\www.pjstar.com screen capture 2009-9-30-20-3-0.png
[2009/09/30 20:02:30 | 00,061,765 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\www.pjstar.com screen capture 2009-9-30-20-2-30.png
[2009/09/25 17:22:23 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/24 15:52:10 | 00,208,384 | ---- | M] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/23 15:45:53 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/09/22 17:21:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/22 17:18:09 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000A-00001102-00000004-20021102}.rfx
[2009/09/22 17:18:09 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000A-00001102-00000004-20021102}.rfx
[2009/09/22 17:18:09 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000A-00001102-00000004-20021102}.rfx
[2009/09/22 17:18:09 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000A-00001102-00000004-20021102}.rfx
[2009/09/22 17:18:09 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/09/22 17:18:09 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/09/22 17:18:09 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000004-20021102}.dat
[2009/09/22 17:18:09 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000A-00001102-00000004-20021102}.dat
[2009/09/22 17:02:05 | 00,516,573 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\cnn.com screen capture 2009-9-22-17-2-3.png
[2009/09/22 15:21:39 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/09/18 16:38:57 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/17 02:31:28 | 00,001,598 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\System Restore.lnk
[2009/09/17 01:18:46 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brian\Desktop\mbam-setup.exe
[2009/09/17 01:03:14 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/17 00:57:36 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/16 16:57:29 | 00,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/16 16:57:29 | 00,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/16 16:57:28 | 00,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/16 16:54:24 | 00,125,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/16 16:33:33 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/09/16 16:24:53 | 00,000,197 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/16 02:42:21 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\settings.dat
[2009/09/16 01:32:12 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\hublah.exe
[2009/09/14 21:52:28 | 00,451,366 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\www.weather.com screen capture 2009-9-14-21-52-26.png
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/07 17:53:04 | 00,000,577 | -H-- | M] () -- C:\Documents and Settings\Brian\My Documents\My Sharing Folders.lnk
[2009/09/04 16:22:33 | 08,948,631 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\07-embrace_annihilation-qtxmp3.mp3
[2009/09/04 16:22:33 | 07,197,090 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\03-still_i_rise-qtxmp3.mp3
[2009/09/04 16:22:33 | 01,776,562 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\01-the_path_to_imminent_ruin-qtxmp3.mp3
[2009/09/04 00:09:29 | 05,696,636 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\01 Two Demons.wma
[2009/09/04 00:09:29 | 05,043,474 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\06 Path to the Eternal Gods.wma
[2009/09/04 00:09:02 | 12,208,951 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\02-my_demise-qtxmp3.mp3
[2009/09/04 00:09:02 | 11,771,240 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\10-dead_and_gone-qtxmp3.mp3
[2009/09/04 00:09:02 | 10,733,885 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\09-a_public_execution-qtxmp3.mp3
[2009/09/04 00:09:02 | 07,576,625 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\05-king_of_nothing-qtxmp3.mp3
[2009/09/04 00:09:02 | 07,487,878 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\06-the_taste_of_fear-qtxmp3.mp3
[2009/09/04 00:09:02 | 06,968,867 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\08-picture_perfect-qtxmp3.mp3
[2009/09/04 00:09:02 | 06,561,807 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\04-war-qtxmp3.mp3
[2009/09/04 00:09:02 | 00,046,717 | -H-- | M] () -- C:\Documents and Settings\Brian\My Documents\AlbumArt_{1ABB9CC1-1B91-4290-859B-27F4112B176F}_Large.jpg
[2009/09/04 00:08:35 | 00,046,717 | -H-- | M] () -- C:\Documents and Settings\Brian\My Documents\ZuneArt_{215AA80A-A5A5-44A5-BB20-599291E13E61}.jpg
[2009/09/04 00:03:07 | 81,176,475 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\SF.R.zip
[2009/09/03 17:50:22 | 00,015,878 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\Buddy Guy - Skin Deep (2008) [MP3@VBR][colombo-bt[1][1].org] [mininova].torrent
[2009/09/03 17:38:43 | 16,627,3024 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\64SkinDeep2008.rar.part
[2009/09/03 16:34:04 | 93,872,700 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\a.cd.c.bl.k.i.ce.TVF.rar
[2009/09/03 16:32:53 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Brian\My Documents\64SkinDeep2008.rar

========== Files - No Company Name ==========
[2009/10/02 02:30:26 | 01,098,160 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\sports.yahoo.com screen capture 2009-10-2-2-30-22.png
[2009/10/01 02:46:58 | 00,388,598 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\centralillinoisproud.com screen capture 2009-10-1-2-46-57.png
[2009/09/30 20:03:00 | 00,000,254 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\www.pjstar.com screen capture 2009-9-30-20-3-0.png
[2009/09/30 20:02:30 | 00,061,765 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\www.pjstar.com screen capture 2009-9-30-20-2-30.png
[2009/09/22 17:23:13 | 00,000,492 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Brian.job
[2009/09/22 17:22:30 | 00,000,478 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Brian.job
[2009/09/22 17:21:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/22 17:02:05 | 00,516,573 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\cnn.com screen capture 2009-9-22-17-2-3.png
[2009/09/22 15:21:39 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/09/17 01:03:14 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/16 16:24:53 | 00,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/16 02:42:21 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\settings.dat
[2009/09/16 01:59:42 | 21,467,50464 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/14 21:52:27 | 00,451,366 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\www.weather.com screen capture 2009-9-14-21-52-26.png
[2009/09/13 16:10:46 | 00,001,598 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\System Restore.lnk
[2009/09/04 00:09:46 | 00,046,717 | -H-- | C] () -- C:\Documents and Settings\Brian\My Documents\ZuneArt_{215AA80A-A5A5-44A5-BB20-599291E13E61}.jpg
[2009/09/04 00:09:46 | 00,046,717 | -H-- | C] () -- C:\Documents and Settings\Brian\My Documents\AlbumArt_{1ABB9CC1-1B91-4290-859B-27F4112B176F}_Large.jpg
[2009/09/04 00:06:45 | 11,771,240 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\10-dead_and_gone-qtxmp3.mp3
[2009/09/04 00:06:43 | 10,733,885 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\09-a_public_execution-qtxmp3.mp3
[2009/09/04 00:06:43 | 08,948,631 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\07-embrace_annihilation-qtxmp3.mp3
[2009/09/04 00:06:43 | 06,968,867 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\08-picture_perfect-qtxmp3.mp3
[2009/09/04 00:06:42 | 07,576,625 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\05-king_of_nothing-qtxmp3.mp3
[2009/09/04 00:06:42 | 07,487,878 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\06-the_taste_of_fear-qtxmp3.mp3
[2009/09/04 00:06:42 | 07,197,090 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\03-still_i_rise-qtxmp3.mp3
[2009/09/04 00:06:42 | 06,561,807 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\04-war-qtxmp3.mp3
[2009/09/04 00:06:41 | 12,208,951 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\02-my_demise-qtxmp3.mp3
[2009/09/04 00:06:41 | 01,776,562 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\01-the_path_to_imminent_ruin-qtxmp3.mp3
[2009/09/03 23:52:21 | 81,176,475 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\SF.R.zip
[2009/09/03 17:50:21 | 00,015,878 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\Buddy Guy - Skin Deep (2008) [MP3@VBR][colombo-bt[1][1].org] [mininova].torrent
[2009/09/03 16:32:53 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\64SkinDeep2008.rar
[2009/09/03 16:32:49 | 16,627,3024 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\64SkinDeep2008.rar.part
[2009/09/03 16:21:39 | 93,872,700 | ---- | C] () -- C:\Documents and Settings\Brian\My Documents\a.cd.c.bl.k.i.ce.TVF.rar
[2008/09/07 16:41:36 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2008/06/22 17:28:08 | 00,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/06/22 17:28:08 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/06/22 17:28:08 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/06/22 17:28:07 | 03,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/06/22 17:28:05 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2007/02/16 17:01:21 | 00,171,336 | -H-- | C] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\IconCache.db
[2007/01/17 19:52:30 | 00,000,030 | ---- | C] () -- C:\WINDOWS\xoloxexe.INI
[2006/11/15 15:00:51 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2006/11/05 20:43:32 | 00,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2006/11/05 20:32:40 | 00,000,034 | ---- | C] () -- C:\WINDOWS\System32\sitinfo.dll
[2006/11/05 20:31:40 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\sitdat5.dll
[2006/06/22 19:49:38 | 00,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2006/06/22 19:48:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2006/06/20 21:37:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2006/06/20 21:36:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2006/05/24 14:29:55 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/01/07 07:13:25 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/26 15:13:39 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Brian\Application Data\00000B94_VTS_1.IFO
[2005/11/26 15:13:39 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\Brian\Application Data\00000B94_VTS_0.IFO
[2005/11/26 15:12:55 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Brian\Application Data\000009AC_VTS_1.IFO
[2005/11/26 15:12:55 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\Brian\Application Data\000009AC_VTS_0.IFO
[2005/11/26 06:51:32 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Brian\Application Data\00000340_VTS_1.IFO
[2005/11/26 06:51:32 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\Brian\Application Data\00000340_VTS_0.IFO
[2005/10/09 23:55:29 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/08/16 15:34:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/02/22 02:09:19 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\micrs.dll
[2005/02/17 17:01:29 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/02/12 15:41:45 | 00,000,182 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2005/01/04 00:37:34 | 00,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/01/04 00:37:34 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\91B1AF42A3.sys
[2004/12/31 16:50:24 | 00,086,030 | ---- | C] () -- C:\WINDOWS\System32\msdjgk.dll
[2004/11/25 20:35:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/23 21:03:21 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/11/23 21:03:21 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/11/23 20:40:45 | 00,001,806 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/18 00:36:49 | 00,014,211 | R--- | C] () -- C:\WINDOWS\twacker.ini
[2004/11/16 18:01:51 | 00,000,191 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/11/12 01:51:41 | 00,021,000 | ---- | C] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/11/12 01:22:49 | 00,208,384 | ---- | C] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/12 01:01:57 | 00,000,083 | ---- | C] () -- C:\Documents and Settings\Brian\Application Data\sversion.ini
[2004/11/11 18:40:10 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2004/11/11 18:28:44 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/11/11 18:27:49 | 00,043,516 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2004/11/11 18:27:49 | 00,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/11/11 18:25:44 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/11 18:18:32 | 00,003,258 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/11/11 18:18:31 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/11/11 18:17:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Brian\Application Data\desktop.ini
[2004/11/11 09:10:53 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/10/26 17:39:05 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/04 07:00:00 | 00,000,658 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/03/09 15:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2009/09/17 01:02:51 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2005/02/14 19:46:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2005/08/16 15:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2007/10/07 18:31:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/03/07 22:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/09/15 17:36:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Brian\Application Data
[2006/01/07 07:16:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\acccore
[2005/02/22 02:38:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Ahead
[2005/07/14 13:34:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Aim
[2009/09/25 15:50:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\CopyToDvd
[2005/02/12 15:10:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\InterTrust
[2006/01/11 04:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Messenger History
[2006/11/11 04:55:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Netscape
[2006/11/05 19:32:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Opera
[2009/08/19 17:04:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\pdtsoftware
[2009/09/15 17:36:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Uniblue
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2005/02/19 18:10:11 | 00,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1100646444.job
[2009/09/23 15:45:53 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/10/02 21:00:01 | 00,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Malwarebytes' Scheduled Scan for Brian.job
[2009/10/03 12:00:00 | 00,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\Malwarebytes' Scheduled Update for Brian.job
[2009/10/02 16:34:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
< End of report >


Malwarebytes' Anti-Malware 1.41
Database version: 2902
Windows 5.1.2600 Service Pack 3

10/3/2009 4:51:28 PM
mbam-log-2009-10-03 (16-51-28).txt

Scan type: Quick Scan
Objects scanned: 114624
Time elapsed: 10 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#6 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:06:55 PM

Posted 03 October 2009 - 05:38 PM

Hi bg523,


Step #1

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):


Java 2 Runtime Environment, SE v1.4.2_01
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Adobe Reader 6.0.1
Adobe Acrobat 5.0
Burn4Free Toolbar




Step #2

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
    O4 - HKLM..\Run: [] File not found
    
    :Files
    C:\Program Files\Burn4Free Toolbar
    C:\WINDOWS\System32\91B1AF42A3.sys
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
Step #3

Also, I recommend you uninstall Ad-Aware SE, as it is outdated. There is a newer free version called Ad-Aware AE Free, and it has better detection and even provides real-time protection.



Step #4


Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean


Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack.

Please go to the link below to update.

http://www.adobe.com/products/acrobat/readstep2.html



Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586.exe and select "Run as an Administrator.")

Edited by SpySentinel, 03 October 2009 - 05:43 PM.

Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#7 bg523

bg523
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 03 October 2009 - 07:15 PM

Ok...I completed all of that except for the Adobe Reader. It just won't install. It will show 'Installing Adobe Download Manager...', and after a minute, I get a message that says "Installation is corrupt! (16248.202.235 - 42072312.80040154.FFFFFFFF.80040154)"

#8 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:06:55 PM

Posted 03 October 2009 - 09:37 PM

Can you post the OTL log.

It is located under C:\_OTL
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#9 bg523

bg523
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 04 October 2009 - 02:33 PM

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}\ not found.
File C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}\ not found.
File C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\Burn4Free Toolbar not found.
C:\WINDOWS\System32\91B1AF42A3.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Brian
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\etilqs_Kax26KtBXHSmi3v1JDDx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\Perflib_Perfdata_358.dat scheduled to be deleted on reboot.
->Temp folder emptied: 1155934732 bytes
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 136556680 bytes
->Java cache emptied: 24094820 bytes
File delete failed. C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 153724685 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 314617 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 2358891 bytes
%systemroot%\System32 .tmp files removed: 8498033 bytes
Windows Temp folder emptied: 73648465 bytes
RecycleBin emptied: 19300354 bytes

Total Files Cleaned = 1501.65 mb


OTL by OldTimer - Version 3.0.18.2 log created on 10032009_181802

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\etilqs_Kax26KtBXHSmi3v1JDDx not found!
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\Perflib_Perfdata_358.dat not found!
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

#10 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:06:55 PM

Posted 04 October 2009 - 02:57 PM

Please download ATF Cleaner by Atribune.
This program is for Vista, XP, and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.




Go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#11 bg523

bg523
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 04 October 2009 - 06:22 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, October 4, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, October 04, 2009 21:08:04
Records in database: 2910507
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
H:\
I:\

Scan statistics:
Objects scanned: 117103
Threats found: 20
Infected objects found: 21
Suspicious objects found: 1
Scan duration: 02:39:00


File name / Threat / Threats count
C:\Documents and Settings\Brian\My Documents\refog_setup_pm_532.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.gw 1
C:\WINDOWS\Windows Update Setup Files\searchbarsetup.exe Infected: not-a-virus:AdWare.Win32.Mostofate.f 1
D:\filelib\Konvor\Kerri\Miscellaneous\file.html Suspicious: Exploit.HTML.Iframe.FileDownload 1
D:\My Shared Folder\kmd15_en.exe Infected: not-a-virus:AdWare.Win32.Cydoor 2
D:\My Shared Folder\kmd15_en.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\My Shared Folder\kmd15_en.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av 1
D:\My Shared Folder\kmd15_en.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au 1
D:\My Shared Folder\kmd15_en.exe Infected: not-a-virus:AdWare.Win32.CommonName.g 1
D:\My Shared Folder\kmd15_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 2
D:\My Shared Folder\kmd15_en.exe Infected: not-a-virus:AdWare.Win32.Altnet.a 1
D:\My Shared Folder\kmd15_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 1
D:\My Shared Folder\kmd15_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d 1
D:\My Shared Folder\kmd15_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e 1
D:\My Shared Folder\kmd15_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f 1
D:\My Shared Folder\kmd15_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 1
D:\My Shared Folder\kmd15_en.exe Infected: Trojan.Win32.Krepper.y 1
D:\My Shared Folder\kmd15_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.i 1
D:\My Shared Folder\kmd15_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a 1
D:\My Shared Folder\kmd15_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b 1
D:\Program Files\Altnet\Download Manager\asmps.dll Infected: not-a-virus:AdWare.Win32.Altnet.b 1

Selected area has been scanned.

#12 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:06:55 PM

Posted 05 October 2009 - 12:30 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    D:\My Shared Folder\kmd15_en.exe
    D:\filelib\Konvor\Kerri\Miscellaneous\file.html
    C:\WINDOWS\Windows Update Setup Files\searchbarsetup.exe
    C:\Documents and Settings\Brian\My Documents\refog_setup_pm_532.exe
    D:\Program Files\Altnet
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Edited by SpySentinel, 05 October 2009 - 12:30 AM.

Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#13 bg523

bg523
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 05 October 2009 - 01:27 AM

All processes killed
========== FILES ==========
D:\My Shared Folder\kmd15_en.exe moved successfully.
D:\filelib\Konvor\Kerri\Miscellaneous\file.html moved successfully.
C:\WINDOWS\Windows Update Setup Files\searchbarsetup.exe moved successfully.
C:\Documents and Settings\Brian\My Documents\refog_setup_pm_532.exe moved successfully.
D:\Program Files\Altnet\My Altnet Shares moved successfully.
D:\Program Files\Altnet\Download Manager moved successfully.
D:\Program Files\Altnet moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Brian
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\Arj.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\avlib.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\Avp1.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\AvpMgr.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\btimages.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\CAB.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\dmap.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\dtreg.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\FSSync.dll scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\HashCont.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\HashMD5.PPL scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\Inflate.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\kosglue-7.0.26.0.dll scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\MailMsg.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\MDMAP.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\MemModSc.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\MemScan.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\NTFSstrm.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\prseqio.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\Quantum.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\UnLZX.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\UnStored.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\hsperfdata_Brian\2196 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\hsperfdata_Brian\3600 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\etilqs_IciamuawR9TafXikD4BW scheduled to be deleted on reboot.
->Temp folder emptied: 82282092 bytes
File delete failed. C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 3043060 bytes
File delete failed. C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-7edb936c scheduled to be deleted on reboot.
->Java cache emptied: 25621446 bytes
File delete failed. C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 95939482 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b28.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 197.35 mb


OTL by OldTimer - Version 3.0.18.2 log created on 10052009_012146

Files\Folders moved on Reboot...
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\Arj.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\avlib.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\Avp1.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\AvpMgr.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\btimages.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\CAB.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\dmap.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\dtreg.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\FsDrvPlg.ppl moved successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\FSSync.dll
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\FSSync.dll NOT unregistered.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\FSSync.dll moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\HashCont.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\HashMD5.PPL moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\HCCMP.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\ichk2.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\iChkSA.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\Inflate.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\IWGen.ppl moved successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\kave.dll
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\kave.dll NOT unregistered.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\kave.dll moved successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\kosglue-7.0.26.0.dll
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\kosglue-7.0.26.0.dll NOT unregistered.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\kosglue-7.0.26.0.dll moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\lha.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\L_llio.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\MailMsg.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\mdb.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\MDMAP.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\MemModSc.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\MemScan.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\minizip.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\MKavIO.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\msoe.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\nfio.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\NTFSstrm.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\prKernel.ppl moved successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\prLoader.dll
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\prLoader.dll NOT unregistered.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\prLoader.dll moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\prseqio.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\PrUtil.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\Quantum.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\rar.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\ScanningProcess.exe moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\sfdb.PPL moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\TempFile.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\thpimpl.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\UniArc.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\UnLZX.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\UnStored.ppl moved successfully.
C:\Documents and Settings\Brian\Local Settings\Temp\jkos-Brian\binaries\WDiskIO.ppl moved successfully.
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\hsperfdata_Brian\2196 not found!
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\hsperfdata_Brian\3600 not found!
File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\etilqs_IciamuawR9TafXikD4BW not found!
C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-7edb936c moved successfully.
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57y4bed.default\XUL.mfl moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_b28.dat not found!

Registry entries deleted on Reboot...

#14 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:06:55 PM

Posted 05 October 2009 - 02:14 PM

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#15 bg523

bg523
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 05 October 2009 - 02:57 PM

Attached are the info.txt and log.txt logs.

Attached Files

  • Attached File  info.txt   43.85KB   13 downloads
  • Attached File  log.txt   38.11KB   9 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users