Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tried to follow the Prep Guide but were unable to get DDS to run


  • This topic is locked This topic is locked
12 replies to this topic

#1 nick2222

nick2222

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 19 September 2009 - 02:57 AM

[code=auto:0] Having problems with windows police pro, slow computer, shuts down by itself sometimes,google redirects, cant run malwareantibytes or rootrepeal. Heres my log

2009-09-19,02:51:54

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Scheduled Tasks
Windows Security Update Check
API HOOK
Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<AIM><C:\Program Files\AIM\aim.exe -cnetwait.odl> [File is missing]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows Component Publisher]
<swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
<DellSupport><"C:\Program Files\DellSupport\DSAgnt.exe" /startup> [(Verified)Dell Inc.]
<DellTransferAgent><"C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"> [ ]
<SpybotSD TeaTimer><C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe> [(Verified)Safer Networking Ltd.]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<inixs><C:\WINDOWS\system32\minix32.exe> [File is missing]
<WIndows Rescue Disk><C:\DOCUME~1\Nick\LOCALS~1\Temp\taskmgr.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Persistence><C:\WINDOWS\system32\igfxpers.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<DMXLauncher><C:\Program Files\Dell\Media Experience\DMXLauncher.exe> []
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
<Norton Ghost 10.0><"C:\Program Files\Norton Ghost\Agent\GhostTray.exe"> [(Verified)Symantec Corporation]
<MCAgentExe><c:\PROGRA~1\mcafee.com\agent\mcagent.exe> [McAfee, Inc]
<MCUpdateExe><c:\PROGRA~1\mcafee.com\agent\mcupdate.exe> [McAfee, Inc]
<MSKDetectorExe><C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup> [McAfee, Inc.]
<DLA><C:\WINDOWS\System32\DLA\DLACTRLW.EXE> [Sonic Solutions]
<ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup> [InstallShield Software Corporation]
<ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation]
<Google Desktop Search><"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup> [(Verified)Google Inc.]
<MSKAGENTEXE><C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe> [McAfee Inc.]
<MPFExe><C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe> [(Verified)"McAfee, Inc."]
<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<POINTER><point32.exe> [N/A]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<avgnt><"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min> [File is missing]
<Windows Defender><"C:\Program Files\Windows Defender\MSASCui.exe" -hide> [File is missing]
<Microsoft Default Manager><"C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume> [(Verified)Microsoft Corporation]
<braviax><braviax.exe> []
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe rundll32.exe tftp.nfo beforegllav> [N/A]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><cru629.dat> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{BA603215-23F2-42AD-F4E4-00AAC39CAA53}><C:\WINDOWS\system32\nzfiu3h78di.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<Internet Explorer Version Update><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{19FB76C6-DBEF-44B5-A053-ECDF5F855A07}]
<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig> [(Verified)Micros

Edited by nick2222, 19 September 2009 - 08:36 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:22 PM

Posted 06 October 2009 - 04:34 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 nick2222

nick2222
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 06 October 2009 - 02:52 PM

OTL logfile created on: 10/6/2009 2:49:48 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Nick\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 184.65 Mb Available Physical Memory | 36.21% Memory free
1.22 Gb Paging File | 0.87 Gb Available in Paging File | 71.91% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 96.23 Gb Free Space | 88.62% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 37.17 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICHOLAS
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2004/12/13 15:30:10 | 00,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/12/13 15:30:04 | 00,198,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/04/07 12:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2005/12/07 16:05:12 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\System32\GEARSec.exe
PRC - [2009/04/13 23:04:35 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/10/13 19:56:16 | 00,126,976 | ---- | M] (McAfee, Inc) -- c:\program files\mcafee.com\agent\mcdetect.exe
PRC - [2005/08/24 16:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2004/10/14 19:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2005/04/05 19:19:18 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/04/05 19:23:14 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2005/10/05 03:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/12/13 15:30:00 | 00,058,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/09/22 18:29:08 | 00,303,104 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/09/08 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2008/08/26 10:30:07 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2005/11/11 16:43:04 | 00,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
PRC - [2005/09/26 10:26:58 | 00,110,592 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
PRC - [2005/11/11 17:00:56 | 01,005,096 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2009/04/13 23:04:35 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/08/05 15:08:26 | 00,067,160 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/11/13 16:46:00 | 00,135,168 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
PRC - [2003/10/29 02:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2004/09/15 12:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/26 10:30:07 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2004/08/04 05:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2005/11/11 16:42:12 | 00,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2007/01/04 16:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
PRC - [2009/10/06 14:49:31 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\My Documents\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/04/07 12:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
SRV - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/12/13 15:30:04 | 00,198,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2004/12/13 15:30:08 | 00,079,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2004/12/13 15:30:10 | 00,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2005/12/07 16:05:12 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\System32\GEARSec.exe -- (GEARSecurity [Auto | Running])
SRV - [2008/08/26 10:30:07 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
SRV - [2009/02/16 18:36:20 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 05:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/04/13 23:04:35 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/10/13 19:56:16 | 00,126,976 | ---- | M] (McAfee, Inc) -- c:\program files\mcafee.com\agent\mcdetect.exe -- (McDetect.exe [Auto | Running])
SRV - [2005/08/24 16:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe [Auto | Running])
SRV - [2005/07/01 19:22:50 | 00,245,760 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe [On_Demand | Stopped])
SRV - [2005/11/11 16:43:04 | 00,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService [Auto | Running])
SRV - [2005/07/12 18:10:18 | 00,963,072 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService [Auto | Stopped])
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2005/12/07 16:05:34 | 02,066,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost [On_Demand | Stopped])
SRV - [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2006/08/16 11:32:47 | 00,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2004/09/15 12:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2006/08/16 11:29:24 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [2008/06/18 10:49:16 | 00,049,904 | R--- | M] (Avanquest Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5 [On_Demand | Stopped])
DRV - File not found -- -- (catchme [On_Demand | Running])
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/09/08 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/09/08 05:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/09/08 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/09/08 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/09/08 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2004/02/10 20:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys -- (GearAspiWDM [System | Running])
DRV - [2003/11/17 21:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 21:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2005/04/05 19:46:28 | 00,830,684 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2001/05/09 21:00:28 | 00,010,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\IPFilter.sys -- (IPFilter [On_Demand | Running])
DRV - [2003/04/09 18:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2005/11/11 16:43:52 | 00,080,640 | ---- | M] (McAfee) -- C:\WINDOWS\System32\Drivers\MpFirewall.sys -- (MPFIREWL [System | Running])
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/01/26 02:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/09/17 14:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2005/03/22 17:08:40 | 00,260,224 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2006/08/16 11:32:47 | 00,004,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2005/12/07 16:05:26 | 00,144,880 | ---- | M] (StorageCraft) -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap [Boot | Running])
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2005/12/07 16:05:24 | 00,056,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount [System | Running])
DRV - [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2003/11/17 21:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2177468711-111569918-401784742-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2177468711-111569918-401784742-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2177468711-111569918-401784742-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2177468711-111569918-401784742-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2177468711-111569918-401784742-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2177468711-111569918-401784742-1006\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
IE - HKU\S-1-5-21-2177468711-111569918-401784742-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2177468711-111569918-401784742-1006\S-1-5-21-2177468711-111569918-401784742-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/13 23:04:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B08FF45D-F73F-4BEE-8CF9-0218C7613CBD}: C:\Documents and Settings\Nick\Local Settings\Application Data\{B08FF45D-F73F-4BEE-8CF9-0218C7613CBD} [2009/09/23 17:34:09 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2177468711-111569918-401784742-1006\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-2177468711-111569918-401784742-1006\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKU\S-1-5-21-2177468711-111569918-401784742-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-2177468711-111569918-401784742-1006..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKU\S-1-5-21-2177468711-111569918-401784742-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2177468711-111569918-401784742-1006..\Run: [DellTransferAgent] C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( )
O4 - HKU\S-1-5-21-2177468711-111569918-401784742-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2177468711-111569918-401784742-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2177468711-111569918-401784742-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2177468711-111569918-401784742-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2177468711-111569918-401784742-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2177468711-111569918-401784742-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2177468711-111569918-401784742-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2177468711-111569918-401784742-1006_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html ()
O9 - Extra Button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Nick\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra 'Tools' menuitem : UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Nick\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/famil.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/10/03 12:16:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Common Files
[2009/09/26 15:33:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\COREL
[2009/09/23 17:34:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Local Settings\Application Data\{B08FF45D-F73F-4BEE-8CF9-0218C7613CBD}
[2009/10/06 14:49:28 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nick\My Documents\OTL.exe
[2009/10/06 05:02:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/10/05 18:10:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/05 18:01:28 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/05 13:00:08 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/10/05 12:37:57 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/05 12:37:57 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/05 12:37:57 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/05 12:37:57 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/05 12:37:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/05 12:36:17 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/04 19:20:13 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/09/26 15:33:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\QPPriv
[2009/09/18 15:11:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/18 15:11:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/18 14:00:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/09/09 13:03:02 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/10/06 14:49:31 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\My Documents\OTL.exe
[2009/10/05 23:16:55 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/05 18:13:56 | 00,101,824 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2009/10/05 18:13:22 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/05 18:12:43 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/05 18:12:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/05 18:12:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/05 18:12:34 | 53,482,7008 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/05 18:01:38 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/05 12:35:03 | 03,325,144 | R--- | M] () -- C:\Documents and Settings\Nick\My Documents\Combo-Fix.exe
[2009/10/05 11:50:22 | 00,001,723 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\PlayersOnly Poker.lnk
[2009/10/04 22:57:44 | 04,312,368 | -H-- | M] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\IconCache.db
[2009/10/04 20:13:15 | 00,010,498 | ---- | M] () -- C:\WINDOWS\is-AI8N5.msg
[2009/10/04 20:13:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/04 20:13:15 | 00,000,462 | ---- | M] () -- C:\WINDOWS\is-AI8N5.lst
[2009/10/04 14:33:48 | 00,102,660 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\SystemLook.exe
[2009/09/30 20:08:49 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/30 14:19:21 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\rulijivu
[2009/09/30 14:18:14 | 00,000,130 | ---- | M] () -- C:\WINDOWS\System32\grtg
[2009/09/25 14:54:13 | 00,025,600 | ---- | M] () -- C:\WINDOWS\System32\tftp.nfo
[2009/09/23 16:54:37 | 00,001,708 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Windows Police Pro.lnk
[2009/09/21 12:22:33 | 00,019,682 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ahix.lib
[2009/09/21 12:22:33 | 00,019,060 | ---- | M] () -- C:\WINDOWS\System32\ohyhuleqaf.db
[2009/09/21 12:22:33 | 00,015,097 | ---- | M] () -- C:\WINDOWS\asupob.db
[2009/09/21 12:22:33 | 00,014,535 | ---- | M] () -- C:\Program Files\Common Files\ruxuqewyq.lib
[2009/09/18 15:17:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\sUBs
[2009/09/18 14:43:11 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\settings.dat
[2009/09/18 13:53:34 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/09/15 13:13:28 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Bodog Poker.lnk
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/10 03:01:16 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files - No Company Name ==========
[2009/10/05 18:01:38 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/05 18:01:33 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/05 12:37:57 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/05 12:37:57 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/05 12:37:57 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/05 12:37:57 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/05 12:34:59 | 03,325,144 | R--- | C] () -- C:\Documents and Settings\Nick\My Documents\Combo-Fix.exe
[2009/10/04 20:13:15 | 00,010,498 | ---- | C] () -- C:\WINDOWS\is-AI8N5.msg
[2009/10/04 20:13:15 | 00,000,462 | ---- | C] () -- C:\WINDOWS\is-AI8N5.lst
[2009/10/03 19:09:56 | 00,102,660 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\SystemLook.exe
[2009/09/30 14:59:26 | 53,482,7008 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/30 14:18:14 | 00,000,130 | ---- | C] () -- C:\WINDOWS\System32\grtg
[2009/09/23 19:31:25 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\iniasd.txt
[2009/09/21 12:22:33 | 00,019,682 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ahix.lib
[2009/09/21 12:22:33 | 00,019,060 | ---- | C] () -- C:\WINDOWS\System32\ohyhuleqaf.db
[2009/09/21 12:22:33 | 00,015,097 | ---- | C] () -- C:\WINDOWS\asupob.db
[2009/09/21 12:22:33 | 00,014,535 | ---- | C] () -- C:\Program Files\Common Files\ruxuqewyq.lib
[2009/09/19 11:56:56 | 00,001,708 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Windows Police Pro.lnk
[2009/09/18 15:11:29 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/18 14:40:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\settings.dat
[2009/09/18 13:54:11 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\tftp.nfo
[2009/09/18 13:54:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\sUBs
[2009/08/30 21:52:42 | 00,017,274 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\anurajik.db
[2009/08/19 15:57:36 | 00,018,014 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\arowuk.ban
[2009/08/19 15:57:36 | 00,015,125 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\ynafeb.lib
[2009/08/19 15:57:36 | 00,012,491 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\otomuq.db
[2009/08/13 03:15:47 | 00,017,793 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\ajikaka._sy
[2009/08/13 03:15:47 | 00,010,549 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\erosamymu._dl
[2009/08/12 19:27:13 | 00,015,682 | ---- | C] () -- C:\Program Files\Common Files\ewokyryz.dat
[2009/08/12 19:27:13 | 00,014,933 | ---- | C] () -- C:\Program Files\Common Files\genyk.ban
[2009/08/12 19:27:13 | 00,013,037 | ---- | C] () -- C:\Program Files\Common Files\apuceheqy._dl
[2009/08/12 19:27:13 | 00,012,364 | ---- | C] () -- C:\Program Files\Common Files\pasam.lib
[2009/08/12 19:27:13 | 00,011,221 | ---- | C] () -- C:\Program Files\Common Files\icos.sys
[2009/08/12 19:27:13 | 00,010,654 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\logyg.lib
[2009/08/12 19:27:12 | 00,018,644 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\tewa._dl
[2009/08/12 19:27:12 | 00,016,703 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ogikugapu.pif
[2009/08/12 19:27:12 | 00,015,644 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dazafazyl.lib
[2009/08/12 19:27:12 | 00,015,313 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lidymos.lib
[2009/08/12 19:27:12 | 00,014,995 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\nejizujop.pif
[2009/08/12 19:27:12 | 00,012,286 | ---- | C] () -- C:\Program Files\Common Files\ebumycy.sys
[2009/08/12 19:27:12 | 00,011,805 | ---- | C] () -- C:\Program Files\Common Files\huqul.bin
[2009/08/12 18:07:13 | 00,019,194 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\akyfukyv.dl
[2009/08/12 18:07:13 | 00,010,651 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\atylux.ban
[2009/08/12 18:07:13 | 00,010,490 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\exynyvuz.dl
[2009/08/12 18:07:13 | 00,010,061 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yguvibop.ban
[2007/12/09 00:05:58 | 00,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/25 14:11:07 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/16 12:17:00 | 00,038,616 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/08/20 17:03:50 | 04,312,368 | -H-- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\IconCache.db
[2006/08/20 17:03:50 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Nick\Application Data\desktop.ini
[2006/08/16 11:43:32 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/16 11:35:59 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/16 11:32:59 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/16 11:08:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/08/16 11:08:40 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/10 12:51:28 | 00,000,682 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 12:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
< End of report >

OTL Extras logfile created on: 10/6/2009 2:49:48 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Nick\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 184.65 Mb Available Physical Memory | 36.21% Memory free
1.22 Gb Paging File | 0.87 Gb Available in Paging File | 71.91% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 96.23 Gb Free Space | 88.62% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 37.17 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICHOLAS
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Toolbar" = AOL Toolbar 2.0
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"Bodog Poker_is1" = Bodog Poker
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Google Desktop" = Google Desktop
"ie8" = Windows Internet Explorer 8
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"PlayersOnly Poker" = PlayersOnly Poker
"PokerStars" = PokerStars
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"UltimateBet" = UltimateBet
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2177468711-111569918-401784742-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/4/2009 11:09:28 PM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 10/4/2009 11:10:14 PM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00406a05.

Error - 10/5/2009 12:01:05 AM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 10/5/2009 12:03:55 AM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 10/5/2009 12:04:41 AM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00406a05.

Error - 10/5/2009 12:34:22 AM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 10/5/2009 12:35:09 AM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00406a05.

Error - 10/5/2009 12:17:03 PM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 10/5/2009 12:17:10 PM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00406a05.

Error - 10/5/2009 1:31:48 PM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application d.exe, version 0.0.0.0, faulting module d.exe,
version 0.0.0.0, fault address 0x0000e196.

[ Application Events ]
Error - 10/4/2009 11:09:28 PM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 10/4/2009 11:10:14 PM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00406a05.

Error - 10/5/2009 12:01:05 AM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 10/5/2009 12:03:55 AM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 10/5/2009 12:04:41 AM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00406a05.

Error - 10/5/2009 12:34:22 AM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 10/5/2009 12:35:09 AM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00406a05.

Error - 10/5/2009 12:17:03 PM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 10/5/2009 12:17:10 PM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00406a05.

Error - 10/5/2009 1:31:48 PM | Computer Name = NICHOLAS | Source = Application Error | ID = 1000
Description = Faulting application d.exe, version 0.0.0.0, faulting module d.exe,
version 0.0.0.0, fault address 0x0000e196.

[ System Events ]
Error - 10/5/2009 7:14:54 PM | Computer Name = NICHOLAS | Source = Service Control Manager | ID = 7000
Description = The McAfee SpamKiller Server service failed to start due to the following
error: %%1053

Error - 10/5/2009 7:16:56 PM | Computer Name = NICHOLAS | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MskService
with arguments "" in order to run the server: {5109B8D8-73AF-4C41-A70E-73707E1F908A}

Error - 10/5/2009 7:16:56 PM | Computer Name = NICHOLAS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server
service to connect.

Error - 10/5/2009 7:16:56 PM | Computer Name = NICHOLAS | Source = Service Control Manager | ID = 7000
Description = The McAfee SpamKiller Server service failed to start due to the following
error: %%1053

Error - 10/5/2009 9:30:51 PM | Computer Name = NICHOLAS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/5/2009 9:30:51 PM | Computer Name = NICHOLAS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 10/5/2009 9:30:51 PM | Computer Name = NICHOLAS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Bodog Poker\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 10/6/2009 2:27:02 PM | Computer Name = NICHOLAS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/6/2009 2:27:02 PM | Computer Name = NICHOLAS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 10/6/2009 2:27:02 PM | Computer Name = NICHOLAS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Bodog Poker\MFC80.DLL.
Reference
error message: The operation completed successfully. .


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:22 PM

Posted 08 October 2009 - 04:59 AM

Hi,

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

Please provide the log from the Combofix run. Are you still having trouble with your PC? Please also include a scan with rootrepeal:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 nick2222

nick2222
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 08 October 2009 - 11:25 AM

I had a pro help with combofix not on my own. the problem im having still is the windows police pro icon is still on my computer.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:22 PM

Posted 09 October 2009 - 05:05 AM

Hi,

could you please provide the logs from Combofix and the one from Rootrepeal.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 nick2222

nick2222
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 09 October 2009 - 01:51 PM

ComboFix 09-10-04.01 - Nick 10/05/2009 18:05.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.288 [GMT -5:00]
Running from: c:\documents and settings\Nick\My Documents\Combo-Fix.exe
Command switches used :: c:\documents and settings\Nick\My Documents\CFScript.txt
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\documents and settings\All Users\Application Data\gewebijiqy.exe"
"c:\documents and settings\All Users\Application Data\gilepacyzu.dll"
"c:\documents and settings\All Users\Application Data\lyvovilu.scr"
"c:\documents and settings\All Users\Application Data\uricudaned.scr"
"c:\documents and settings\All Users\Application Data\xemozesat.com"
"c:\documents and settings\All Users\Application Data\xizisecigu.dat"
"c:\documents and settings\All Users\Application Data\zene.scr"
"c:\documents and settings\Nick\Application Data\acifavag.bin"
"c:\documents and settings\Nick\Application Data\imisukap.scr"
"c:\documents and settings\Nick\Application Data\vepog.bin"
"c:\documents and settings\Nick\Application Data\wewam.pif"
"c:\documents and settings\Nick\Local Settings\Application Data\amedizogus.com"
"c:\documents and settings\Nick\Local Settings\Application Data\fusifusiha.exe"

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/09 13:36
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEEACF000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8D7F000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE863000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Status: Locked to the Windows API!

Path: C:\WINDOWS\msdownld.tmp\msdownld.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\mui\mui
Status: Locked to the Windows API!

Path: C:\WINDOWS\Config\Config
Status: Locked to the Windows API!

Path: C:\WINDOWS\Connection Wizard\Connection Wizard
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp98\imejp98
Status: Locked to the Windows API!

Path: C:\WINDOWS\Registration\CRMLog\CRMLog
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB918899\KB918899
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB920213\KB920213
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB922760\KB922760
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB924496\KB924496
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB925454\KB925454
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB928090\KB928090
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB929338\KB929338
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB931768\KB931768
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB931784\KB931784
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB932168\KB932168
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB933566\KB933566
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB937143\KB937143
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB939653\KB939653
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB942615\KB942615
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB943460\KB943460
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB944533\KB944533
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB947864\KB947864
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs
Status: Locked to the Windows API!

Path: C:\WINDOWS\java\classes\classes
Status: Locked to the Windows API!

Path: C:\WINDOWS\java\trustlib\trustlib
Status: Locked to the Windows API!

Path: C:\WINDOWS\msapps\msinfo\msinfo
Status: Locked to the Windows API!

Path: C:\WINDOWS\Debug\UserMode\UserMode
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\temp\temp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\tmp\tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\chsime\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\CHTIME\Applets\Applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imjp8_1\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imkr6_1\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imkr6_1\dicts\dicts
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\shared\res\res
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Status: Locked to the Windows API!

Path: C:\WINDOWS\Sun\Java\Deployment\Deployment
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Temp\Temp
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Status: Locked to the Windows API!

Path: C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz
Status: Locked to the Windows API!

Path: C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib
Status: Locked to the Windows API!

Path: C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70
Status: Locked to the Windows API!

Path: c:\documents and settings\nick\local settings\application data\microsoft\internet explorer\recovery\active\{0faa28c0-b504-11de-9410-00038a000015}.dat
Status: Size mismatch (API: 6656, Raw: 7168)

Path: C:\Documents and Settings\Nick\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{CFC06115-B500-11DE-9410-00038A000015}.dat
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Nick\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{2ADBFB50-B504-11DE-9410-00038A000015}.dat
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft
Status: Locked to the Windows API!

==EOF==
"c:\documents and settings\Nick\Local Settings\Application Data\gulamyjilo.sys"
"c:\documents and settings\Nick\Local Settings\Application Data\muqutykiz.com"
"C:\hwdgqmcw.exe"
"C:\imat.exe"
"C:\joxa.exe"
"C:\kqjopjiq.exe"
"C:\mlhlsvq.exe"
"C:\nqxbk.exe"
"c:\program files\Common Files\adahy.bin"
"c:\program files\Common Files\afijuq.dat"
"c:\program files\Common Files\axazahicy.dll"
"c:\program files\Common Files\beco._sy"
"c:\program files\Common Files\byqavixydo.dl"
"c:\program files\Common Files\fypumyz.db"
"c:\program files\Common Files\helivaw.lib"
"c:\program files\Common Files\kizaquvum.dl"
"c:\program files\Common Files\lolabijuq._dl"
"c:\program files\Common Files\myqovecy.db"
"c:\program files\Common Files\ohifufasu.bin"
"c:\program files\Common Files\osite.db"
"c:\program files\Common Files\viwyk.lib"
"c:\program files\Common Files\wuzekubosa.pif"
"c:\program files\Common Files\ylotorat.bin"
"C:\rlswn.exe"
"C:\rmeprraf.exe"
"c:\windows\demudab.pif"
"c:\windows\ecaqavody.dat"
"c:\windows\esot.sys"
"c:\windows\Gxewoxired.dat"
"c:\windows\ibirehag.dat"
"c:\windows\is-AI8N5.exe"
"c:\windows\mukygazet.dat"
"c:\windows\Rnezogovit.bin"
"c:\windows\system32\abyr.bin"
"c:\windows\system32\eqesyqow.com"
"c:\windows\system32\gydi.bin"
"c:\windows\system32\iTEBs6w6Rn.dll"
"c:\windows\system32\kofipulo.dll"
"c:\windows\system32\kusimu.exe"
"c:\windows\system32\muhavude.dll"
"c:\windows\system32\nNQ4vpNBRa.dll"
"c:\windows\system32\oqajy.com"
"c:\windows\system32\suhamose.dll"
"c:\windows\system32\vajudo.scr"
"c:\windows\system32\wtmet1.dll"
"c:\windows\system32\yhyfyrus.exe"
"c:\windows\win32k.sys"
"c:\windows\wkbyse.dll"
"c:\windows\ydis.com"
"C:\xrwy.exe"
"C:\yonm.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\gewebijiqy.exe
c:\documents and settings\All Users\Application Data\gilepacyzu.dll
c:\documents and settings\All Users\Application Data\lyvovilu.scr
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\uricudaned.scr
c:\documents and settings\All Users\Application Data\xemozesat.com
c:\documents and settings\All Users\Application Data\xizisecigu.dat
c:\documents and settings\All Users\Application Data\zene.scr
c:\documents and settings\Nick\Application Data\acifavag.bin
c:\documents and settings\Nick\Application Data\imisukap.scr
c:\documents and settings\Nick\Application Data\vepog.bin
c:\documents and settings\Nick\Application Data\wewam.pif
c:\documents and settings\Nick\Local Settings\Application Data\amedizogus.com
c:\documents and settings\Nick\Local Settings\Application Data\fusifusiha.exe
c:\documents and settings\Nick\Local Settings\Application Data\gulamyjilo.sys
c:\documents and settings\Nick\Local Settings\Application Data\muqutykiz.com
C:\hwdgqmcw.exe
C:\imat.exe
C:\joxa.exe
C:\kqjopjiq.exe
C:\mlhlsvq.exe
C:\nqxbk.exe
c:\program files\Common Files\adahy.bin
c:\program files\Common Files\afijuq.dat
c:\program files\Common Files\axazahicy.dll
c:\program files\Common Files\beco._sy
c:\program files\Common Files\byqavixydo.dl
c:\program files\Common Files\fypumyz.db
c:\program files\Common Files\helivaw.lib
c:\program files\Common Files\kizaquvum.dl
c:\program files\Common Files\lolabijuq._dl
c:\program files\Common Files\myqovecy.db
c:\program files\Common Files\ohifufasu.bin
c:\program files\Common Files\osite.db
c:\program files\Common Files\viwyk.lib
c:\program files\Common Files\wuzekubosa.pif
c:\program files\Common Files\ylotorat.bin
c:\program files\Shared
C:\rlswn.exe
C:\rmeprraf.exe
c:\windows\demudab.pif
c:\windows\ecaqavody.dat
c:\windows\esot.sys
c:\windows\Gxewoxired.dat
c:\windows\ibirehag.dat
c:\windows\is-AI8N5.exe
c:\windows\mukygazet.dat
c:\windows\Rnezogovit.bin
c:\windows\system32\abyr.bin
c:\windows\system32\eqesyqow.com
c:\windows\system32\gydi.bin
c:\windows\system32\iTEBs6w6Rn.dll
c:\windows\system32\kofipulo.dll
c:\windows\system32\kusimu.exe
c:\windows\system32\muhavude.dll
c:\windows\system32\nNQ4vpNBRa.dll
c:\windows\system32\oqajy.com
c:\windows\system32\suhamose.dll
c:\windows\system32\vajudo.scr
c:\windows\system32\wtmet1.dll
c:\windows\system32\yhyfyrus.exe
c:\windows\win32k.sys
c:\windows\wkbyse.dll
c:\windows\ydis.com
C:\xrwy.exe
C:\yonm.exe

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
.
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.

2009-10-05 18:00 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-03 17:16 . 2009-10-03 17:16 -------- d-----w- c:\documents and settings\Nick\Application Data\Common Files
2009-09-26 20:33 . 2009-09-26 20:33 -------- d-----w- c:\documents and settings\Nick\Application Data\COREL
2009-09-24 03:16 . 2009-09-24 03:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-24 03:15 . 2009-09-24 03:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache
2009-09-23 22:34 . 2009-09-23 22:34 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\{B08FF45D-F73F-4BEE-8CF9-0218C7613CBD}
2009-09-18 20:21 . 2009-09-18 20:21 0 ----a-w- c:\documents and settings\Nick\settings.dat
2009-09-18 20:11 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-18 20:11 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-18 19:07 . 2009-09-18 19:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-09 18:03 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 23:03 . 2008-06-05 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-05 22:04 . 2006-08-22 16:54 -------- d-----w- c:\program files\PokerStars
2009-10-05 21:43 . 2007-01-23 04:54 -------- d-----w- c:\program files\Full Tilt Poker
2009-10-05 21:28 . 2008-07-10 00:17 -------- d-----w- c:\program files\PlayersOnly Poker
2009-10-05 02:29 . 2009-09-03 02:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-21 17:22 . 2009-09-21 17:22 14535 ----a-w- c:\program files\Common Files\ruxuqewyq.lib
2009-09-17 05:47 . 2007-09-02 23:57 -------- d-----w- c:\program files\Absolute Poker
2009-09-15 18:13 . 2007-08-13 23:47 -------- d-----w- c:\program files\Bodog Poker
2009-09-13 18:02 . 2007-08-14 07:03 -------- d-----w- c:\program files\UltimateBet
2009-09-03 04:16 . 2009-08-30 18:07 -------- d-----w- c:\program files\Common Files\Uninstall
2009-08-31 03:09 . 2009-08-13 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-13 00:09 . 2009-08-12 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-08-13 00:05 . 2009-08-12 23:44 656 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-08-13 00:04 . 2009-08-12 23:45 74168 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-08-12 23:42 . 2006-08-16 16:33 -------- d-----w- c:\program files\McAfee.com
2009-08-12 23:30 . 2009-08-12 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-08-12 23:29 . 2009-08-12 23:29 -------- d-----w- c:\program files\Common Files\iS3
2009-08-12 22:39 . 2006-08-16 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2009-08-05 09:11 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-10 17:51 286720 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-26 29744]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-14 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-16 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/23/2007 6:47 PM 24652]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/16/2006 11:37 AM 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\Nick\Start Menu\Programs\UltimateBet\UltimateBet.lnk
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 18:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
[1].sys"


[HKEY_LOCAL_MACHINE\System\controlset002\Services\rootrepeal[1]]
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(696)
c:\windows\system32\WININET.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\gearsec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-10-05 18:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-05 23:17
ComboFix2.txt 2009-10-05 18:12

Pre-Run: 103,482,933,248 bytes free
Post-Run: 103,590,985,728 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
302 --- E O F --- 2009-09-27 20:07

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:22 PM

Posted 09 October 2009 - 05:01 PM

Hi,

the logs look pretty clean are you still experiencing problems?

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Your logs show that you have been visiting online poker sites with applets installed on your computer. I know that you may use these programs on a regular basis but I think it's important to note that often these kind of programs are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programmes if you do not use them anymore or did not install these programs yourself on purpose.
There are so many online poker games out there these days that it is close to impossible to keep track of whether a program is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the program, then you can do so by following the below steps:
  • Go to Start > Control Panel > Add or Remove Programs.
  • Remove the following poker programs (if they are present):
    PokerStars
    Full Tilt Poker
    PlayersOnly Poker
    Absolute Poker
    Bodog Poker
    UltimateBet
If you are unsure of how to use Add or Remove Programs, the please see this tutorial

Please run Malwarebytes:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Please post back the log and a description of the remaining problems.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 nick2222

nick2222
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 12 October 2009 - 02:11 PM

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

10/12/2009 2:09:49 PM
mbam-log-2009-10-12 (14-09-49).txt

Scan type: Quick Scan
Objects scanned: 104421
Time elapsed: 12 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 7
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\BN (Trojan.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D1 (Trojan.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D2 (Trojan.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D3 (Trojan.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\gd (Trojan.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\pr (Trojan.Ambler) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Nick\Start Menu\Programs\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Nick\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:22 PM

Posted 12 October 2009 - 04:35 PM

Hi,

how is your PC feeling now? Do you still have troubles?

Malwarebytes picked up some left overs of the infection, but no active infection. I would like you to do another online scan, to see if there is something we missed:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 nick2222

nick2222
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 12 October 2009 - 06:22 PM

The computer is running good now. Heres that log.

C:\Documents and Settings\All Users\Application Data\STOPzilla!\Quarantine\31374274-376a-4285-b7a3-cfd96dc6f2f3.pre a variant of Win32/Kryptik.ABI trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\[4]-Submit_2009-10-05_18.04.43.zip multiple threats deleted - quarantined
C:\Qoobox\Quarantine\C\aoqwlrag.exe.vir a variant of Win32/Kryptik.AKT trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\flqihkhx.exe.vir a variant of Win32/Kryptik.AMQ trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\hxlqib.exe.vir a variant of Win32/Kryptik.APD trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\mdnsq.exe.vir a variant of Win32/Injector.AAU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\pkusq.exe.vir a variant of Win32/Injector.YY trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ruptbvv.exe.vir a variant of Win32/Kryptik.AKT trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\vhlyrkv.exe.vir a variant of Win32/Kryptik.AOD trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\yhjj.exe.vir a variant of Win32/Kryptik.APG trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Nick\Application Data\seres.exe.vir a variant of Win32/Kryptik.APO trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Nick\Application Data\svcst.exe.vir a variant of Win32/Kryptik.APO trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\AdvancedVirusRemover\PAVRM.exe.vir Win32/Adware.AdvancedVirusRemover.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe.vir Win32/Adware.XPSecurityCenter application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\Uninstall.exe.vir Win32/Adware.XPAntiSpyware.AA application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\winivsetup.exe.vir probably a variant of Win32/Adware.WindowsAntivirusPro.B application deleted - quarantined
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\tmp\dbsinit.exe.vir Win32/Adware.WinAntiVirus application deleted - quarantined
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\tmp\wispex.html.vir Win32/Adware.WinAntiVirus application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-0335715335-8862983424-635718708-2222\msimfo32.exe.vir a variant of Win32/Injector.AAU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\braviax.exe.vir a variant of Win32/TrojanDownloader.FakeAlert.GU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\cru629.dat.vir Win32/Small.EJX trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir Win32/TrojanDownloader.FakeAlert.AFQ trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\svchast.exe.vir Win32/Adware.WindowsAntivirusPro application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\AVR09.exe.vir Win32/Adware.AdvancedVirusRemover.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.vir a variant of Win32/TrojanDownloader.FakeAlert.GU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir Win32/TrojanDownloader.FakeAlert.ADG trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\cru629.dat.vir Win32/Small.EJX trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\desot.exe.vir Win32/Adware.WindowsAntivirusPro application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\gasfkywjebbyxv.dll.vir Win32/Olmarik.KW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\q5pbg.dll.vir Win32/TrojanDownloader.Small.NFD trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACruocynnrcp.dll.vir Win32/Olmarik.IJ trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\winhelper.dll.vir Win32/Adware.CoreguardAntivirus application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate.exe.vir a variant of Win32/Kryptik.AQC trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir Win32/Adware.XPAntiSpyware.AA application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\wispex.html.vir Win32/Adware.WinAntiVirus application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\figaro.sys.vir a variant of Win32/UltimateDefender.A trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\beep.sys.vir a variant of Win32/UltimateDefender.A trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cxnkgaibcqcrjqqf.sys.vir a variant of Win32/Olmarik.MT trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cxtiqrnsiwwosecs.sys.vir a variant of Win32/Olmarik.NH trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cxtksvjkcicvsbfg.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\dbdwqenvnnkijwme.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\dbxthxfypetrdmxt.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\dxvccrncwkonnois.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\eciqxnorabwtrdcd.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ecrirtfgqdeqxerc.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gasfkyexexyvbe.sys.vir a variant of Win32/Olmarik.NH trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gerciqxyymsbccdi.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gqfwoseqvrpprrpi.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\hpmbapbutexymcxt.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\hqxxreeexnixgowf.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\iqmbyxuspqufgqsb.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\iuypdmenxuijpwap.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ivkkbesevpttrpth.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ivpeobcmvxqxvjib.sys.vir a variant of Win32/Olmarik.NH trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ivtnvnnqvrnmdrtf.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\iwwosetepyrbcxvp.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ixrnnqwhossiuwtn.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\mpuyadnfvnstrxob.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ooqhxvcpcbcxjuhi.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\pwiporncvkpjulqi.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\qbvpeornstikseni.sys.vir a variant of Win32/Olmarik.MT trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\qipftoieeibcjxtn.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\rbrpvnylnoixnmsp.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\riuwivximueqrxtp.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\rjkiqoufhqoajwid.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\rtfjxycimnwxbvpd.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\snpyycwxrqrppujj.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\sobcrprrxexymdiv.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\stinnxwbwwoisecq.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACyvxmnkesmf.sys.vir a variant of Win32/Olmarik.HI trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ulnqvrxexlkidxrq.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\virdcxnidutiorir.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\vkbcrviuthtxomba.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\vxtusiwqqpctqecg.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\vxvksmnwbvtrpfdb.sys.vir a variant of Win32/Olmarik.NH trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\wtixnspwyfulnqvr.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\xgqduxnqvtiqrjuy.sys.vir a variant of Win32/Olmarik.MT trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\xnkbwqvreecimqxe.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\xrpqfvnntsieewir.sys.vir a variant of Win32/Olmarik.NU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir a variant of Win32/Kryptik.APD trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\tftp.nfo Win32/Oficla.F trojan cleaned by deleting - quarantined

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:22 PM

Posted 14 October 2009 - 04:47 AM

Hi,

this looks good. :( The infections found were located in the backup of Combofix. :(

As your logs seem clean, I think it is time to focus on updating your software. Keeping your software up to date is an important part of keeping your PC secure!

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your Adobe Reader is also really outdated! Please uninstall your current version and download the latest version from Adobe: Download
Please untick all proposed toolbars.

regards temp

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:22 PM

Posted 19 October 2009 - 10:38 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users