Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Pro 2010 Continued from Bleeping computer


  • This topic is locked This topic is locked
17 replies to this topic

#1 vaughnjames

vaughnjames

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 27 November 2009 - 09:50 PM

Here is my URL from "Am I infected what do I do" http://www.bleepingcomputer.com/forums/t/263951/antivirus-pro-2010/

Here is my DDS log.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 13:24:15.35 on Sat 11/21/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.59 [GMT -6:00]

AV: avast! antivirus 4.8.1356 [VPS 091121-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\Ati2evxx.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Ares\Ares.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\svchost.exe -k imgsvc
C:\windows\explorer.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [CHotkey] zHotkey.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SoundMan] SOUNDMAN.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241580005718
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241835315437
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {C0B8E968-6A2B-4825-8029-A92874CA6BD5} - hxxp://www.sonypictures.com/movies/youdontmesswiththezohan/vividas/trailer/player/player_ocx.jpeg
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\9uipfy43.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-6 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-6 20560]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\20.tmp --> c:\windows\system32\20.tmp [?]

=============== Created Last 30 ================

2009-11-21 18:49:53 0 d-----w- c:\windows\system32\NtmsData
2009-11-19 14:36:25 627712 -c----w- c:\windows\system32\dllcache\urlmon.dll
2009-11-19 14:36:25 1509888 -c----w- c:\windows\system32\dllcache\shdocvw.dll
2009-11-19 14:35:27 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-11-19 14:35:22 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-11-19 03:54:58 19569 ----a-w- c:\windows\000001_.tmp
2009-11-18 02:11:20 0 d-----w- c:\program files\Sophos
2009-11-16 18:23:55 0 d-----w- C:\Gmer
2009-11-09 05:14:52 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-09 00:29:55 0 d-----w- c:\program files\Panda Security
2009-11-08 19:52:06 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-11-07 14:44:27 33792 -c--a-w- c:\windows\system32\dllcache\custsat.dll
2009-11-07 14:42:08 0 d-----w- C:\18bdef6b85a44cc1af
2009-11-06 20:38:52 638 ------w- c:\windows\system32\wbem\napclientprov.mof
2009-11-06 20:37:59 12800 ------w- c:\windows\system32\credssp.dll
2009-11-06 20:37:53 7168 ------w- c:\windows\system32\bitsprx4.dll
2009-11-06 20:37:53 233472 ------w- c:\windows\system32\azroles.dll
2009-11-06 20:37:45 136192 ------w- c:\windows\system32\aaclient.dll
2009-11-06 13:48:24 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-11-06 13:48:19 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-06 13:48:15 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-11-06 13:48:12 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-11-06 13:47:49 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-11-06 13:47:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-06 13:47:05 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-11-06 13:47:05 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-11-06 13:46:40 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-11-06 13:46:25 1203922 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2009-11-06 05:26:02 19528 ----a-w- c:\windows\002303_.tmp
2009-11-06 03:07:37 12626 ----a-w- c:\windows\system32\wpa.bak
2009-11-04 03:35:08 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-04 03:35:07 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-11-04 03:35:07 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-11-04 03:35:06 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-11-04 03:35:06 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-11-04 03:33:59 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2009-11-04 03:32:59 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2009-11-04 03:31:59 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2009-11-04 03:30:58 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2009-11-04 03:29:52 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2009-11-04 03:28:59 576746 -c--a-w- c:\windows\system32\dllcache\ltmdmntl.sys
2009-11-04 03:27:42 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-11-04 03:26:59 8576 -c--a-w- c:\windows\system32\dllcache\hidgame.sys
2009-11-04 03:25:59 455199 -c--a-w- c:\windows\system32\dllcache\el985n51.sys
2009-11-04 03:24:59 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2009-11-04 03:23:59 60416 -c--a-w- c:\windows\system32\dllcache\brserwdm.sys
2009-11-04 03:22:55 24576 -c--a-w- c:\windows\system32\dllcache\agcgauge.ax
2009-11-02 03:48:17 8080728 ----a-w- c:\program files\Firefox Setup 3.5.4.exe
2009-11-01 15:35:05 0 d-----w- c:\docume~1\owner\applic~1\Uniblue
2009-11-01 15:34:52 0 d-----w- c:\program files\Uniblue
2009-11-01 04:33:24 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2009-11-01 01:22:59 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2009-11-01 01:21:57 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-11-01 01:20:57 2134528 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpsnap.dll
2009-11-01 01:20:56 175104 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpadm.dll
2009-11-01 01:20:41 0 d-----w- c:\program files\msn gaming zone
2009-11-01 01:19:19 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-11-01 01:19:11 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-11-01 01:19:11 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-11-01 01:19:11 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-11-01 01:19:11 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-11-01 01:18:55 691712 ----a-w- c:\windows\system32\inetcomm.dll
2009-11-01 01:16:02 161792 ----a-w- c:\windows\system32\msdtcuiu.dll
2009-11-01 01:14:34 625664 ----a-w- c:\windows\system32\catsrvut.dll
2009-11-01 01:14:12 1267200 ----a-w- c:\windows\system32\comsvcs.dll
2009-11-01 01:13:37 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-11-01 01:13:08 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-11-01 01:12:43 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-31 23:38:32 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-10-31 23:34:19 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-10-31 23:34:19 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-10-31 23:34:19 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-10-31 23:34:19 13312 ----a-w- c:\windows\system32\irclass.dll
2009-10-31 23:34:06 8574 -c--a-w- c:\windows\system32\dllcache\IASNT4.CAT
2009-10-31 23:34:06 7382 -c--a-w- c:\windows\system32\dllcache\OEMBIOS.CAT
2009-10-31 23:34:05 797189 -c--a-w- c:\windows\system32\dllcache\NT5IIS.CAT
2009-10-31 23:34:05 399645 -c--a-w- c:\windows\system32\dllcache\MAPIMIG.CAT
2009-10-31 23:34:05 37484 -c--a-w- c:\windows\system32\dllcache\MW770.CAT
2009-10-31 23:34:05 13472 -c--a-w- c:\windows\system32\dllcache\HPCRDP.CAT
2009-10-31 23:34:03 13608 ----a-r- c:\windows\SET18F.tmp
2009-10-31 23:33:59 1086182 ----a-r- c:\windows\SET183.tmp
2009-10-31 23:31:33 1066235 ----a-w- c:\windows\setupapi.log.2.old
2009-10-25 05:39:28 0 d-----w- C:\Office2003SP3Changes
2009-10-24 21:54:51 0 d-----w- c:\program files\Windows Installer Clean Up
2009-10-24 21:54:37 0 d-----w- c:\program files\MSECACHE

==================== Find3M ====================

2009-11-01 01:16:42 23428 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-17 11:00:21 16346 ----a-w- c:\windows\system32\qypo.exe
2009-10-15 04:03:52 472064 ----a-w- c:\documents and settings\owner\RootRepeal.exe
2009-10-11 02:25:47 13896 ----a-w- c:\docume~1\owner\applic~1\omog.com
2009-10-11 02:25:47 12066 ----a-w- c:\windows\system32\jolybaza.dat
2009-10-11 02:25:46 19622 ----a-w- c:\docume~1\alluse~1\applic~1\univigy.dat
2009-10-11 02:25:46 17952 ----a-w- c:\windows\jisirex.scr
2009-10-11 02:25:46 15047 ----a-w- c:\docume~1\alluse~1\applic~1\afagehypyt.bin
2009-10-11 02:25:46 13814 ----a-w- c:\program files\common files\dyvet.bin
2009-10-11 02:25:46 12450 ----a-w- c:\windows\omufeleg.com
2009-10-11 00:26:38 46 ----a-w- C:\p2hhr.bat
2009-09-25 05:37:11 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

============= FINISH: 13:24:51.31 ===============

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:39 PM

Posted 05 December 2009 - 07:30 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 vaughnjames

vaughnjames
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 07 December 2009 - 02:27 AM

Here is the DDS logs you asked for, for the questoin of my current problems, I currently have no "system Retore Tab" also on the intial issue I ws unable to boot in safe mode so I was instructed to rename my Boot file Boot.ini to Boot ini.bak, now I am unable t orename my Boot fiel baack to Boot.ini. I have follpwed the steps given from Bleeping Computers advice.




DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 0:42:58.00 on Mon 12/07/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.71 [GMT -6:00]

AV: avast! antivirus 4.8.1356 [VPS 091206-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system32\wuauclt.exe
C:\windows\SOUNDMAN.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\windows\System32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [CHotkey] zHotkey.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SoundMan] SOUNDMAN.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241580005718
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241835315437
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {C0B8E968-6A2B-4825-8029-A92874CA6BD5} - hxxp://www.sonypictures.com/movies/youdontmesswiththezohan/vividas/trailer/player/player_ocx.jpeg
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\9uipfy43.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-6 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-6 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-10-6 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-6 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-10-6 352920]
S3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\20.tmp --> c:\windows\system32\20.tmp [?]

=============== Created Last 30 ================

2009-11-21 18:49:53 0 d-----w- c:\windows\system32\NtmsData
2009-11-19 14:36:25 627712 -c----w- c:\windows\system32\dllcache\urlmon.dll
2009-11-19 14:36:25 1509888 -c----w- c:\windows\system32\dllcache\shdocvw.dll
2009-11-19 14:35:27 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-11-19 14:35:22 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-11-19 03:54:58 19569 ------w- c:\windows\000001_.tmp
2009-11-18 02:11:20 0 d-----w- c:\program files\Sophos
2009-11-16 18:23:55 0 d-----w- C:\Gmer
2009-11-09 05:14:52 93360 ------w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-09 00:29:55 0 d-----w- c:\program files\Panda Security
2009-11-08 19:52:06 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-11-07 14:44:27 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2009-11-07 14:42:08 0 d-----w- C:\18bdef6b85a44cc1af

==================== Find3M ====================

2009-12-03 22:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 03:48:17 8080728 ------w- c:\program files\Firefox Setup 3.5.4.exe
2009-11-01 01:16:42 23428 ------w- c:\windows\system32\emptyregdb.dat
2009-10-17 11:00:21 16346 ------w- c:\windows\system32\qypo.exe
2009-10-15 04:03:52 472064 ------w- c:\documents and settings\owner\RootRepeal.exe
2009-10-11 02:25:47 13896 ------w- c:\docume~1\owner\applic~1\omog.com
2009-10-11 02:25:47 12066 ------w- c:\windows\system32\jolybaza.dat
2009-10-11 02:25:46 19622 ------w- c:\docume~1\alluse~1\applic~1\univigy.dat
2009-10-11 02:25:46 17952 ------w- c:\windows\jisirex.scr
2009-10-11 02:25:46 15047 ------w- c:\docume~1\alluse~1\applic~1\afagehypyt.bin
2009-10-11 02:25:46 13814 ------w- c:\program files\common files\dyvet.bin
2009-10-11 02:25:46 12450 ------w- c:\windows\omufeleg.com
2009-10-11 00:26:38 46 ------w- C:\p2hhr.bat
2009-09-25 05:37:11 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\msv1_0.dll

============= FINISH: 0:43:32.75 ===============

Attached Files



#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:39 AM

Posted 07 December 2009 - 02:38 PM

Hi vaughnjames,


Welcome to BleepingComputer HijackThis Logs and Malware Removal, :(
My name is sundavis, I will be helping you to deal with your Malware problems today.

Please navigate to the following bolded file path and open it with notepad, copy and paste the contents in your next reply. After that, please do the following:

C:\Boot ini.bak


Step1

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    boot.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Step2

1. Click Start, Run and type regedit.exe and press Enter.

2. Navigate to the following key:

HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows NT \ SystemRestore

In the right-pane, Can you locate the following bolded value? Advise me in your next reply.

DisableConfig
DisableSR



In your next reply, please post back:

1.Boot ini.bak txt
2.SystemLook.exe Thanks.

#5 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:39 AM

Posted 11 December 2009 - 03:07 AM

Due to Lack of feedback, this topic is now Closed.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:39 AM

Posted 12 December 2009 - 01:51 AM

Reopen at user's request.

Please post the logs as instructed. Thanks.

#7 vaughnjames

vaughnjames
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 12 December 2009 - 12:29 PM

Thank you for the promt reply, Here is my System Look text

And the System Restore info you requested

All I see is the
DisableSR type REG.DWORD 0x00000001 (1)
The other location was not there ony (default) REG_SZ of course (value not set)



SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 00:55 on 12/12/2009 by Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "boot.*"
C:\My Backup -- 07-02-07 1007\boot.ini -r-hs- 211 bytes [16:53 23/03/2005] [21:05 18/09/2005] 17D7055859D99A0D606CFAF17AE38638
C:\My Backup -- 07-02-07 1007\WINDOWS\I386\Boot.img ------ 48762880 bytes [22:30 19/05/2005] [22:26 19/05/2005] E97C546D8EA4BA9D9232435A8B62481E
C:\Program Files\Alwil Software\Avast4\ENGLISH\Boot.dll ------ 15360 bytes [04:19 07/10/2009] [10:44 15/09/2009] D8F8C126143D71F044026220A87B84C0
C:\WINDOWS\Boot.ini -r-hs- 228 bytes [16:53 23/03/2005] [19:24 29/10/2009] 1C9C035CC8ED03D7F682E06BBB796D51
C:\WINDOWS\I386\Boot.img ------ 48762880 bytes [17:11 07/02/2007] [22:26 19/05/2005] E97C546D8EA4BA9D9232435A8B62481E
C:\WINDOWS\pss\boot.ini.backup ------ 211 bytes [12:59 03/01/2008] [21:32 03/10/2009] 17D7055859D99A0D606CFAF17AE38638

-=End Of File=-

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:39 AM

Posted 12 December 2009 - 01:12 PM

Hi vaughnjames,



Step1

Start>Run>type CMD>hit Enter, type the following bold in the Dos prompt and hit enter:

cd \

in C:\> prompt, type the following bold in the Dos prompt and hit enter:

attrib -r -s -h boot.ini


After that, please navigate to the following file path, open it with notepad, and copy/paste the contents in your next reply.

C:\WINDOWS\Boot.ini


Step2

1. Click Start, Run and type regedit.exe and press Enter.

2. Navigate to the following key:

HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows NT \ SystemRestore

3.In the right pane, right click DisableSR and delete the whole value. Restart your pc and recheck it.


Step3
  • Please download OTL and save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste the following bolded text:

    safebootminimal
    safebootnetwork

  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • copy and paste both logs back here in your next reply.


In your next reply, please post back:

1.Boot.ini txt
2.OTListIt.txt and Extra.txt

Tell me the remaining issues you're still experiencing now.

#9 vaughnjames

vaughnjames
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 12 December 2009 - 05:15 PM

I might not have done this incorrectly, I did all three steps and now I am posting the information

In step 1
I entered the command attrib -r -s -h boot.ini
and in the command prompt the following error came up "File not found - boot.ini

I follow the file path C:\WINDOWS\BOOT.INI starting in Start, explore and then C\WINDOWS\BOOT.INI. The Boot file was not there.

Step 2
I deleted DisableSR in the Registry and rebooted. it was not to be found. I double checked to see if my System Restore tab was back and its was, Question, I found this solution on other sites, but after looking in Microsoft site, the DisableSR from what I could see was part of the Registry. I think you are saying it does not have to be there??

Step 3
Here is the OTL log and Extras

OTL logfile created on: 12/12/2009 3:49:53 PM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.48 Mb Total Physical Memory | 104.16 Mb Available Physical Memory | 27.23% Memory free
919.50 Mb Paging File | 529.77 Mb Available in Paging File | 57.61% Paging File free
Paging file location(s): c:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 89.84 Gb Total Space | 73.77 Gb Free Space | 82.11% Space Free | Partition Type: NTFS
Drive D: | 3.30 Gb Total Space | 1.13 Gb Free Space | 34.24% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-214D46712E
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/12 15:48:01 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/10/18 16:31:38 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/15 04:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 04:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 04:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 04:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 04:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/01/26 16:13:52 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/04/13 18:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 18:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2007/10/21 09:44:20 | 00,155,648 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2007/02/07 12:30:14 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/06/02 03:29:26 | 00,180,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/02/21 19:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004/12/01 18:54:22 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/11/15 17:04:32 | 00,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
PRC - [2004/11/02 22:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2004/05/17 20:30:04 | 00,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2004/04/07 14:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/03/19 16:17:00 | 00,078,960 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
PRC - [2004/02/13 13:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe


========== Modules (SafeList) ==========

MOD - [2009/12/12 15:48:01 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2004/02/11 15:58:16 | 00,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/15 04:56:43 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/09/15 04:56:28 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/09/15 04:54:13 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/09/15 04:49:40 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/01/26 16:13:52 | 00,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2007/02/18 15:28:03 | 00,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2007/02/07 12:30:14 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/02/21 19:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/02/20 13:23:08 | 00,495,616 | ---- | M] ( ) [On_Demand | Stopped] -- C:\windows\System32\lxcycoms.exe -- (lxcy_device)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 10:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/04/07 14:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\S-1-5-21-1176244860-1055059167-1112308240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 16:46:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/11 07:17:04 | 00,000,000 | ---D | M]

[2009/11/01 21:54:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/11/11 22:36:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9uipfy43.default\extensions
[2009/11/01 21:53:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found
O4 - HKLM..\Run: [CHotkey] C:\windows\zHotkey.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\remind_xp.exe (SoftThinks)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [ShowWnd] C:\windows\ShowWnd.exe ()
O4 - HKLM..\Run: [SoundMan] C:\windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003..\Run: [ares] C:\Program Files\Ares\Ares.exe File not found
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\..Trusted Domains: microsoft.com ([v4.windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\..Trusted Domains: microsoft.com ([v4.windowsupdate] https in Trusted sites)
O15 - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\..Trusted Domains: microsoft.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1241580005718 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1241835315437 (MUWebControl Class)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {C0B8E968-6A2B-4825-8029-A92874CA6BD5} http://www.sonypictures.com/movies/youdont...player_ocx.jpeg (VPlayer Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/23 12:13:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 00,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

========== Files/Folders - Created Within 14 Days ==========

[2009/12/12 15:48:00 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/06 23:05:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Malware scan APP
[2009/12/06 00:44:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CyberLink
[2009/12/06 00:43:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CyberLink
[2009/12/06 00:43:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/11/01 21:48:17 | 08,080,728 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.5.4.exe
[2009/10/14 21:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/10/14 21:23:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/10/06 21:56:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/06 21:56:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/06 21:34:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/10/06 21:34:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/02/22 19:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2007/02/20 18:51:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/02/20 13:44:44 | 01,183,744 | ---- | C] ( ) -- C:\windows\System32\lxcyserv.dll
[2006/02/20 13:36:06 | 00,421,888 | ---- | C] ( ) -- C:\windows\System32\lxcycomm.dll
[2006/02/20 13:24:30 | 00,536,576 | ---- | C] ( ) -- C:\windows\System32\lxcylmpm.dll
[2006/02/20 13:23:16 | 00,114,688 | ---- | C] ( ) -- C:\windows\System32\lxcypplc.dll
[2006/02/20 13:22:16 | 00,610,304 | ---- | C] ( ) -- C:\windows\System32\lxcycomc.dll
[2006/02/20 13:21:22 | 00,163,840 | ---- | C] ( ) -- C:\windows\System32\lxcyprox.dll
[2006/02/20 13:21:12 | 00,696,320 | ---- | C] ( ) -- C:\windows\System32\lxcyhbn3.dll
[2006/02/20 13:15:16 | 00,995,328 | ---- | C] ( ) -- C:\windows\System32\lxcyusb1.dll
[2006/02/20 13:06:52 | 00,393,216 | ---- | C] ( ) -- C:\windows\System32\lxcyiesc.dll
[2006/02/20 13:03:02 | 00,409,600 | ---- | C] ( ) -- C:\windows\System32\lxcyinpa.dll
[6 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/12 15:48:01 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/12 15:01:55 | 00,677,888 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/12/12 15:01:55 | 00,347,136 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/12/12 14:59:47 | 00,012,626 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/12/12 14:58:52 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/12/12 14:58:47 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/12/12 14:58:44 | 40,113,3568 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/12 14:57:48 | 03,670,016 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2009/12/12 14:57:48 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/12 00:52:05 | 00,102,660 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2009/12/12 00:41:42 | 00,450,700 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2009/12/12 00:41:42 | 00,387,814 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2009/12/12 00:41:42 | 00,056,678 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2009/12/10 03:02:38 | 00,001,393 | ---- | M] () -- C:\windows\imsins.BAK
[2009/12/06 00:46:00 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/12/06 00:45:32 | 00,054,156 | -H-- | M] () -- C:\windows\QTFont.qfn
[2009/12/06 00:41:39 | 00,033,120 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/05 10:07:43 | 00,000,516 | ---- | M] () -- C:\windows\win.ini
[2009/12/05 10:07:43 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[6 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/12 00:52:05 | 00,102,660 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2009/12/06 00:46:00 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/12/05 10:05:15 | 40,113,3568 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/07 16:37:31 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Launch Internet Explorer Browser.lnk
[2009/10/10 20:25:47 | 00,013,896 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\omog.com
[2009/10/10 20:25:47 | 00,012,320 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\binasyfu.bin
[2009/10/10 20:25:46 | 00,019,622 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\univigy.dat
[2009/10/10 20:25:46 | 00,015,047 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\afagehypyt.bin
[2009/10/10 20:25:46 | 00,013,872 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\afineboc.pif
[2009/10/10 20:25:46 | 00,013,814 | ---- | C] () -- C:\Program Files\Common Files\dyvet.bin
[2009/10/10 18:25:17 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\iniasd.txt
[2009/03/03 11:18:04 | 00,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\windows\bdoscandellang.ini
[2008/11/06 10:37:32 | 03,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2008/11/06 10:34:00 | 00,000,416 | ---- | C] () -- C:\windows\System32\dtu100.dll.manifest
[2008/11/06 10:34:00 | 00,000,416 | ---- | C] () -- C:\windows\System32\dpl100.dll.manifest
[2007/06/04 19:29:42 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/15 18:12:22 | 00,000,000 | ---- | C] () -- C:\windows\MSDraw.ini
[2007/03/03 21:15:11 | 00,001,204 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2007/02/26 18:50:07 | 00,303,104 | R--- | C] () -- C:\windows\System32\lxcycoin.dll
[2007/02/18 12:35:59 | 00,000,049 | ---- | C] () -- C:\windows\NeroDigital.ini
[2007/02/07 12:59:09 | 00,156,672 | ---- | C] () -- C:\windows\System32\RTLCPAPI.dll
[2007/02/07 12:55:00 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2007/02/07 12:32:16 | 00,532,544 | ---- | C] () -- C:\windows\PIC.dll
[2007/02/07 12:32:16 | 00,024,576 | ---- | C] () -- C:\windows\HKNTDLL.dll
[2005/07/08 02:11:22 | 00,040,960 | ---- | C] () -- C:\windows\System32\lxcyvs.dll
[2005/03/23 22:07:42 | 00,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2005/03/23 10:53:30 | 00,000,228 | RHS- | C] () -- C:\windows\Boot.ini
[2005/03/23 10:53:24 | 00,001,370 | ---- | C] () -- C:\windows\System32\oeminfo.ini
[2005/03/23 10:53:24 | 00,000,455 | ---- | C] () -- C:\windows\System32\emver.ini
[2005/03/23 10:52:49 | 01,288,192 | ---- | C] () -- C:\windows\System32\quartz(2).dll
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\windows\System32\KodakOneTouch.dll

========== LOP Check ==========

[2007/02/07 12:59:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2007/03/28 13:09:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/02/07 12:48:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/11 20:38:31 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/10/11 20:53:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2007/02/07 12:59:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2007/02/07 12:59:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2007/03/03 21:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/11/01 09:35:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue

========== Purity Check ==========


< End of report >


OTL Extras logfile created on: 12/12/2009 3:49:53 PM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.48 Mb Total Physical Memory | 104.16 Mb Available Physical Memory | 27.23% Memory free
919.50 Mb Paging File | 529.77 Mb Available in Paging File | 57.61% Paging File free
Paging file location(s): c:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 89.84 Gb Total Space | 73.77 Gb Free Space | 82.11% Space Free | Partition Type: NTFS
Drive D: | 3.30 Gb Total Space | 1.13 Gb Free Space | 34.24% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-214D46712E
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1176244860-1055059167-1112308240-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- File not found
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component -- (TVU Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{55718B4B90B54F7EADC5621C750A14E6}" = DivX Author 1.5
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"Ares" = Ares 2.0.6
"ATI Display Driver" = ATI Display Driver
"ATT-PRT22" = ATT-PRT22
"avast!" = avast! Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Port Magic" = Pure Networks Port Magic
"RealPlayer 12.0" = RealPlayer
"Satellite TV for PC" = Satellite TV for PC 2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.2.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1176244860-1055059167-1112308240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/17/2009 10:36:07 PM | Computer Name = YOUR-214D46712E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: NOT ENOUGH DATA GOT FROM ASYNC IO CONTROL
[99]!!!!!!, 00000000.

Error - 11/17/2009 10:36:07 PM | Computer Name = YOUR-214D46712E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: NOT ENOUGH DATA GOT FROM ASYNC IO CONTROL
[99]!!!!!!, 00000000.

Error - 11/17/2009 10:36:07 PM | Computer Name = YOUR-214D46712E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: NOT ENOUGH DATA GOT FROM ASYNC IO CONTROL
[99]!!!!!!, 00000000.

Error - 11/17/2009 10:36:07 PM | Computer Name = YOUR-214D46712E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: NOT ENOUGH DATA GOT FROM ASYNC IO CONTROL
[99]!!!!!!, 00000000.

Error - 11/17/2009 10:36:07 PM | Computer Name = YOUR-214D46712E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: NOT ENOUGH DATA GOT FROM ASYNC IO CONTROL
[99]!!!!!!, 00000000.

Error - 11/17/2009 10:36:07 PM | Computer Name = YOUR-214D46712E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: NOT ENOUGH DATA GOT FROM ASYNC IO CONTROL
[99]!!!!!!, 00000000.

Error - 11/17/2009 10:36:07 PM | Computer Name = YOUR-214D46712E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: NOT ENOUGH DATA GOT FROM ASYNC IO CONTROL
[99]!!!!!!, 00000000.

Error - 11/17/2009 10:36:07 PM | Computer Name = YOUR-214D46712E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: NOT ENOUGH DATA GOT FROM ASYNC IO CONTROL
[99]!!!!!!, 00000000.

Error - 11/17/2009 10:36:13 PM | Computer Name = YOUR-214D46712E | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Aavm/RPC: RpcServerUseProtseqEp for LRPC
failed, 000006CC.

Error - 11/17/2009 11:13:45 PM | Computer Name = YOUR-214D46712E | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Aavm/RPC: RpcServerUseProtseqEp for LRPC
failed, 000006CC.

[ Application Events ]
Error - 11/17/2009 9:51:37 PM | Computer Name = YOUR-214D46712E | Source = Application Error | ID = 1001
Description = Fault bucket 1540394009.

Error - 11/18/2009 9:58:01 PM | Computer Name = YOUR-214D46712E | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/18/2009 9:58:07 PM | Computer Name = YOUR-214D46712E | Source = Application Hang | ID = 1001
Description = Fault bucket 724398357.

Error - 11/19/2009 2:43:03 PM | Computer Name = YOUR-214D46712E | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module msmapi32.dll, version 11.0.6361.0, fault address 0x00003bea.

Error - 11/20/2009 1:23:11 AM | Computer Name = YOUR-214D46712E | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2009 1:23:20 AM | Computer Name = YOUR-214D46712E | Source = Application Hang | ID = 1001
Description = Fault bucket 724398357.

Error - 11/21/2009 3:36:30 PM | Computer Name = YOUR-214D46712E | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.

Error - 12/12/2009 4:34:43 PM | Computer Name = YOUR-214D46712E | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module msmapi32.dll, version 11.0.6361.0, fault address 0x00003bea.

Error - 12/12/2009 4:37:38 PM | Computer Name = YOUR-214D46712E | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 12/12/2009 4:39:17 PM | Computer Name = YOUR-214D46712E | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/19/2009 10:32:21 AM | Computer Name = YOUR-214D46712E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Security Update for Windows XP (KB954459).

Error - 11/19/2009 10:32:21 AM | Computer Name = YOUR-214D46712E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Security Update for Windows XP (KB973354).

Error - 11/19/2009 10:32:21 AM | Computer Name = YOUR-214D46712E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Security Update for Windows XP (KB975025).

Error - 11/19/2009 10:33:32 AM | Computer Name = YOUR-214D46712E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Security Update for Windows XP (KB973869).

Error - 11/19/2009 10:33:32 AM | Computer Name = YOUR-214D46712E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Security Update for Windows XP (KB974112).

Error - 11/19/2009 10:33:32 AM | Computer Name = YOUR-214D46712E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Cumulative Security Update for Internet Explorer 6 for Windows
XP (KB974455).

Error - 11/19/2009 2:20:04 PM | Computer Name = YOUR-214D46712E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/19/2009 2:21:16 PM | Computer Name = YOUR-214D46712E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AmdPPM aswSP Fips

Error - 11/19/2009 2:26:42 PM | Computer Name = YOUR-214D46712E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/21/2009 3:07:46 PM | Computer Name = YOUR-214D46712E | Source = NtServicePack | ID = 921879
Description = Windows XP Service Pack 3 uninstall failed. The system cannot find
the file specified.


< End of report >

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:39 AM

Posted 12 December 2009 - 06:01 PM

Hi vaughnjames,



I might not have done this incorrectly....The Boot file was not there.

Yes, you might type it incorrectly. There should be a space after attrib and the following command. That boot file is a hidden file and should be unhidden files . That's ok. we will take another approach.


Step1
  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    :OTL
    PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (Reg Error: Key error.)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.
Step2
  • Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from Here :
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close. Exit the program.


Step3

Please download BootCheck.exe to your desktop.
  • Double click BootCheck.exe to run the check
  • When complete, a Notepad window will open with some text in it
  • Save the Notepad file to your desktop as BootCheck.txt
  • Copy the contents of BootCheck.txt and post it in your next reply

In your next reply, please post back:


1.OTL delete log
2.BootCheck log
3.New OTL log

Tell me if you have any remaining issues on your pc.

#11 vaughnjames

vaughnjames
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 12 December 2009 - 07:57 PM

Sorry Sundavis, I did not know which file was the OTL delete one, but here is the bootcheck and the new OTL file

bootcheck

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !

Contents of boot.ini:

OTL

OTL logfile created on: 12/12/2009 6:48:31 PM - Run 2
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.48 Mb Total Physical Memory | 106.74 Mb Available Physical Memory | 27.91% Memory free
919.50 Mb Paging File | 548.58 Mb Available in Paging File | 59.66% Paging File free
Paging file location(s): c:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 89.84 Gb Total Space | 73.88 Gb Free Space | 82.23% Space Free | Partition Type: NTFS
Drive D: | 3.30 Gb Total Space | 1.13 Gb Free Space | 34.24% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-214D46712E
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/12 15:48:01 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/10/18 16:31:38 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/15 04:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 04:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 04:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 04:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 04:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/01/26 16:13:52 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/04/13 18:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/21 09:44:20 | 00,155,648 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2007/02/07 12:30:14 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/06/02 03:29:26 | 00,180,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/02/21 19:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004/12/01 18:54:22 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/11/15 17:04:32 | 00,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
PRC - [2004/11/02 22:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2004/05/17 20:30:04 | 00,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2004/04/07 14:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/03/19 16:17:00 | 00,078,960 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
PRC - [2004/02/13 13:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe


========== Modules (SafeList) ==========

MOD - [2009/12/12 15:48:01 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2004/02/11 15:58:16 | 00,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/15 04:56:43 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/09/15 04:56:28 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/09/15 04:54:13 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/09/15 04:49:40 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/01/26 16:13:52 | 00,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2007/02/18 15:28:03 | 00,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2007/02/07 12:30:14 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/02/21 19:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/02/20 13:23:08 | 00,495,616 | ---- | M] ( ) [On_Demand | Stopped] -- C:\windows\System32\lxcycoms.exe -- (lxcy_device)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 10:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/04/07 14:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 16:46:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/11 07:17:04 | 00,000,000 | ---D | M]

[2009/11/01 21:54:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/11/11 22:36:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9uipfy43.default\extensions
[2009/11/01 21:53:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found
O4 - HKLM..\Run: [CHotkey] C:\windows\zHotkey.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\remind_xp.exe (SoftThinks)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [ShowWnd] C:\windows\ShowWnd.exe ()
O4 - HKLM..\Run: [SoundMan] C:\windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe File not found
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([v4.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([v4.windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1241580005718 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1241835315437 (MUWebControl Class)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {C0B8E968-6A2B-4825-8029-A92874CA6BD5} http://www.sonypictures.com/movies/youdont...player_ocx.jpeg (VPlayer Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/23 12:13:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 00,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

========== Files/Folders - Created Within 14 Days ==========

[2009/12/12 18:41:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\FixPolicies
[2009/12/12 17:37:56 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/12 15:48:00 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/06 23:05:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Malware scan APP
[2009/12/06 00:44:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CyberLink
[2009/12/06 00:43:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CyberLink
[2009/12/06 00:43:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/11/01 21:48:17 | 08,080,728 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.5.4.exe
[2009/10/14 21:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/10/14 21:23:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/10/06 21:56:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/06 21:56:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/06 21:34:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/10/06 21:34:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/02/22 19:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2007/02/20 18:51:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/02/20 13:44:44 | 01,183,744 | ---- | C] ( ) -- C:\windows\System32\lxcyserv.dll
[2006/02/20 13:36:06 | 00,421,888 | ---- | C] ( ) -- C:\windows\System32\lxcycomm.dll
[2006/02/20 13:24:30 | 00,536,576 | ---- | C] ( ) -- C:\windows\System32\lxcylmpm.dll
[2006/02/20 13:23:16 | 00,114,688 | ---- | C] ( ) -- C:\windows\System32\lxcypplc.dll
[2006/02/20 13:22:16 | 00,610,304 | ---- | C] ( ) -- C:\windows\System32\lxcycomc.dll
[2006/02/20 13:21:22 | 00,163,840 | ---- | C] ( ) -- C:\windows\System32\lxcyprox.dll
[2006/02/20 13:21:12 | 00,696,320 | ---- | C] ( ) -- C:\windows\System32\lxcyhbn3.dll
[2006/02/20 13:15:16 | 00,995,328 | ---- | C] ( ) -- C:\windows\System32\lxcyusb1.dll
[2006/02/20 13:06:52 | 00,393,216 | ---- | C] ( ) -- C:\windows\System32\lxcyiesc.dll
[2006/02/20 13:03:02 | 00,409,600 | ---- | C] ( ) -- C:\windows\System32\lxcyinpa.dll

========== Files - Modified Within 14 Days ==========

[2009/12/12 18:42:17 | 00,054,912 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BootCheck.exe
[2009/12/12 18:40:30 | 00,185,065 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FixPolicies.exe
[2009/12/12 17:54:59 | 00,677,888 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/12/12 17:54:59 | 00,347,136 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/12/12 17:54:01 | 00,012,626 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/12/12 17:39:43 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/12/12 17:39:38 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/12/12 17:39:36 | 40,113,3568 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/12 17:38:37 | 03,670,016 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2009/12/12 17:38:37 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/12 15:48:01 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/12 00:41:42 | 00,450,700 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2009/12/12 00:41:42 | 00,387,814 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2009/12/12 00:41:42 | 00,056,678 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2009/12/10 03:02:38 | 00,001,393 | ---- | M] () -- C:\windows\imsins.BAK
[2009/12/06 00:46:00 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/12/06 00:45:32 | 00,054,156 | -H-- | M] () -- C:\windows\QTFont.qfn
[2009/12/06 00:41:39 | 00,033,120 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/05 10:07:43 | 00,000,516 | ---- | M] () -- C:\windows\win.ini
[2009/12/05 10:07:43 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2009/12/12 18:42:17 | 00,054,912 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BootCheck.exe
[2009/12/12 18:40:30 | 00,185,065 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FixPolicies.exe
[2009/12/06 00:46:00 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/12/05 10:05:15 | 40,113,3568 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/07 16:37:31 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Launch Internet Explorer Browser.lnk
[2009/10/10 20:25:47 | 00,013,896 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\omog.com
[2009/10/10 20:25:47 | 00,012,320 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\binasyfu.bin
[2009/10/10 20:25:46 | 00,019,622 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\univigy.dat
[2009/10/10 20:25:46 | 00,015,047 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\afagehypyt.bin
[2009/10/10 20:25:46 | 00,013,872 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\afineboc.pif
[2009/10/10 20:25:46 | 00,013,814 | ---- | C] () -- C:\Program Files\Common Files\dyvet.bin
[2009/10/10 18:25:17 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\iniasd.txt
[2009/03/03 11:18:04 | 00,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\windows\bdoscandellang.ini
[2008/11/06 10:37:32 | 03,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2008/11/06 10:34:00 | 00,000,416 | ---- | C] () -- C:\windows\System32\dtu100.dll.manifest
[2008/11/06 10:34:00 | 00,000,416 | ---- | C] () -- C:\windows\System32\dpl100.dll.manifest
[2007/06/04 19:29:42 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/15 18:12:22 | 00,000,000 | ---- | C] () -- C:\windows\MSDraw.ini
[2007/03/03 21:15:11 | 00,001,204 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2007/02/26 18:50:07 | 00,303,104 | R--- | C] () -- C:\windows\System32\lxcycoin.dll
[2007/02/18 12:35:59 | 00,000,049 | ---- | C] () -- C:\windows\NeroDigital.ini
[2007/02/07 12:59:09 | 00,156,672 | ---- | C] () -- C:\windows\System32\RTLCPAPI.dll
[2007/02/07 12:55:00 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2007/02/07 12:32:16 | 00,532,544 | ---- | C] () -- C:\windows\PIC.dll
[2007/02/07 12:32:16 | 00,024,576 | ---- | C] () -- C:\windows\HKNTDLL.dll
[2005/07/08 02:11:22 | 00,040,960 | ---- | C] () -- C:\windows\System32\lxcyvs.dll
[2005/03/23 22:07:42 | 00,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2005/03/23 10:53:30 | 00,000,228 | RHS- | C] () -- C:\windows\Boot.ini
[2005/03/23 10:53:24 | 00,001,370 | ---- | C] () -- C:\windows\System32\oeminfo.ini
[2005/03/23 10:53:24 | 00,000,455 | ---- | C] () -- C:\windows\System32\emver.ini
[2005/03/23 10:52:49 | 01,288,192 | ---- | C] () -- C:\windows\System32\quartz(2).dll
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\windows\System32\KodakOneTouch.dll

========== LOP Check ==========

[2007/03/28 13:09:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/02/07 12:48:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/11 20:38:31 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/10/11 20:53:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2007/02/07 12:59:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2007/03/03 21:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/11/01 09:35:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue

========== Purity Check ==========


< End of report >

#12 vaughnjames

vaughnjames
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 12 December 2009 - 07:59 PM

Opps. I think I found it.

All processes killed
Error: Unable to interpret <OTL> in the current context!
Error: Unable to interpret <PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-1176244860-1055059167-1112308240-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.> in the current context!
Error: Unable to interpret <O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 1887061 bytes
->Temporary Internet Files folder emptied: 46365196 bytes
->FireFox cache emptied: 59503830 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1178025 bytes
%systemroot%\System32 .tmp files removed: 3613713 bytes
Windows Temp folder emptied: 571702 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 524310 bytes

Total Files Cleaned = 108.57 mb


OTL by OldTimer - Version 3.1.16.0 log created on 12122009_173756

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll moved successfully.
File move failed. C:\windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\windows\temp\Perflib_Perfdata_5d0.dat moved successfully.

Registry entries deleted on Reboot...

#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:39 AM

Posted 13 December 2009 - 12:31 AM

Hi vaughnjames,



Please close any programs and browsers while you're running OTL.


Step1
  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.
    :OTL
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    04 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found
    O4 - HKLM..\RunOnceEx: [] File not found
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (Reg Error: Key error.)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.
Step2

Go to Start > Run >Copy and paste the following bold command into the Run box, then click OK.

CMD /K COPY C:\WINDOWS\pss\boot.ini.backup C:\boot.ini

The command prompt will prompt and say "1 file(s) copied." if successful.

Please rerun BootCheck one more time and post the contents in your next reply.


In your next reply, please post back:


1.OTL delete log
2.BootCheck txt

Edited by sundavis, 13 December 2009 - 12:38 AM.


#14 vaughnjames

vaughnjames
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 13 December 2009 - 11:33 AM

Thanks for all the help. Here is my

OTL delete log
All processes killed
Error: Unable to interpret <O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.> in the current context!
Error: Unable to interpret <04 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\RunOnceEx: [] File not found> in the current context!
Error: Unable to interpret <O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 24730 bytes
->Temporary Internet Files folder emptied: 4475297 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.43 mb


OTL by OldTimer - Version 3.1.16.0 log created on 12132009_102246

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll moved successfully.
File move failed. C:\windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\windows\temp\Perflib_Perfdata_5f0.dat not found!

Registry entries deleted on Reboot...


Here is the boot check

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !

Contents of C:\boot.ini:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:39 AM

Posted 13 December 2009 - 11:59 AM

Hi vaughnjames,



It seemed there were some orphaned entries of AVG8. Please go to this thread to downlaod AVG Remover to do some cleanup.

Other than that, the boot file is back to normal and your system appears clean now. :( If you have no remaining concerns on your pc, let's do some tidy up and we can send you on your way.

Step1

Start OTL from your desktop.
  • Double click OTL and let it run
  • Then Click the Cleanup button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Please delete all the tools and logs we have used. Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Backup your valid registry -ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Due to malware affects, a corrupt registry can prevent a system from booting. You're well advised to backup your valid registry while the system is clean now. For more info: This thread .

Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users