Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to install / keep resident *any* anti-virus program


  • This topic is locked This topic is locked
18 replies to this topic

#1 Kacela

Kacela

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 29 November 2009 - 05:06 PM

Hi - unable to install and keep resident any anti-virus program - each time I try to install one, it fails to stay resident. I also have an issue on rebooting the machine after changing any attributes in Windows - I get a BSOD, then have to select 'Last Known Good' to be able to get into Windows. The various BSOD STOP codes cycle amongst these 3 (no driver is ever indicated):

0x0000007e (0xc0000005, 0x80590dbd, 0xba537944, 0xba537640)
0x0000007e (0xc0000005, 0x80590dbd, 0xba52b944, 0xba523640)
0x0000007e (0xc0000005, 0x80590dbd, 0xba523944, 0xba52b944)


Also, will not boot TO Safe Mode, if attempted, get BSOD and have toi reboot into Last Known Good.

Here's the contents of my DDS.txt log, and related attachments :

DDS (Ver_09-11-29.01) - NTFSx86
Run by Administrator at 16:13:10.23 on Sun 11/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1306 [GMT -5:00]

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Winferno\WSS\WSS.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\AOL\1190389672\ee\AOLSoftware.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0316.3\mswinext.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\program files\common files\aol\1190389672\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1190389672\ee\AOLDesktop.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\AOL\1190389672\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol email toolbar\AolMailTbServer.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.aol.com/
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60100
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60100
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AOLMAILTBSearch Class: {98572e47-b5fe-43de-9aea-492a1d3064cd} - c:\program files\aol email toolbar\aolmailtb.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: PBlockHelper Class: {4115122b-85ff-4dd3-9515-f075bede5eb5} - c:\progra~1\netsca~1\netsca~1\pbhelper.dll
BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0316.3\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: AOL Email Toolbar Loader: {fbea8524-8c72-4208-9d12-7fb73e9926eb} - c:\program files\aol email toolbar\aolmailtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0316.3\npwinext.dll
TB: AOL Email Toolbar: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - c:\program files\aol email toolbar\aolmailtb.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
mRun: [Gateway Extended Warranty] "c:\program files\gateway\gwcares\GWCares.exe"
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HostManager] c:\program files\common files\aol\1190389672\ee\AOLSoftware.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AOLAspSunset2] c:\documents and settings\all users\application data\aol\userprofiles\all users\antispyware\dat\updates\aspapp\sunsetAsp2.exe
mRun: [HotbarOE] c:\program files\hotbar\bin\10.2.197.0\OEAddOn.exe
mRun: [HotbarSA] "c:\program files\hotbar\bin\10.2.197.0\HotbarSA.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [trioService] "c:\progra~1\freeze.com\3d falling leaves\\trioService.exe "
mRun: [Conime] %windir%\system32\conime.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0316.3\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\aoldes~1.lnk - c:\program files\common files\aol\launch\aollaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &AOL Email Toolbar Search - c:\documents and settings\all users\application data\aol email toolbar\ietoolbar\resources\en-us\local\search.html
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBC}
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191425643250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 1394VDBG;1394 Host Debugger I/O Driver;c:\windows\system32\drivers\1394vdbg.sys [2006-9-25 11264]
R1 RemoveAny;RemoveAny driver;c:\windows\system32\drivers\RemoveAny.sys [2008-10-3 11264]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-1-19 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-1-19 38296]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 Winferno Subscription Service;Winferno Subscription Service;c:\program files\common files\winferno\wss\WSS.exe [2008-9-16 126976]
R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [2006-9-25 40448]
S2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identity protection\agent\bin\avgidswatcher.exe --> c:\program files\avg\avg8\identity protection\agent\bin\AVGIDSWatcher.exe [?]
S2 SecuritySoldierSvc;SecuritySoldier Security Service;c:\program files\securitysoldier software\securitysoldier\securitysoldiersvc.exe --> c:\program files\securitysoldier software\securitysoldier\SecuritySoldierSvc.exe [?]

=============== Created Last 30 ================

2009-12-28 15:21:00 15129 ----a-w- c:\windows\365sp9wa5e513z.dll
2009-12-27 20:36:44 4795 ----a-w- c:\windows\6bc7s5ealz895.ocx
2009-12-27 17:16:53 15370 ----a-w- c:\windows\5a795ackdzor197.exe
2009-12-26 18:38:02 14201 ----a-w- c:\windows\system32\471b59arsz317.dll
2009-12-25 16:47:11 3377 ----a-w- c:\windows\75aaaddza592608.bin
2009-12-24 22:45:30 12297 ----a-w- c:\windows\18570sp5mbotz95.bin
2009-12-23 07:22:38 17041 ----a-w- c:\windows\9zbvir6595.exe
2009-12-20 16:41:48 8151 ----a-w- c:\windows\system32\59a7bzckdoor215.ocx
2009-12-20 13:56:09 6142 ----a-w- c:\windows\system32\24d5tzreat19959.exe
2009-12-19 03:13:55 14288 ----a-w- c:\windows\system32\z59aad5wa9e2239.cpl
2009-12-18 05:46:16 6407 ----a-w- c:\windows\51z569irus490.exe
2009-12-17 20:39:22 12870 ----a-w- c:\windows\system32\45835ir29z6.dll
2009-12-16 20:18:07 16521 ----a-w- c:\windows\8beba9z5oor1209.dll
2009-12-16 15:55:08 4608 ----a-w- c:\windows\system32\3879thi5f1z92.bin
2009-12-14 19:06:01 11637 ----a-w- c:\windows\system32\30101wz9552c.cpl
2009-12-14 18:25:20 5375 ----a-w- c:\windows\system32\11592s5y2z0.bin
2009-12-12 14:19:00 11890 ----a-w- c:\windows\system32\7999ba5kdozr180.ocx
2009-12-11 05:00:13 14473 ----a-w- c:\windows\5369spa5sez570.bin
2009-12-07 02:06:16 9005 ----a-w- c:\windows\4z59spywar91850.dll
2009-12-04 22:35:38 17150 ----a-w- c:\windows\system32\dzesp9ware565.ocx
2009-12-03 02:17:24 8507 ----a-w- c:\windows\system32\94013hackto5l1za.bin
2009-12-02 06:15:05 17668 ----a-w- c:\windows\39bcs5zrse9919.bin
2009-12-01 22:37:47 16760 ----a-w- c:\windows\system32\7e6aazd9are605.bin
2009-11-29 20:29:26 208744 ----a-w- c:\windows\system32\muweb.dll
2009-11-29 20:29:25 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-11-29 20:28:18 213528 ----a-w- c:\windows\system32\wuaucpl.cpl
2009-11-29 20:28:11 575704 -c--a-w- c:\windows\system32\dllcache\wuapi.dll
2009-11-29 17:08:14 0 d-----w- c:\docume~1\admini~1\applic~1\MSNInstaller
2009-11-29 14:40:59 0 d-----w- C:\$AVG
2009-11-29 14:40:50 12464 ------w- c:\windows\system32\avgrsstx.dll.install_backup_1
2009-11-29 05:38:19 53352 ----a-w- c:\windows\system32\jpicpl32.cpl
2009-11-29 04:13:03 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-29 02:32:15 245376 ----a-w- c:\windows\system32\drivers\rt2500usb.sys
2009-11-29 02:11:43 0 d-----w- C:\ATI
2009-11-28 21:48:28 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-11-28 21:48:28 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-11-27 15:09:15 14281 ----a-w- c:\windows\32599zo9m5865.exe
2009-11-26 09:50:28 12132 ----a-w- c:\windows\system32\5985d5w9zoader287.dll
2009-11-26 00:59:43 12881 ----a-w- c:\windows\system32\12z165pam9ot4c9.exe
2009-11-22 01:42:15 10584 ----a-w- c:\windows\9094hacktoo515cz.ocx
2009-11-21 06:55:45 5432 ----a-w- c:\windows\29195s9amzot69c.bin
2009-11-20 15:31:32 0 d-----w- c:\docume~1\admini~1\applic~1\Skinux
2009-11-20 12:41:47 7744 ----a-w- c:\windows\system32\1c7fzir9599.cpl
2009-11-19 07:41:48 10492 ----a-w- c:\windows\system32\1539zvi5u97e.dll
2009-11-16 21:29:35 3017 ----a-w- c:\windows\system32\9z158virus5bb.bin
2009-11-16 19:40:56 16469 ----a-w- c:\windows\system32\19z26troj556.cpl
2009-11-14 04:46:07 3424 ----a-w- c:\windows\system32\799s5amzot913.ocx
2009-11-13 17:06:29 5156 ----a-w- c:\windows\system32\7895z9reat13355.ocx
2009-11-12 19:56:16 10754 ----a-w- c:\windows\system32\4zc5vir9785.exe
2009-11-12 16:52:22 10143 ----a-w- c:\windows\3055th9ef76z.ocx
2009-11-12 00:08:32 0 d-----w- C:\log
2009-11-08 05:29:12 2550 ----a-w- c:\windows\3536ad9w5re2225z.dll
2009-11-07 21:48:52 0 d-sh--w- c:\windows\ftpcache
2009-11-06 15:05:24 35552 -c--a-w- c:\windows\system32\dllcache\wups.dll
2009-11-06 15:05:24 327896 -c--a-w- c:\windows\system32\dllcache\wucltui.dll
2009-11-06 15:05:24 1929952 -c--a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-11-06 15:05:23 53472 -c--a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-11-06 15:05:23 217816 -c--a-w- c:\windows\system32\dllcache\wuaucpl.cpl
2009-11-06 15:05:21 96480 -c--a-w- c:\windows\system32\dllcache\cdm.dll
2009-11-05 15:15:52 0 d-----w- c:\program files\AOL Email Toolbar
2009-11-05 08:25:45 3314 ----a-w- c:\windows\9111trz52b8.exe
2009-11-05 03:04:07 5881 ----a-w- c:\windows\5795b5ckdoor2992z.exe
2009-11-04 07:08:56 18014 ----a-w- c:\windows\system32\3c01thre5t95858z.bin
2009-11-04 00:11:51 16983 ----a-w- c:\windows\7bc1za9kdoo541.bin
2009-11-03 15:28:14 5939712 ----a-w- c:\windows\system32\SET901.tmp
2009-11-03 15:28:14 5939712 ------w- c:\windows\system32\SET92E.tmp
2009-11-03 15:28:14 5939712 ------w- c:\windows\system32\SET92C.tmp
2009-11-03 15:28:14 5939712 ------w- c:\windows\system32\SET8B9.tmp
2009-11-01 14:04:21 12866 ----a-w- c:\windows\system32\115esp5ware2789z.cpl

==================== Find3M ====================

2009-11-29 21:13:12 1618270 ----a-w- c:\windows\system32\drivers\RemoveAny.log
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-26 12:36:02 11896 ----a-w- c:\windows\system32\21845izus92e.bin
2009-10-25 10:14:55 12978 ----a-w- c:\windows\59b05zyware2427.bin
2009-10-24 14:09:19 10957 ----a-w- c:\windows\system32\3978sp5rsz404.exe
2009-10-21 04:32:16 16475 ----a-w- c:\windows\2905v5ruz150.exe
2009-10-19 21:26:03 9675 ----a-w- c:\windows\system32\2f179pyware5769z.bin
2009-10-18 04:56:21 5348 ----a-w- c:\windows\3e59thiez2831.exe
2009-10-14 11:18:00 3348 ----a-w- c:\windows\system32\7349add5are258z.exe
2009-10-13 13:50:42 7877 ----a-w- c:\windows\97837trz568.bin
2009-10-12 15:35:26 14387 ----a-w- c:\windows\5z779virus26.exe
2009-10-12 09:53:33 16561 ----a-w- c:\windows\42415pambo96fz.dll
2009-10-10 12:31:46 10647 ----a-w- c:\windows\system32\29953wozm45f9.dll
2009-10-10 00:30:58 4775 ----a-w- c:\windows\2347sz95are1977.bin
2009-10-09 01:32:42 10161 ----a-w- c:\windows\12984z5o9453.dll
2009-10-06 16:48:37 17477 ----a-w- c:\windows\1bd6sz5rse8529.dll
2009-10-06 02:34:05 15583 ----a-w- c:\windows\system32\39532s5z1a4.dll
2009-10-06 00:05:36 11644 ----a-w- c:\windows\94z8spy590.bin
2009-10-03 16:23:41 5681 ----a-w- c:\windows\system32\2801st9al311z5.bin
2009-09-30 02:20:58 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-09-30 02:19:56 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2009-09-30 02:10:52 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-09-30 02:10:36 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-09-30 02:10:24 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-09-30 02:10:16 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-09-30 02:10:02 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-09-30 02:08:50 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-09-30 02:08:48 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2009-09-30 02:07:30 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-09-30 02:07:08 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2009-09-30 02:00:06 3818272 ----a-w- c:\windows\system32\ati3duag.dll
2009-09-30 01:47:22 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2009-09-30 01:46:56 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-09-30 01:46:56 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2009-09-30 01:34:06 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-09-30 01:30:32 475136 ----a-w- c:\windows\system32\atikvmag.dll
2009-09-30 01:28:54 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2009-09-30 01:28:36 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-09-30 01:27:54 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-09-30 01:27:42 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-09-30 01:26:52 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2009-09-30 01:26:04 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2009-09-30 01:22:42 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2009-09-25 07:42:43 15004 ----a-w- c:\windows\system32\4c76sz5rse18539.bin
2009-09-23 07:54:47 10230 ----a-w- c:\windows\system32\6d90steaz534.bin
2009-09-23 01:17:00 16531 ----a-w- c:\windows\1b45threa91957z.dll
2009-09-19 02:55:32 10480 ----a-w- c:\windows\system32\13z94s9ambo5782.dll
2009-09-17 04:47:22 10113 ----a-w- c:\windows\5359spyz55.exe
2009-09-16 18:17:34 8985 ----a-w- c:\windows\system32\4afzthreat56937.exe
2009-09-16 00:34:59 4679 ----a-w- c:\windows\z9958spamb5t3e9.exe
2009-09-15 00:54:33 10456 ----a-w- c:\windows\575zaddware1992.bin
2009-09-13 16:23:32 3244 ----a-w- c:\windows\system32\433zvi59601.exe
2009-09-13 16:04:12 9257 ----a-w- c:\windows\cb0z5reat7099.exe
2009-09-13 09:00:10 10780 ----a-w- c:\windows\system32\1b76szeal9505.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\SET62E.tmp
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\SET681.tmp
2009-09-08 03:30:53 13396 ----a-w- c:\windows\system32\2741zn9t-a-virus5f05.exe
2009-09-07 03:21:37 4179 ----a-w- c:\windows\15732s9amzot5555.dll
2009-09-06 10:10:25 12274 ----a-w- c:\windows\z803virus5b99.bin
2009-09-05 07:54:36 8906 ----a-w- c:\windows\system32\3234viru9z975.dll
2009-09-05 07:30:15 8664 ----a-w- c:\windows\system32\51443spamzot239.bin
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\SET725.tmp
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\SET68A.tmp
2009-09-02 03:57:50 5204 ----a-w- c:\windows\139abaczdoor18859.bin
2007-10-04 17:19:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007100420071005\index.dat
2008-08-21 14:32:31 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082120080822\index.dat

============= FINISH: 16:13:16.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:02 AM

Posted 11 December 2009 - 02:38 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Kacela

Kacela
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 11 December 2009 - 03:12 PM

Thank God.

New DDS log as requested:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 15:08:51.68 on Fri 12/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1283 [GMT -5:00]

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Winferno\WSS\WSS.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\AOL\1190389672\ee\AOLSoftware.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0316.3\mswinext.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\program files\common files\aol\1190389672\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1190389672\ee\AOLDesktop.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\AOL\1190389672\ee\aolsoftware.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol email toolbar\AolMailTbServer.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.aol.com/
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60100
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60100
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AOLMAILTBSearch Class: {98572e47-b5fe-43de-9aea-492a1d3064cd} - c:\program files\aol email toolbar\aolmailtb.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: PBlockHelper Class: {4115122b-85ff-4dd3-9515-f075bede5eb5} - c:\progra~1\netsca~1\netsca~1\pbhelper.dll
BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0316.3\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: AOL Email Toolbar Loader: {fbea8524-8c72-4208-9d12-7fb73e9926eb} - c:\program files\aol email toolbar\aolmailtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0316.3\npwinext.dll
TB: AOL Email Toolbar: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - c:\program files\aol email toolbar\aolmailtb.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
mRun: [Gateway Extended Warranty] "c:\program files\gateway\gwcares\GWCares.exe"
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HostManager] c:\program files\common files\aol\1190389672\ee\AOLSoftware.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AOLAspSunset2] c:\documents and settings\all users\application data\aol\userprofiles\all users\antispyware\dat\updates\aspapp\sunsetAsp2.exe
mRun: [HotbarOE] c:\program files\hotbar\bin\10.2.197.0\OEAddOn.exe
mRun: [HotbarSA] "c:\program files\hotbar\bin\10.2.197.0\HotbarSA.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [trioService] "c:\progra~1\freeze.com\3d falling leaves\\trioService.exe "
mRun: [Conime] %windir%\system32\conime.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0316.3\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\aoldes~1.lnk - c:\program files\common files\aol\launch\aollaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &AOL Email Toolbar Search - c:\documents and settings\all users\application data\aol email toolbar\ietoolbar\resources\en-us\local\search.html
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBC}
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191425643250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 1394VDBG;1394 Host Debugger I/O Driver;c:\windows\system32\drivers\1394vdbg.sys [2006-9-25 11264]
R1 RemoveAny;RemoveAny driver;c:\windows\system32\drivers\RemoveAny.sys [2008-10-3 11264]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-1-19 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-1-19 38296]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 Winferno Subscription Service;Winferno Subscription Service;c:\program files\common files\winferno\wss\WSS.exe [2008-9-16 126976]
R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [2006-9-25 40448]
S2 0114101260539949mcinstcleanup;McAfee Application Installer Cleanup (0114101260539949);c:\windows\temp\011410~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\011410~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identity protection\agent\bin\avgidswatcher.exe --> c:\program files\avg\avg8\identity protection\agent\bin\AVGIDSWatcher.exe [?]
S2 SecuritySoldierSvc;SecuritySoldier Security Service;c:\program files\securitysoldier software\securitysoldier\securitysoldiersvc.exe --> c:\program files\securitysoldier software\securitysoldier\SecuritySoldierSvc.exe [?]

=============== Created Last 30 ================

2009-12-28 15:21:00 15129 ----a-w- c:\windows\365sp9wa5e513z.dll
2009-12-27 20:36:44 4795 ----a-w- c:\windows\6bc7s5ealz895.ocx
2009-12-27 17:16:53 15370 ----a-w- c:\windows\5a795ackdzor197.exe
2009-12-26 18:38:02 14201 ----a-w- c:\windows\system32\471b59arsz317.dll
2009-12-25 16:47:11 3377 ----a-w- c:\windows\75aaaddza592608.bin
2009-12-24 22:45:30 12297 ----a-w- c:\windows\18570sp5mbotz95.bin
2009-12-23 07:22:38 17041 ----a-w- c:\windows\9zbvir6595.exe
2009-12-20 16:41:48 8151 ----a-w- c:\windows\system32\59a7bzckdoor215.ocx
2009-12-20 13:56:09 6142 ----a-w- c:\windows\system32\24d5tzreat19959.exe
2009-12-19 03:13:55 14288 ----a-w- c:\windows\system32\z59aad5wa9e2239.cpl
2009-12-18 05:46:16 6407 ----a-w- c:\windows\51z569irus490.exe
2009-12-17 20:39:22 12870 ----a-w- c:\windows\system32\45835ir29z6.dll
2009-12-16 20:18:07 16521 ----a-w- c:\windows\8beba9z5oor1209.dll
2009-12-16 15:55:08 4608 ----a-w- c:\windows\system32\3879thi5f1z92.bin
2009-12-14 19:06:01 11637 ----a-w- c:\windows\system32\30101wz9552c.cpl
2009-12-14 18:25:20 5375 ----a-w- c:\windows\system32\11592s5y2z0.bin
2009-12-12 14:19:00 11890 ----a-w- c:\windows\system32\7999ba5kdozr180.ocx
2009-12-11 13:54:00 0 d-----w- c:\docume~1\admini~1\applic~1\Skinux
2009-12-11 05:00:13 14473 ----a-w- c:\windows\5369spa5sez570.bin
2009-12-07 02:06:16 9005 ----a-w- c:\windows\4z59spywar91850.dll
2009-12-04 22:35:38 17150 ----a-w- c:\windows\system32\dzesp9ware565.ocx
2009-12-03 02:17:24 8507 ----a-w- c:\windows\system32\94013hackto5l1za.bin
2009-12-02 06:15:05 17668 ----a-w- c:\windows\39bcs5zrse9919.bin
2009-12-01 22:37:47 16760 ----a-w- c:\windows\system32\7e6aazd9are605.bin
2009-11-29 20:29:26 208744 ----a-w- c:\windows\system32\muweb.dll
2009-11-29 20:29:25 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-11-29 20:28:18 213528 ----a-w- c:\windows\system32\wuaucpl.cpl
2009-11-29 20:28:11 575704 -c--a-w- c:\windows\system32\dllcache\wuapi.dll
2009-11-29 17:08:14 0 d-----w- c:\docume~1\admini~1\applic~1\MSNInstaller
2009-11-29 14:40:59 0 d-----w- C:\$AVG
2009-11-29 14:40:50 12464 ------w- c:\windows\system32\avgrsstx.dll.install_backup_1
2009-11-29 05:38:19 53352 ----a-w- c:\windows\system32\jpicpl32.cpl
2009-11-29 04:13:03 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-29 02:32:15 245376 ----a-w- c:\windows\system32\drivers\rt2500usb.sys
2009-11-29 02:11:43 0 d-----w- C:\ATI
2009-11-28 21:48:28 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-11-28 21:48:28 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-11-27 15:09:15 14281 ----a-w- c:\windows\32599zo9m5865.exe
2009-11-26 09:50:28 12132 ----a-w- c:\windows\system32\5985d5w9zoader287.dll
2009-11-26 00:59:43 12881 ----a-w- c:\windows\system32\12z165pam9ot4c9.exe
2009-11-22 01:42:15 10584 ----a-w- c:\windows\9094hacktoo515cz.ocx
2009-11-21 06:55:45 5432 ----a-w- c:\windows\29195s9amzot69c.bin
2009-11-20 12:41:47 7744 ----a-w- c:\windows\system32\1c7fzir9599.cpl
2009-11-19 07:41:48 10492 ----a-w- c:\windows\system32\1539zvi5u97e.dll
2009-11-16 21:29:35 3017 ----a-w- c:\windows\system32\9z158virus5bb.bin
2009-11-16 19:40:56 16469 ----a-w- c:\windows\system32\19z26troj556.cpl
2009-11-14 04:46:07 3424 ----a-w- c:\windows\system32\799s5amzot913.ocx
2009-11-13 17:06:29 5156 ----a-w- c:\windows\system32\7895z9reat13355.ocx
2009-11-12 19:56:16 10754 ----a-w- c:\windows\system32\4zc5vir9785.exe
2009-11-12 16:52:22 10143 ----a-w- c:\windows\3055th9ef76z.ocx
2009-11-12 00:08:32 0 d-----w- C:\log

==================== Find3M ====================

2009-12-11 20:08:53 5146906 ----a-w- c:\windows\system32\drivers\RemoveAny.log
2009-11-08 05:29:12 2550 ----a-w- c:\windows\3536ad9w5re2225z.dll
2009-11-05 08:25:45 3314 ----a-w- c:\windows\9111trz52b8.exe
2009-11-05 03:04:07 5881 ----a-w- c:\windows\5795b5ckdoor2992z.exe
2009-11-04 07:08:56 18014 ----a-w- c:\windows\system32\3c01thre5t95858z.bin
2009-11-04 00:11:51 16983 ----a-w- c:\windows\7bc1za9kdoo541.bin
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-26 12:36:02 11896 ----a-w- c:\windows\system32\21845izus92e.bin
2009-10-25 10:14:55 12978 ----a-w- c:\windows\59b05zyware2427.bin
2009-10-24 14:09:19 10957 ----a-w- c:\windows\system32\3978sp5rsz404.exe
2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\SET901.tmp
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\SET92E.tmp
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\SET92C.tmp
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\SET8B9.tmp
2009-10-21 04:32:16 16475 ----a-w- c:\windows\2905v5ruz150.exe
2009-10-19 21:26:03 9675 ----a-w- c:\windows\system32\2f179pyware5769z.bin
2009-10-18 04:56:21 5348 ----a-w- c:\windows\3e59thiez2831.exe
2009-10-14 11:18:00 3348 ----a-w- c:\windows\system32\7349add5are258z.exe
2009-10-13 13:50:42 7877 ----a-w- c:\windows\97837trz568.bin
2009-10-12 15:35:26 14387 ----a-w- c:\windows\5z779virus26.exe
2009-10-12 09:53:33 16561 ----a-w- c:\windows\42415pambo96fz.dll
2009-10-10 12:31:46 10647 ----a-w- c:\windows\system32\29953wozm45f9.dll
2009-10-10 00:30:58 4775 ----a-w- c:\windows\2347sz95are1977.bin
2009-10-09 01:32:42 10161 ----a-w- c:\windows\12984z5o9453.dll
2009-10-06 16:48:37 17477 ----a-w- c:\windows\1bd6sz5rse8529.dll
2009-10-06 02:34:05 15583 ----a-w- c:\windows\system32\39532s5z1a4.dll
2009-10-06 00:05:36 11644 ----a-w- c:\windows\94z8spy590.bin
2009-10-03 16:23:41 5681 ----a-w- c:\windows\system32\2801st9al311z5.bin
2009-09-30 02:20:58 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-09-30 02:19:56 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2009-09-30 02:10:52 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-09-30 02:10:36 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-09-30 02:10:24 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-09-30 02:10:16 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-09-30 02:10:02 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-09-30 02:08:50 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-09-30 02:08:48 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2009-09-30 02:07:30 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-09-30 02:07:08 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2009-09-30 02:00:06 3818272 ----a-w- c:\windows\system32\ati3duag.dll
2009-09-30 01:47:22 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2009-09-30 01:46:56 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-09-30 01:46:56 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2009-09-30 01:34:06 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-09-30 01:30:32 475136 ----a-w- c:\windows\system32\atikvmag.dll
2009-09-30 01:28:54 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2009-09-30 01:28:36 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-09-30 01:27:54 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-09-30 01:27:42 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-09-30 01:26:52 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2009-09-30 01:26:04 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2009-09-30 01:22:42 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2009-09-25 07:42:43 15004 ----a-w- c:\windows\system32\4c76sz5rse18539.bin
2009-09-23 07:54:47 10230 ----a-w- c:\windows\system32\6d90steaz534.bin
2009-09-23 01:17:00 16531 ----a-w- c:\windows\1b45threa91957z.dll
2009-09-19 02:55:32 10480 ----a-w- c:\windows\system32\13z94s9ambo5782.dll
2009-09-17 04:47:22 10113 ----a-w- c:\windows\5359spyz55.exe
2009-09-16 18:17:34 8985 ----a-w- c:\windows\system32\4afzthreat56937.exe
2009-09-16 00:34:59 4679 ----a-w- c:\windows\z9958spamb5t3e9.exe
2009-09-15 00:54:33 10456 ----a-w- c:\windows\575zaddware1992.bin
2009-09-13 16:23:32 3244 ----a-w- c:\windows\system32\433zvi59601.exe
2009-09-13 16:04:12 9257 ----a-w- c:\windows\cb0z5reat7099.exe
2009-09-13 09:00:10 10780 ----a-w- c:\windows\system32\1b76szeal9505.dll
2007-10-04 17:19:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007100420071005\index.dat
2008-08-21 14:32:31 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082120080822\index.dat

============= FINISH: 15:09:10.78 ===============

Attached Files


Edited by Kacela, 11 December 2009 - 03:31 PM.


#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:02 AM

Posted 11 December 2009 - 04:06 PM

Hello, and :( to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. :(
  • As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be two people helping you instead of just one, but responses may be somewhat delayed so please be patient!!!!
Please give me a little time to go through your logs. My instructions will be forthcoming.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:02 AM

Posted 12 December 2009 - 12:09 PM

Hello Kacela.

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Double click on renamed.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

IMPORTANT!! ComboFix will likely reboot the machine as part of it's execution. It is important that when it reboots it loads into Windows normally, NOT Last Known Good Configuration. If the machine is unable to boot normally, go ahead and boot using Last Known Good Configuration, but please let me know in your next reply.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
ComboFix log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 Kacela

Kacela
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 12 December 2009 - 01:01 PM

Slight issue - Got BSOD immediately following this step:

Posted Image
Click on Yes, to continue scanning for malware.


A problem has been detected and windows has been shut down to prevent damage
to your computer.

If this...
...
*** STOP: 0X0000007E (0XC0000005, 0x80590DBD, 0xBA527944, 0xBA527640)

Beginning dump of ...
...


Everything up to that point was going well, with the exception of me not being able to open McAfee Security Center to shut down the personal firewall - which I had to kill off in Services.

After the memory dump, the machine rebooted, and in trying to come up normally, BSOD with the original posts code, and I selected "Last Known Good".

The Machine then went into an automatic CHKDSK, then rebooted.

Again, original posts BSOD code came up and rebooted, I then had to select "Last Known Good" again.

The machine then loaded Windows XP as it did this morning "normally".

After booting into Windows XP, A Windows dialog box popped up saying "The system has recovered from a serious error. A log file has been created. Please tell Microsoft about this problem. ..."

And that's where it is right now. No Combo Fix log was created.

Edited by Kacela, 12 December 2009 - 01:04 PM.


#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:02 AM

Posted 15 December 2009 - 09:41 PM

Hi Kacela, sorry for the delay in response.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    CREATERESTOREPOINT

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
~Blade


In your next reply, please include the following:
OTL.txt
Extras.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 Kacela

Kacela
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 15 December 2009 - 11:43 PM

As requested:

OTL logfile created on: 12/15/2009 11:28:54 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.62% Memory free
3.84 Gb Paging File | 3.28 Gb Available in Paging File | 85.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.85 Gb Total Space | 197.93 Gb Free Space | 86.49% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 230.88 Gb Free Space | 99.14% Space Free | Partition Type: NTFS
Drive E: | 4.01 Gb Total Space | 1.53 Gb Free Space | 38.09% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JMICHAELONDISH
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\MSN Toolbar\Platform\4.0.0316.3\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\MSC\mcupdui.exe (McAfee, Inc.)
PRC - c:\Program Files\AOL Email Toolbar\aolmailtbServer.exe (AOL LLC)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Kodak\AiO\Center\KodakSvc.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe (Eastman Kodak Company)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Winferno\WSS\WSS.exe (Capital Intellect Inc)
PRC - C:\Program Files\Common Files\AOL\1190389672\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\Common Files\AOL\1190389672\ee\AOLDesktop.exe (AOL LLC)
PRC - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe (Autodata Limited)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\AOL\1190389672\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe ()
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
PRC - C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)
PRC - C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
PRC - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe (Netscape Communications Corporation)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (SecuritySoldierSvc) -- File not found
SRV - (KodakCCS) -- File not found
SRV - (DataSvr) -- File not found
SRV - (AVGIDSWatcher) -- File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (0132921260640869mcinstcleanup) McAfee Application Installer Cleanup (0132921260640869) -- C:\WINDOWS\Temp\0132921260640869mcinst.exe (McAfee, Inc.)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (KodakSvc) -- C:\Program Files\Kodak\AiO\center\KodakSvc.exe (Eastman Kodak Company)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe (Eastman Kodak Company)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Winferno Subscription Service) -- C:\Program Files\Common Files\Winferno\WSS\WSS.exe (Capital Intellect Inc)
SRV - (Autodata Limited License Service) -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe (Autodata Limited)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NCUpdateSvc) -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe (Netscape Communications Corporation)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (RemoveAny) -- C:\WINDOWS\system32\drivers\RemoveAny.sys (HeavenWard)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Cdralw2k) -- C:\WINDOWS\system32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (IAMTXP) Driver for Intel® -- C:\WINDOWS\system32\drivers\IAMTXP.sys (Intel Corporation)
DRV - (WUSB54GPV4SRV) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (1394VDBG) -- C:\WINDOWS\system32\DRIVERS\1394vdbg.sys (Microsoft Corporation)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60100
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: 8572e47-b5fe-43de-9aea-492a1d3064cd} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: A756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: FBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/29 00:25:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 21:35:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/10/13 11:38:50 | 00,000,000 | ---D | M]

[2007/09/21 10:43:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bvpkhsvt.default\extensions

O1 HOSTS File: (711 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (PBlockHelper Class) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll (planetscott.ca)
O2 - BHO: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Miva)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0316.3\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Email Toolbar Loader) - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Miva)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0316.3\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Email Toolbar) - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Email Toolbar) - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe File not found
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Gateway Extended Warranty] C:\Program Files\Gateway\GWCares\GWCares.exe (BillP Studios)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1190389672\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [HotbarOE] C:\Program Files\Hotbar\bin\10.2.197.0\OEAddOn.exe File not found
O4 - HKLM..\Run: [HotbarSA] C:\Program Files\Hotbar\bin\10.2.197.0\HotbarSA.exe File not found
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0316.3\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Pure Networks Port Magic] C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [trioService] C:\PROGRA~1\Freeze.com\3D Falling Leaves\trioService.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Power2GoExpress] C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe (AOL LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &AOL Email Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1191425643250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.202.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = j.michaelondish
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/31 22:32:15 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0af6a05f-5000-11db-af25-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0af6a05f-5000-11db-af25-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0af6a05f-5000-11db-af25-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 14:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 14:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891947461378048)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/15 23:23:53 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/12/12 12:37:35 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/12 12:34:04 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/12 12:34:04 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/12 12:34:04 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/12 12:34:04 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/12 12:34:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/12 12:33:59 | 00,000,000 | --SD | C] -- C:\renamed
[2009/12/12 12:33:40 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/11 15:29:17 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/11/29 16:00:13 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2009/11/29 15:29:25 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/11/29 15:28:19 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009/11/29 15:28:11 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009/11/29 15:28:11 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2009/11/29 15:28:08 | 00,092,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2009/11/29 13:32:02 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/29 13:32:02 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/29 13:32:01 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/29 13:32:00 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/11/29 13:32:00 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/29 13:32:00 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/11/29 13:32:00 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/29 13:32:00 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/11/29 13:31:45 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/29 12:08:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2009/11/29 11:08:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/29 11:08:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/29 11:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/29 11:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/29 09:40:59 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/11/29 09:40:50 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup_1
[2009/11/29 09:27:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/11/29 00:38:19 | 00,053,352 | ---- | C] (Sun Microsystems) -- C:\WINDOWS\System32\jpicpl32.cpl
[2009/11/29 00:23:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
[2009/11/28 23:13:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/28 21:32:15 | 00,245,376 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt2500usb.sys
[2009/11/28 21:30:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Linksys Driver
[2009/11/28 21:11:43 | 00,000,000 | ---D | C] -- C:\ATI
[2009/11/28 16:48:28 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/11/16 18:43:02 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\New Briefcase
[2009/02/18 13:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
[2009/01/02 11:00:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2007/11/29 17:40:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2007/11/29 17:40:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/11/29 17:40:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/02/10 16:20:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2006/12/01 18:59:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2006/10/04 17:01:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/09/25 10:08:23 | 00,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[28 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/28 10:21:00 | 00,015,129 | ---- | M] () -- C:\WINDOWS\365sp9wa5e513z.dll
[2009/12/27 15:36:44 | 00,004,795 | ---- | M] () -- C:\WINDOWS\6bc7s5ealz895.ocx
[2009/12/27 12:16:53 | 00,015,370 | ---- | M] () -- C:\WINDOWS\5a795ackdzor197.exe
[2009/12/26 13:38:02 | 00,014,201 | ---- | M] () -- C:\WINDOWS\System32\471b59arsz317.dll
[2009/12/25 11:47:11 | 00,003,377 | ---- | M] () -- C:\WINDOWS\75aaaddza592608.bin
[2009/12/24 17:45:30 | 00,012,297 | ---- | M] () -- C:\WINDOWS\18570sp5mbotz95.bin
[2009/12/23 02:22:38 | 00,017,041 | ---- | M] () -- C:\WINDOWS\9zbvir6595.exe
[2009/12/20 11:41:48 | 00,008,151 | ---- | M] () -- C:\WINDOWS\System32\59a7bzckdoor215.ocx
[2009/12/20 08:56:09 | 00,006,142 | ---- | M] () -- C:\WINDOWS\System32\24d5tzreat19959.exe
[2009/12/18 22:13:55 | 00,014,288 | ---- | M] () -- C:\WINDOWS\System32\z59aad5wa9e2239.cpl
[2009/12/18 00:46:16 | 00,006,407 | ---- | M] () -- C:\WINDOWS\51z569irus490.exe
[2009/12/17 15:39:22 | 00,012,870 | ---- | M] () -- C:\WINDOWS\System32\45835ir29z6.dll
[2009/12/16 15:18:07 | 00,016,521 | ---- | M] () -- C:\WINDOWS\8beba9z5oor1209.dll
[2009/12/16 10:55:08 | 00,004,608 | ---- | M] () -- C:\WINDOWS\System32\3879thi5f1z92.bin
[2009/12/15 23:25:45 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/12/15 23:23:40 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8FA734E3-59B1-4A6E-BE0C-8150B2274C11}.job
[2009/12/15 23:22:00 | 00,028,373 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/12/15 13:27:25 | 00,030,600 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2009/12/15 13:27:25 | 00,030,600 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2009/12/15 13:27:25 | 00,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2009/12/15 13:27:25 | 00,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2009/12/15 13:27:25 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2009/12/15 13:27:25 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/12/15 13:27:25 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/12/15 13:25:25 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\Kodak AiO Scheduled Maintenance.job
[2009/12/14 14:06:01 | 00,011,637 | ---- | M] () -- C:\WINDOWS\System32\30101wz9552c.cpl
[2009/12/14 13:25:20 | 00,005,375 | ---- | M] () -- C:\WINDOWS\System32\11592s5y2z0.bin
[2009/12/12 12:57:35 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/12 12:54:53 | 00,001,092 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AOL Desktop.lnk
[2009/12/12 12:54:36 | 00,000,400 | ---- | M] () -- C:\WINDOWS\tasks\WSSHelper.job
[2009/12/12 12:54:35 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/12 12:54:35 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\RegPowerClean.job
[2009/12/12 12:54:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/12 12:54:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/12 12:54:10 | 21,443,82976 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/12 12:54:07 | 21,444,15744 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/12/12 12:37:39 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/12/12 12:34:21 | 04,980,736 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009/12/12 12:18:18 | 03,850,336 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\renamed.exe
[2009/12/12 09:19:00 | 00,011,890 | ---- | M] () -- C:\WINDOWS\System32\7999ba5kdozr180.ocx
[2009/12/11 15:30:10 | 00,004,568 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Attach.zip
[2009/12/11 15:08:43 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/12/11 00:00:13 | 00,014,473 | ---- | M] () -- C:\WINDOWS\5369spa5sez570.bin
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/06 21:06:16 | 00,009,005 | ---- | M] () -- C:\WINDOWS\4z59spywar91850.dll
[2009/12/05 11:24:46 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/12/04 17:35:38 | 00,017,150 | ---- | M] () -- C:\WINDOWS\System32\dzesp9ware565.ocx
[2009/12/02 21:17:24 | 00,008,507 | ---- | M] () -- C:\WINDOWS\System32\94013hackto5l1za.bin
[2009/12/02 01:15:05 | 00,017,668 | ---- | M] () -- C:\WINDOWS\39bcs5zrse9919.bin
[2009/12/01 17:37:47 | 00,016,760 | ---- | M] () -- C:\WINDOWS\System32\7e6aazd9are605.bin
[2009/11/29 16:00:14 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2009/11/29 15:59:56 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/11/29 13:32:02 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/11/29 13:32:00 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/29 09:40:50 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup_1
[2009/11/28 20:29:54 | 00,171,091 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WUSB54Gv4_v3.0.1.0.exe
[2009/11/27 10:09:15 | 00,014,281 | ---- | M] () -- C:\WINDOWS\32599zo9m5865.exe
[2009/11/26 04:50:28 | 00,012,132 | ---- | M] () -- C:\WINDOWS\System32\5985d5w9zoader287.dll
[2009/11/25 19:59:43 | 00,012,881 | ---- | M] () -- C:\WINDOWS\System32\12z165pam9ot4c9.exe
[2009/11/24 19:06:34 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/11/24 18:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/24 18:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/24 18:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/11/24 18:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/11/24 18:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/11/24 18:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/24 18:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/24 18:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/24 18:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/23 08:26:56 | 00,000,452 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/11/21 20:42:15 | 00,010,584 | ---- | M] () -- C:\WINDOWS\9094hacktoo515cz.ocx
[2009/11/21 01:55:45 | 00,005,432 | ---- | M] () -- C:\WINDOWS\29195s9amzot69c.bin
[2009/11/20 07:41:47 | 00,007,744 | ---- | M] () -- C:\WINDOWS\System32\1c7fzir9599.cpl
[2009/11/19 02:41:48 | 00,010,492 | ---- | M] () -- C:\WINDOWS\System32\1539zvi5u97e.dll
[2009/11/16 16:29:35 | 00,003,017 | ---- | M] () -- C:\WINDOWS\System32\9z158virus5bb.bin
[2009/11/16 14:40:56 | 00,016,469 | ---- | M] () -- C:\WINDOWS\System32\19z26troj556.cpl
[28 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/28 10:21:00 | 00,015,129 | ---- | C] () -- C:\WINDOWS\365sp9wa5e513z.dll
[2009/12/27 15:36:44 | 00,004,795 | ---- | C] () -- C:\WINDOWS\6bc7s5ealz895.ocx
[2009/12/27 12:16:53 | 00,015,370 | ---- | C] () -- C:\WINDOWS\5a795ackdzor197.exe
[2009/12/26 13:38:02 | 00,014,201 | ---- | C] () -- C:\WINDOWS\System32\471b59arsz317.dll
[2009/12/25 11:47:11 | 00,003,377 | ---- | C] () -- C:\WINDOWS\75aaaddza592608.bin
[2009/12/24 17:45:30 | 00,012,297 | ---- | C] () -- C:\WINDOWS\18570sp5mbotz95.bin
[2009/12/23 02:22:38 | 00,017,041 | ---- | C] () -- C:\WINDOWS\9zbvir6595.exe
[2009/12/20 11:41:48 | 00,008,151 | ---- | C] () -- C:\WINDOWS\System32\59a7bzckdoor215.ocx
[2009/12/20 08:56:09 | 00,006,142 | ---- | C] () -- C:\WINDOWS\System32\24d5tzreat19959.exe
[2009/12/18 22:13:55 | 00,014,288 | ---- | C] () -- C:\WINDOWS\System32\z59aad5wa9e2239.cpl
[2009/12/18 00:46:16 | 00,006,407 | ---- | C] () -- C:\WINDOWS\51z569irus490.exe
[2009/12/17 15:39:22 | 00,012,870 | ---- | C] () -- C:\WINDOWS\System32\45835ir29z6.dll
[2009/12/16 15:18:07 | 00,016,521 | ---- | C] () -- C:\WINDOWS\8beba9z5oor1209.dll
[2009/12/16 10:55:08 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\3879thi5f1z92.bin
[2009/12/14 14:06:01 | 00,011,637 | ---- | C] () -- C:\WINDOWS\System32\30101wz9552c.cpl
[2009/12/14 13:25:20 | 00,005,375 | ---- | C] () -- C:\WINDOWS\System32\11592s5y2z0.bin
[2009/12/12 12:37:39 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/12/12 12:37:37 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/12 12:34:04 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/12 12:34:04 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/12 12:34:04 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/12 12:34:04 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/12 12:34:04 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/12 12:18:17 | 03,850,336 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\renamed.exe
[2009/12/12 09:19:00 | 00,011,890 | ---- | C] () -- C:\WINDOWS\System32\7999ba5kdozr180.ocx
[2009/12/11 15:30:10 | 00,004,568 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Attach.zip
[2009/12/11 00:00:13 | 00,014,473 | ---- | C] () -- C:\WINDOWS\5369spa5sez570.bin
[2009/12/06 21:06:16 | 00,009,005 | ---- | C] () -- C:\WINDOWS\4z59spywar91850.dll
[2009/12/04 17:35:38 | 00,017,150 | ---- | C] () -- C:\WINDOWS\System32\dzesp9ware565.ocx
[2009/12/02 21:17:24 | 00,008,507 | ---- | C] () -- C:\WINDOWS\System32\94013hackto5l1za.bin
[2009/12/02 01:15:05 | 00,017,668 | ---- | C] () -- C:\WINDOWS\39bcs5zrse9919.bin
[2009/12/01 17:37:47 | 00,016,760 | ---- | C] () -- C:\WINDOWS\System32\7e6aazd9are605.bin
[2009/11/29 16:10:27 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/11/29 15:59:56 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/11/29 13:32:02 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/11/29 13:31:45 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/11/29 11:15:18 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/29 00:37:31 | 00,028,768 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2009/11/29 00:37:31 | 00,024,670 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2009/11/28 20:29:21 | 00,171,091 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WUSB54Gv4_v3.0.1.0.exe
[2009/11/28 17:38:05 | 21,444,15744 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2009/11/27 10:09:15 | 00,014,281 | ---- | C] () -- C:\WINDOWS\32599zo9m5865.exe
[2009/11/26 04:50:28 | 00,012,132 | ---- | C] () -- C:\WINDOWS\System32\5985d5w9zoader287.dll
[2009/11/25 19:59:43 | 00,012,881 | ---- | C] () -- C:\WINDOWS\System32\12z165pam9ot4c9.exe
[2009/11/24 19:06:33 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/11/21 20:42:15 | 00,010,584 | ---- | C] () -- C:\WINDOWS\9094hacktoo515cz.ocx
[2009/11/21 01:55:45 | 00,005,432 | ---- | C] () -- C:\WINDOWS\29195s9amzot69c.bin
[2009/11/20 07:41:47 | 00,007,744 | ---- | C] () -- C:\WINDOWS\System32\1c7fzir9599.cpl
[2009/11/19 02:41:48 | 00,010,492 | ---- | C] () -- C:\WINDOWS\System32\1539zvi5u97e.dll
[2009/11/16 16:29:35 | 00,003,017 | ---- | C] () -- C:\WINDOWS\System32\9z158virus5bb.bin
[2009/11/16 14:40:56 | 00,016,469 | ---- | C] () -- C:\WINDOWS\System32\19z26troj556.cpl
[2009/11/08 00:29:12 | 00,002,550 | ---- | C] () -- C:\WINDOWS\3536ad9w5re2225z.dll
[2009/10/12 04:53:33 | 00,016,561 | ---- | C] () -- C:\WINDOWS\42415pambo96fz.dll
[2009/10/10 07:31:46 | 00,010,647 | ---- | C] () -- C:\WINDOWS\System32\29953wozm45f9.dll
[2009/10/08 20:32:42 | 00,010,161 | ---- | C] () -- C:\WINDOWS\12984z5o9453.dll
[2009/10/06 11:48:37 | 00,017,477 | ---- | C] () -- C:\WINDOWS\1bd6sz5rse8529.dll
[2009/10/05 21:34:05 | 00,015,583 | ---- | C] () -- C:\WINDOWS\System32\39532s5z1a4.dll
[2009/09/26 15:38:46 | 00,010,465 | ---- | C] () -- C:\WINDOWS\zd9d9i51617.dll
[2009/09/26 15:38:46 | 00,005,441 | ---- | C] () -- C:\WINDOWS\25359zroj135.dll
[2009/09/26 15:38:46 | 00,002,657 | ---- | C] () -- C:\WINDOWS\System32\4c94threzt56176.dll
[2009/09/26 15:38:45 | 00,003,955 | ---- | C] () -- C:\WINDOWS\18874spambotz9a5.dll
[2009/09/26 15:38:44 | 00,017,986 | ---- | C] () -- C:\WINDOWS\2db5bazkdo9r1661.dll
[2009/09/26 15:38:44 | 00,017,818 | ---- | C] () -- C:\WINDOWS\309bsp95zre657.dll
[2009/09/26 15:38:44 | 00,017,729 | ---- | C] () -- C:\WINDOWS\5zd9d9wnloade5382.dll
[2009/09/26 15:38:44 | 00,013,551 | ---- | C] () -- C:\WINDOWS\4499v5r2z3.dll
[2009/09/26 15:38:44 | 00,004,659 | ---- | C] () -- C:\WINDOWS\System32\252z49irus250.dll
[2009/09/26 15:38:43 | 00,017,177 | ---- | C] () -- C:\WINDOWS\297475ot-a-virus2ez.dll
[2009/09/26 15:38:43 | 00,003,321 | ---- | C] () -- C:\WINDOWS\System32\39985nzt-a-virus12f.dll
[2009/09/26 15:38:42 | 00,013,171 | ---- | C] () -- C:\WINDOWS\5c94spywzre835.dll
[2009/09/26 15:38:42 | 00,006,810 | ---- | C] () -- C:\WINDOWS\111449r5j367z.dll
[2009/09/26 15:38:42 | 00,003,968 | ---- | C] () -- C:\WINDOWS\System32\b95th9eaz5954.dll
[2009/09/26 15:38:42 | 00,002,861 | ---- | C] () -- C:\WINDOWS\9754steaz2447.dll
[2009/09/26 15:38:41 | 00,009,758 | ---- | C] () -- C:\WINDOWS\1a24back9o5rz700.dll
[2009/09/26 15:38:40 | 00,015,643 | ---- | C] () -- C:\WINDOWS\System32\549ct59ez2882.dll
[2009/09/26 15:38:40 | 00,014,878 | ---- | C] () -- C:\WINDOWS\System32\1faczownlo95er179.dll
[2009/09/26 15:38:40 | 00,013,211 | ---- | C] () -- C:\WINDOWS\System32\41c5dowzloade53194.dll
[2009/09/26 15:38:40 | 00,009,635 | ---- | C] () -- C:\WINDOWS\26e1s9ywzre5063.dll
[2009/09/26 15:38:40 | 00,004,849 | ---- | C] () -- C:\WINDOWS\System32\50149zpy6a3.dll
[2009/09/26 15:38:39 | 00,012,717 | ---- | C] () -- C:\WINDOWS\System32\14425worm7ez9.dll
[2009/09/26 15:38:39 | 00,006,219 | ---- | C] () -- C:\WINDOWS\5732v9rz255.dll
[2009/09/22 20:17:00 | 00,016,531 | ---- | C] () -- C:\WINDOWS\1b45threa91957z.dll
[2009/09/18 21:55:32 | 00,010,480 | ---- | C] () -- C:\WINDOWS\System32\13z94s9ambo5782.dll
[2009/09/13 04:00:10 | 00,010,780 | ---- | C] () -- C:\WINDOWS\System32\1b76szeal9505.dll
[2009/09/06 22:21:37 | 00,004,179 | ---- | C] () -- C:\WINDOWS\15732s9amzot5555.dll
[2009/09/05 02:54:36 | 00,008,906 | ---- | C] () -- C:\WINDOWS\System32\3234viru9z975.dll
[2009/08/21 20:27:59 | 00,011,643 | ---- | C] () -- C:\WINDOWS\4c57threaz155619.dll
[2009/07/27 09:06:18 | 00,014,541 | ---- | C] () -- C:\WINDOWS\System32\21340vir595z0.dll
[2009/07/27 04:32:27 | 00,006,369 | ---- | C] () -- C:\WINDOWS\6eazstea93527.dll
[2009/07/18 06:45:42 | 00,013,392 | ---- | C] () -- C:\WINDOWS\System32\15307s9amboz95.dll
[2009/07/11 09:07:45 | 00,010,750 | ---- | C] () -- C:\WINDOWS\System32\24671spam9otzfc5.dll
[2009/07/02 04:22:54 | 00,014,631 | ---- | C] () -- C:\WINDOWS\System32\6515vzr9s413.dll
[2009/06/26 15:27:30 | 00,004,374 | ---- | C] () -- C:\WINDOWS\2f89ste59z99.dll
[2009/06/19 20:16:15 | 00,017,087 | ---- | C] () -- C:\WINDOWS\System32\5623not-a-vz9us193.dll
[2009/06/16 20:39:06 | 00,017,693 | ---- | C] () -- C:\WINDOWS\System32\14795z5oj9b9.dll
[2009/06/16 18:15:22 | 00,000,180 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\setup.log
[2009/06/16 18:15:20 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\setup_ldm.iss
[2009/06/10 04:29:16 | 00,014,554 | ---- | C] () -- C:\WINDOWS\System32\641bsparse5z9.dll
[2009/06/02 18:09:43 | 00,000,022 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\kodakpcd.ini
[2009/06/02 06:16:04 | 00,006,647 | ---- | C] () -- C:\WINDOWS\f9czteal3659.dll
[2009/06/02 04:31:48 | 00,013,848 | ---- | C] () -- C:\WINDOWS\d3659ealz919.dll
[2009/06/01 23:43:53 | 00,014,281 | ---- | C] () -- C:\WINDOWS\System32\6e97spar5z1297.dll
[2009/05/27 03:28:37 | 00,015,267 | ---- | C] () -- C:\WINDOWS\System32\56c9viz247.dll
[2009/05/23 14:54:24 | 00,015,746 | ---- | C] () -- C:\WINDOWS\105bsparsz9078.dll
[2009/05/19 17:07:42 | 00,008,446 | ---- | C] () -- C:\WINDOWS\8268wzrm9f55.dll
[2009/05/10 07:23:19 | 00,007,397 | ---- | C] () -- C:\WINDOWS\System32\6z8ethief25395.dll
[2009/05/04 21:43:03 | 00,015,230 | ---- | C] () -- C:\WINDOWS\System32\589fdozn9oader881.dll
[2009/05/03 02:33:11 | 00,011,542 | ---- | C] () -- C:\WINDOWS\9529hac5tool34z.dll
[2009/04/27 06:46:44 | 00,004,164 | ---- | C] () -- C:\WINDOWS\System32\53bz9p5ware930.dll
[2009/04/13 02:35:30 | 00,005,819 | ---- | C] () -- C:\WINDOWS\379cspzr95442.dll
[2009/04/08 06:28:44 | 00,017,348 | ---- | C] () -- C:\WINDOWS\System32\5719spz406.dll
[2009/03/28 05:02:50 | 00,015,927 | ---- | C] () -- C:\WINDOWS\4559vzr9854.dll
[2009/03/10 00:12:12 | 00,013,645 | ---- | C] () -- C:\WINDOWS\27605not-a5viru963z.dll
[2009/03/07 02:30:46 | 00,010,314 | ---- | C] () -- C:\WINDOWS\28951zac9tool4e9.dll
[2009/02/22 09:25:58 | 00,005,458 | ---- | C] () -- C:\WINDOWS\System32\2890spa5bzt124.dll
[2009/02/20 08:52:42 | 00,014,372 | ---- | C] () -- C:\WINDOWS\8958zpambot621.dll
[2009/02/18 13:27:56 | 00,000,287 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LaunchHomeCenter.log
[2009/02/18 13:23:23 | 00,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2009/02/18 12:50:53 | 00,517,674 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\installer.log
[2009/02/14 09:20:26 | 00,005,251 | ---- | C] () -- C:\WINDOWS\System32\3e9z5parse641.dll
[2009/02/06 18:49:56 | 00,012,920 | ---- | C] () -- C:\WINDOWS\69a1z9arse125.dll
[2009/02/05 17:48:16 | 00,018,135 | ---- | C] () -- C:\WINDOWS\System32\320z6sp9mbot7a5.dll
[2009/02/01 14:44:04 | 00,014,730 | ---- | C] () -- C:\WINDOWS\System32\2z7adownload9r2435.dll
[2009/01/23 03:49:02 | 00,002,860 | ---- | C] () -- C:\WINDOWS\System32\6359worm53z.dll
[2009/01/20 07:43:30 | 00,013,397 | ---- | C] () -- C:\WINDOWS\z923hackto9l505.dll
[2009/01/04 12:11:29 | 00,013,674 | ---- | C] () -- C:\WINDOWS\System32\8a6tzreat25759.dll
[2008/12/27 23:25:19 | 00,016,628 | ---- | C] () -- C:\WINDOWS\System32\z0592worm46d.dll
[2008/12/22 05:48:39 | 00,002,680 | ---- | C] () -- C:\WINDOWS\System32\44a5zhi9f1875.dll
[2008/12/12 15:16:27 | 00,015,143 | ---- | C] () -- C:\WINDOWS\System32\52a9threzt15335.dll
[2008/12/06 17:01:07 | 00,000,267 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/21 21:46:16 | 00,003,471 | ---- | C] () -- C:\WINDOWS\7ebz95yware1569.dll
[2008/11/14 06:08:58 | 00,002,836 | ---- | C] () -- C:\WINDOWS\System32\15045zroj799.dll
[2008/11/08 06:03:28 | 00,008,521 | ---- | C] () -- C:\WINDOWS\z58asp9rse554.dll
[2008/11/07 05:16:28 | 00,015,700 | ---- | C] () -- C:\WINDOWS\7054stezl57559.dll
[2008/11/05 17:44:19 | 00,017,307 | ---- | C] () -- C:\WINDOWS\15879troj9z2.dll
[2008/11/03 05:57:31 | 00,013,899 | ---- | C] () -- C:\WINDOWS\System32\31663not9a-zirus1655.dll
[2008/11/03 01:46:50 | 00,004,877 | ---- | C] () -- C:\WINDOWS\16971virus5z19.dll
[2008/10/04 17:29:54 | 00,003,433 | ---- | C] () -- C:\WINDOWS\System32\35z87worm993.dll
[2008/09/12 13:56:34 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/09/10 14:58:11 | 00,004,481 | ---- | C] () -- C:\WINDOWS\z2aaddware59999.dll
[2008/09/08 17:06:01 | 00,018,383 | ---- | C] () -- C:\WINDOWS\90774hac5tooz58a.dll
[2008/09/08 13:04:35 | 00,012,205 | ---- | C] () -- C:\WINDOWS\12abzpy5ar9341.dll
[2008/08/24 19:24:44 | 00,005,722 | ---- | C] () -- C:\WINDOWS\9329vi95sz.dll
[2008/08/14 20:47:09 | 00,017,389 | ---- | C] () -- C:\WINDOWS\System32\2z1255orm69e.dll
[2008/08/10 02:00:37 | 00,011,954 | ---- | C] () -- C:\WINDOWS\5f4spywar52z529.dll
[2008/08/04 01:55:28 | 00,013,929 | ---- | C] () -- C:\WINDOWS\565zsp5w9re1431.dll
[2008/07/27 06:33:59 | 00,014,735 | ---- | C] () -- C:\WINDOWS\315209roj3z.dll
[2008/07/24 06:36:38 | 00,015,987 | ---- | C] () -- C:\WINDOWS\522cthrezt54559.dll
[2008/07/16 13:49:03 | 00,014,148 | ---- | C] () -- C:\WINDOWS\z0283h9c5tool357.dll
[2008/07/10 22:10:08 | 00,014,629 | ---- | C] () -- C:\WINDOWS\System32\5e37thizf9049.dll
[2008/07/02 16:03:59 | 00,007,228 | ---- | C] () -- C:\WINDOWS\5fa4sparse12z9.dll
[2008/06/23 10:06:08 | 00,005,104 | ---- | C] () -- C:\WINDOWS\System32\4a5cviz2924.dll
[2008/06/14 21:35:53 | 00,004,035 | ---- | C] () -- C:\WINDOWS\138099orz185.dll
[2008/06/14 11:17:31 | 00,015,348 | ---- | C] () -- C:\WINDOWS\d3est9a56z4.dll
[2008/06/12 12:47:48 | 00,010,006 | ---- | C] () -- C:\WINDOWS\4259szyware3125.dll
[2008/06/12 12:11:20 | 00,008,533 | ---- | C] () -- C:\WINDOWS\9a3zspyware2705.dll
[2008/06/11 22:03:48 | 00,003,488 | ---- | C] () -- C:\WINDOWS\System32\2910thie5z59.dll
[2008/06/04 01:20:00 | 00,002,700 | ---- | C] () -- C:\WINDOWS\System32\3d55zir2959.dll
[2008/06/01 21:22:57 | 00,006,607 | ---- | C] () -- C:\WINDOWS\System32\5758bzckdoo9157.dll
[2008/05/28 04:55:56 | 00,014,022 | ---- | C] () -- C:\WINDOWS\5za09ownloader55.dll
[2008/05/18 01:47:35 | 00,012,927 | ---- | C] () -- C:\WINDOWS\ze97thi9f245.dll
[2008/05/10 13:35:43 | 00,006,916 | ---- | C] () -- C:\WINDOWS\352fsparze15579.dll
[2008/04/23 17:54:19 | 00,008,568 | ---- | C] () -- C:\WINDOWS\System32\z346spam9ot105.dll
[2008/04/21 04:32:31 | 00,004,299 | ---- | C] () -- C:\WINDOWS\587bz9kdoor2097.dll
[2008/04/17 14:53:11 | 00,008,600 | ---- | C] () -- C:\WINDOWS\System32\4d0bt59zf1265.dll
[2008/04/13 06:26:50 | 00,010,872 | ---- | C] () -- C:\WINDOWS\14305worm95z.dll
[2008/04/12 15:44:53 | 00,011,482 | ---- | C] () -- C:\WINDOWS\z7950t5oj690.dll
[2008/04/08 12:48:41 | 00,010,541 | ---- | C] () -- C:\WINDOWS\1bc4spywzre29145.dll
[2008/03/13 14:08:50 | 00,015,989 | ---- | C] () -- C:\WINDOWS\70985hiez9559.dll
[2008/03/08 14:09:04 | 00,002,964 | ---- | C] () -- C:\WINDOWS\System32\7facdownloa9e53z60.dll
[2008/02/25 17:25:33 | 00,002,697 | ---- | C] () -- C:\WINDOWS\95esp9zse883.dll
[2008/02/06 03:50:27 | 00,007,725 | ---- | C] () -- C:\WINDOWS\2003zvirus7c95.dll
[2008/02/06 03:46:10 | 00,016,545 | ---- | C] () -- C:\WINDOWS\674b5tea9z144.dll
[2008/01/20 09:10:33 | 00,008,375 | ---- | C] () -- C:\WINDOWS\cc1spyw5re1z96.dll
[2008/01/12 12:21:17 | 00,006,288 | ---- | C] () -- C:\WINDOWS\System32\696f9ackdzor2055.dll
[2008/01/11 18:55:47 | 00,010,023 | ---- | C] () -- C:\WINDOWS\6d0e5p9rsez08.dll
[2008/01/07 18:04:53 | 00,007,542 | ---- | C] () -- C:\WINDOWS\295z15orm4a9.dll
[2008/01/04 03:13:34 | 00,005,565 | ---- | C] () -- C:\WINDOWS\909z5spy287.dll
[2008/01/02 03:47:58 | 00,016,951 | ---- | C] () -- C:\WINDOWS\25825worm1z9.dll
[2007/11/29 18:00:37 | 00,000,062 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2007/10/03 14:15:58 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/06/28 16:19:53 | 00,000,129 | ---- | C] () -- C:\WINDOWS\PPViewer.INI
[2007/01/31 10:17:08 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/14 12:14:45 | 00,000,393 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/10/14 12:14:45 | 00,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/10/14 12:13:50 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/10/14 12:13:41 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/10/14 12:13:41 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/10/14 12:00:39 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/10/05 17:36:22 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\WINKRNME.DLL
[2006/10/03 17:06:32 | 00,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/25 10:52:49 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/09/25 10:50:19 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/09/25 10:49:40 | 00,046,593 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2006/09/25 10:49:40 | 00,000,193 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/09/25 10:43:55 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2006/09/25 10:33:48 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2006/09/25 10:33:48 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/25 10:08:26 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/09/25 10:08:24 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2006/09/25 10:08:24 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/06/30 05:27:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/31 22:17:16 | 00,001,234 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/31 22:17:16 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2002/03/04 09:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2008/01/24 18:51:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2008/12/30 17:27:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\alot
[2008/04/23 09:55:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Hotbar_Icons
[2006/09/25 10:51:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/11/29 12:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2009/01/09 17:22:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2007/11/29 17:59:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC-FAX TX
[2006/09/25 10:46:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2006/12/08 17:32:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2007/09/21 09:11:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\System Doctor
[2009/06/16 19:00:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Temp
[2007/01/30 11:23:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
[2007/10/03 10:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2007/02/05 17:38:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodata Limited
[2009/11/29 11:09:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/04/20 12:03:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/02/18 13:24:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2008/04/23 16:04:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotbarSA
[2008/10/17 09:45:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/10/17 09:44:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/02/18 13:28:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2006/09/25 10:46:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/09/30 18:23:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2007/10/05 16:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RFA_Backups
[2006/10/14 12:00:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/10/24 14:41:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Snap-On Business Solutions
[2007/09/21 10:14:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System Doctor
[2009/11/10 17:21:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/25 10:47:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/16 13:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2009/11/23 08:26:56 | 00,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2006/09/29 16:46:44 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2006/09/29 16:46:45 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
[2008/04/23 09:41:44 | 00,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2008/04/23 09:41:43 | 00,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/12/12 12:57:35 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/12/12 12:54:35 | 00,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\RegPowerClean.job
[2009/09/29 08:00:00 | 00,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\rpc.job
[2009/12/15 23:23:40 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8FA734E3-59B1-4A6E-BE0C-8150B2274C11}.job
[2009/12/12 12:54:36 | 00,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\WSSHelper.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 08:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 21:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/02/21 18:44:30 | 00,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\WINDOWS\I386\DRV\SCS\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 21:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 21:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27AAAD97
< End of report >


OTL Extras logfile created on: 12/15/2009 11:28:54 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.62% Memory free
3.84 Gb Paging File | 3.28 Gb Available in Paging File | 85.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.85 Gb Total Space | 197.93 Gb Free Space | 86.49% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 230.88 Gb Free Space | 99.14% Space Free | Partition Type: NTFS
Drive E: | 4.01 Gb Total Space | 1.53 Gb Free Space | 38.09% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JMICHAELONDISH
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"9323:TCP" = 9323:TCP:*:Enabled:EKDiscovery
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1190389672\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1190389672\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1190389672\ee\AOLDesktop.exe" = C:\Program Files\Common Files\AOL\1190389672\ee\AOLDesktop.exe:*:Enabled:AOL Desktop -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak AiO Scheduled Maintenance -- (Eastman Kodak Company)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{074AED0D-DD1C-432A-B38D-F8733604033F}" = aioscnnr
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{2BD74F5D-4089-4064-B6AF-8E8A93022650}" = Office 2003 Setup Files
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CB4A7B0-007D-4722-AF1D-891B53E04606}" = Napster Download Manager
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4304BE34-6DDA-46CC-ADAB-77990DC77ED5}" = Magellan RoadMate Tools
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{59B73DDC-593A-4D02-B9CA-1D8C9F912324}" = aioprnt
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{82EF8297-C8B2-4CA8-9430-FF2BC8C40414}" = GWCares
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AAE10BE5-F398-41C1-9AAF-A59EBF17DFDE}" = Norton Spyware Scan
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3FAEA0F-82B6-45E2-9A3D-4E49BE6C9451}" = MSN Toolbar Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01653EF-9F9F-41D6-B879-654A6BF5892C}" = Digital Locker Assistant
"{D032F86A-0539-4737-816A-1AB40F1BF14D}" = C4USelfUpdater
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Printer Software
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}" = Netscape Internet Service
"{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}" = Netscape Web Accelerator
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"alotToolbar" = ALOT Toolbar
"AOL Email Toolbar" = AOL Email Toolbar
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"gtw_logo" = gtw_logo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Panda ActiveScan" = Panda ActiveScan
"RegPowerClean_is1" = Winferno Registry Power Cleaner
"ScanSoft PaperPort Viewer 7.0" = ScanSoft PaperPort Viewer 7.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ST6UNST #1" = Detroit Iron Information Systems 2.0
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Totally Free Burner_is1" = Totally Free Burner
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/21/2007 10:48:09 AM | Computer Name = YOUR-BC9716C609 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 9/21/2007 10:48:24 AM | Computer Name = YOUR-BC9716C609 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 9/21/2007 10:49:23 AM | Computer Name = YOUR-BC9716C609 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 9/21/2007 10:50:26 AM | Computer Name = YOUR-BC9716C609 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 9/21/2007 10:50:33 AM | Computer Name = YOUR-BC9716C609 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 9/21/2007 10:50:35 AM | Computer Name = YOUR-BC9716C609 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 11/29/2009 2:50:49 PM | Computer Name = JMICHAELONDISH | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

Error - 11/29/2009 3:22:27 PM | Computer Name = JMICHAELONDISH | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

[ Application Events ]
Error - 12/4/2009 7:15:42 PM | Computer Name = JMICHAELONDISH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/4/2009 7:15:49 PM | Computer Name = JMICHAELONDISH | Source = Winferno Subscription Service | ID = 262144
Description =

Error - 12/4/2009 7:16:16 PM | Computer Name = JMICHAELONDISH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 12/4/2009 7:34:08 PM | Computer Name = JMICHAELONDISH | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application ekdiscovery.exe, version 3.2.1.29, stamp 48ef91f1,
faulting module ekdiscovery.exe, version 3.2.1.29, stamp 48ef91f1, debug? 0, fault
address 0x00008c54.

Error - 12/5/2009 10:38:26 AM | Computer Name = JMICHAELONDISH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80004002, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 12/5/2009 12:24:46 PM | Computer Name = JMICHAELONDISH | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application ekdiscovery.exe, version 3.2.1.29, stamp 48ef91f1,
faulting module ekdiscovery.exe, version 3.2.1.29, stamp 48ef91f1, debug? 0, fault
address 0x00008c54.

Error - 12/11/2009 10:13:01 AM | Computer Name = JMICHAELONDISH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80004002, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 12/12/2009 1:54:40 PM | Computer Name = JMICHAELONDISH | Source = Winferno Subscription Service | ID = 262144
Description =

Error - 12/12/2009 1:54:44 PM | Computer Name = JMICHAELONDISH | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: JMICHAELONDISH\Administrator Checkpoint ID: 1 Error Code: 0x80070005

Error
description: Access is denied.

Error - 12/12/2009 1:54:44 PM | Computer Name = JMICHAELONDISH | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: JMICHAELONDISH\Administrator Checkpoint ID: 1 Error Code: 0x8000ffff

Error
description: Catastrophic failure

[ System Events ]
Error - 12/11/2009 9:52:53 AM | Computer Name = JMICHAELONDISH | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 12/12/2009 3:00:51 AM | Computer Name = JMICHAELONDISH | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 12/12/2009 1:31:34 PM | Computer Name = JMICHAELONDISH | Source = Service Control Manager | ID = 7034
Description = The AOL Connectivity Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/12/2009 1:38:36 PM | Computer Name = JMICHAELONDISH | Source = Service Control Manager | ID = 7034
Description = The Autodata Limited License Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/12/2009 1:54:33 PM | Computer Name = JMICHAELONDISH | Source = Service Control Manager | ID = 7000
Description = The AVGIDSWatcher service failed to start due to the following error:
%%2

Error - 12/12/2009 1:54:33 PM | Computer Name = JMICHAELONDISH | Source = Service Control Manager | ID = 7000
Description = The DataSvr service failed to start due to the following error: %%3

Error - 12/12/2009 1:54:33 PM | Computer Name = JMICHAELONDISH | Source = Service Control Manager | ID = 7000
Description = The SecuritySoldier Security Service service failed to start due to
the following error: %%2

Error - 12/12/2009 1:55:09 PM | Computer Name = JMICHAELONDISH | Source = System Error | ID = 1003
Description = Error code 1000007e, parameter1 c0000005, parameter2 80590dbd, parameter3
ba527944, parameter4 ba527640.

Error - 12/13/2009 2:25:01 PM | Computer Name = JMICHAELONDISH | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.207 on
the Network Card with network address 0012177C7E9C.

Error - 12/14/2009 2:25:25 PM | Computer Name = JMICHAELONDISH | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.207 on
the Network Card with network address 0012177C7E9C.


< End of report >

Attached Files


Edited by Kacela, 16 December 2009 - 01:41 AM.


#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:02 AM

Posted 16 December 2009 - 09:21 PM

Hello Kacela.

We're going to try running a new version of ComboFix. Hopefully we'll have better luck here.

Please delete the copy of ComboFix currently on your desktop by right-clicking the icon and select Delete.

Download a new copy from here.

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Double click on KittyFix.exe & follow the prompts.
    • IMPORTANT NOTE! Please note that this version of ComboFix is in beta stage. You will likely receive a warning to this effect. If a warning regarding the beta status is encountered, you should proceed. If any other warnings are encountered, they should be heeded
    .
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

IMPORTANT!! ComboFix will likely reboot the machine as part of it's execution. It is important that when it reboots it loads into Windows normally, NOT Last Known Good Configuration. If the machine is unable to boot normally, go ahead and boot using Last Known Good Configuration, but please let me know in your next reply.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#10 Kacela

Kacela
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 16 December 2009 - 10:53 PM

Much better. Got BSOD when I first ran it, but I think that may have been caused by McAfee's security center having an unfinished update in progress when I killed it's services. After rebooting into Last Known Good Configuration, I ran KittyFix again and it completed. KittyFix rebooted the machine normally, NOT Last Known Good Configuration, and generated the attached ComboFix log.

Reason for edit: Clarification of system state upon rebooting.

Attached Files


Edited by Kacela, 17 December 2009 - 10:44 AM.


#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:02 AM

Posted 18 December 2009 - 11:04 PM

Hello Kacela,

Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
  • Winferno
  • Anything containing PC Confidential
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

***************************************************

1. Open notepad and copy/paste the text in the codebox below into it:

RegLock::
[HKEY_USERS\S-1-5-21-1199361050-2175674903-3688569507-500\Software\Microsoft\Internet Explorer\User Preferences]

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-

Save this as CFScript.txt, in the same location as KittyFix.exe

2. Close any open browsers.

3. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

***************************************************

Please go to the Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply .
~Blade


In your next reply, please include the following:
ComboFix Log
Kaspersky Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#12 Kacela

Kacela
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 19 December 2009 - 12:14 AM

Removed through Add / Remove programs, 'Winferno' - Though I think it left some remnants.

I was unable to find anything with the name 'PC Confidential.

Created the txt file 'CFScript.txt' with the text copied and pasted as directed, and dragged the file CFScript onto the cat face.

KittyFix then ran and created the attached ComboFix.txt file.

I was unable to go to the Kaspersky website at all because as soon as I specified the URL, a Windows dialog box popped up entitiled 'Data Execution Prevention - Microsoft Windows'... It said 'To help protect your computer, Windows has closed this program. Name: Internet Explorer Publisher: Microsoft Corporation'

I then went into the performance settings in Windows to turn DEP off for Internet Explorer and rebooted.

I then tried to go to the Kaspersky website specified again, and this time I got an error about WSSHelper not having permission to run. WSSHelper's publisher was specified as Winferno - this is why I think Add / Remove wasn't very thorough.

I went back to the DEP settings and changed them back and rebooted. I tried going to the Kaspersky website you specified and then got the original DEP error.

So only the ComboFix log is attached.

Attached Files


Edited by Kacela, 19 December 2009 - 12:33 AM.


#13 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:02 AM

Posted 20 December 2009 - 12:55 PM

Hello Kacela.

In the future, please paste the contents of the requested logs into the body of your replies. Only attach them if the board software tells you that your post is too long. This makes it much easier for me to read the results. :(

Please open a Notepad file: (From the Start Menu, click Run and type notepad in the window that appears.)
  • Copy the contents of the below code box into the notepad window.
  • Save the file as fixit.bat on your desktop: (Important! make sure you change the "Save As Type" to "All Files")
    @Echo off
    sc stop "Winferno Subscription Service"
    sc delete "Winferno Subscription Service"
    rd /s /q "c:\program files\Common Files\Winferno"
  • Close the notepad window and click on the fixit.bat file on your Desktop (a window will open and close quickly. This is normal)
***************************************************

Please try the Kaspersky Online scan again. The instructions are repeated here for your convenience.

Please go to the Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply .
~Blade


In your next reply, please include the following:
Kaspersky Online Scan log
A new DDS.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#14 Kacela

Kacela
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 20 December 2009 - 05:02 PM

What a pain in the butt that was...

Successfuly stopped and deleted the Winferno process.
Successfuly removed the Winferno directory.

(BSOD'd the first time just as the batch file went to close the CMD window. Rebooted and manually typed the commands in... I used upper-case switches. I don't know if the RMDIR switches are case-sensitive, but it worked.)

Tried to go to the Kaspersky site. IE Data Execution Prevention error.
Added IE to the 'allowed' list in the Windows DEP tab. Rebooted.
Tried to go to the Kaspersky site. IE Data Execution Prevention error.
Returned to default DEP settings. Rebooted.
Tried to go to the Kaspersky site. IE Data Execution Prevention error.
Downloaded and installed Firefox.
Tried to go to the Kaspersky site from Firefox. Firefox crashed.
Tried to go to the Kaspersky site from Firefox. Firefox crashed.
Tried to find the service in Windows XP responsible for DEP. No luck, as it's integrated into XP since SP2.
Found out that DEP can also be controlled by certain processors.
Rebooted into BIOS. Under 'Security', I found 'XD Technology <Enabled>'
Looked up what XD was, found out it's what Intel calls their data execution bit. Changed 'XD Technology' to <Disabled>.
Saved changes and rebooted.

Tried to go to Kaspersky site. Finally!
Had to download and install Java.
Downloaded all the Kaspersky updates and specified what to scan for.
Started scan, but then remembered that since KittyFix #2, the last AV (avast!) I tried to install prior to me posting this topic had suddenly come to life and seemed to be operating.
Stopped Kaspersky scan. Killed avast! so it wouldn't interfere with Kaspersky. Restarted Kaspersky scan.

Pet my cat. Saved Kaspersky scan log. Restarted avast!

Rebooted to BIOS. Re-enabled 'XD Technology' under Security.

Rebooted. BSOD on startup, had to choose Last Known Good.

Rebooted to see if it BSOD'd again. Seemed to boot to Windows XP cleanly.

Generated DDS reports.

As requested:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, December 20, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, December 20, 2009 19:53:31
Records in database: 3393267
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Objects scanned: 72323
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:21:24

No threats found. Scanned area is clean.

Selected area has been scanned.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 16:52:04.23 on Sun 12/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1343 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 091220-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1190389672\ee\AOLSoftware.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0316.3\mswinext.exe
svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\program files\common files\aol\1190389672\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1190389672\ee\AOLDesktop.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\AOL\1190389672\ee\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.aol.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AOLMAILTBSearch Class: {98572e47-b5fe-43de-9aea-492a1d3064cd} - c:\program files\aol email toolbar\aolmailtb.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: PBlockHelper Class: {4115122b-85ff-4dd3-9515-f075bede5eb5} - c:\progra~1\netsca~1\netsca~1\pbhelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0316.3\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: AOL Email Toolbar Loader: {fbea8524-8c72-4208-9d12-7fb73e9926eb} - c:\program files\aol email toolbar\aolmailtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0316.3\npwinext.dll
TB: AOL Email Toolbar: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - c:\program files\aol email toolbar\aolmailtb.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Gateway Extended Warranty] "c:\program files\gateway\gwcares\GWCares.exe"
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HostManager] c:\program files\common files\aol\1190389672\ee\AOLSoftware.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Conime] %windir%\system32\conime.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0316.3\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\aoldes~1.lnk - c:\program files\common files\aol\launch\aollaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &AOL Email Toolbar Search - c:\documents and settings\all users\application data\aol email toolbar\ietoolbar\resources\en-us\local\search.html
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191425643250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\bvpkhsvt.default\
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 1394VDBG;1394 Host Debugger I/O Driver;c:\windows\system32\drivers\1394vdbg.sys [2006-9-25 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-29 114768]
R1 RemoveAny;RemoveAny driver;c:\windows\system32\drivers\RemoveAny.sys [2008-10-3 11264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-29 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-29 138680]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-1-19 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-1-19 38296]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-29 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-29 352920]
R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [2006-9-25 40448]
S2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identity protection\agent\bin\avgidswatcher.exe --> c:\program files\avg\avg8\identity protection\agent\bin\AVGIDSWatcher.exe [?]

=============== Created Last 30 ================

2009-12-20 19:18:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-20 18:07:46 0 d-----w- c:\docume~1\admini~1\applic~1\Skinux
2009-12-19 04:36:01 0 d-----w- C:\KittyFix14017K
2009-12-19 04:25:13 0 d-----w- C:\KittyFix23680K
2009-12-17 03:31:23 0 d-----w- C:\KittyFix5924K
2009-12-17 03:03:23 0 d-----w- C:\KittyFix
2009-12-12 17:37:35 0 d-sha-r- C:\cmdcons
2009-12-12 17:34:04 98816 ----a-w- c:\windows\sed.exe
2009-12-12 17:34:04 77312 ----a-w- c:\windows\MBR.exe
2009-12-12 17:34:04 261632 ----a-w- c:\windows\PEV.exe
2009-12-12 17:34:04 161792 ----a-w- c:\windows\SWREG.exe
2009-11-29 20:29:26 208744 ----a-w- c:\windows\system32\muweb.dll
2009-11-29 20:29:25 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-11-29 20:28:18 213528 ----a-w- c:\windows\system32\wuaucpl.cpl
2009-11-29 20:28:11 575704 -c--a-w- c:\windows\system32\dllcache\wuapi.dll
2009-11-29 17:08:14 0 d-----w- c:\docume~1\admini~1\applic~1\MSNInstaller
2009-11-29 14:40:59 0 d-----w- C:\$AVG
2009-11-29 14:40:50 12464 ------w- c:\windows\system32\avgrsstx.dll.install_backup_1
2009-11-29 04:13:03 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-29 02:32:15 245376 ----a-w- c:\windows\system32\drivers\rt2500usb.sys
2009-11-29 02:11:43 0 d-----w- C:\ATI
2009-11-28 22:38:05 2144415744 ----a-w- c:\windows\MEMORY.DMP
2009-11-28 21:48:28 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-11-28 21:48:28 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

==================== Find3M ====================

2009-12-20 21:52:07 2191185 ----a-w- c:\windows\system32\drivers\RemoveAny.log
2009-12-20 19:18:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\SET901.tmp
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\SET92E.tmp
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\SET92C.tmp
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\SET8B9.tmp
2009-09-30 02:20:58 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-09-30 02:19:56 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2009-09-30 02:10:52 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-09-30 02:10:36 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-09-30 02:10:24 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-09-30 02:10:16 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-09-30 02:10:02 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-09-30 02:08:50 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-09-30 02:08:48 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2009-09-30 02:07:30 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-09-30 02:07:08 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2009-09-30 02:00:06 3818272 ----a-w- c:\windows\system32\ati3duag.dll
2009-09-30 01:47:22 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2009-09-30 01:46:56 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-09-30 01:46:56 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2009-09-30 01:34:06 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-09-30 01:30:32 475136 ----a-w- c:\windows\system32\atikvmag.dll
2009-09-30 01:28:54 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2009-09-30 01:28:36 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-09-30 01:27:54 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-09-30 01:27:42 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-09-30 01:26:52 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2009-09-30 01:26:04 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2009-09-30 01:22:42 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2007-10-04 17:19:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007100420071005\index.dat
2008-08-21 14:32:31 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082120080822\index.dat

============= FINISH: 16:52:14.12 ===============



#15 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:02 AM

Posted 22 December 2009 - 01:44 PM

Hello Kacela.

Things are looking much better here. However, there are still some things that need to be taken care of.

I do not recommend that you have more than one antivirus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast! or McAfee Security Center. Let me know which antivirus you have decided to keep.

***************************************************

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

***************************************************

Please tell me how your computer is running now. Check for the following things:
  • Search engine redirection
  • Pop ups
  • Can you boot into Safe Mode?
  • Unusual errors
  • BSODs
  • Do you still get DEP errors? (Try going to the Kaspersky site)
  • Anything else noteworthy
~Blade


In your next reply, please include the following:
Which antivirus you have decided to keep
A new DDS.txt and Attach.txt log
How is your computer running now?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users