Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New here-HJT LOG


  • This topic is locked This topic is locked
33 replies to this topic

#1 Phammcast

Phammcast

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 26 February 2010 - 08:45 PM

Thank you staff for taking the time to do this. It's greatly appreciated. Here is the attachment as well.Attached File  hijackthis.log   4.78KB   10 downloads




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:32 PM, on 2/26/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153161539781
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

--
End of file - 4893 bytes


I also wanted to note that my McAfee Security Suite is no longer operational (Scanning, Updating, etc.) Thanks in advance.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:12 AM

Posted 02 March 2010 - 09:55 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Phammcast

Phammcast
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 05 March 2010 - 02:15 AM

Thanks for the quick response!!! I also wanted to mention that there are a lot of programs such as my HP printer software that I can't install because I keep getting an installer Error code 2908. Here are the logs you requested:




OTL LOGFILE


OTL logfile created on: 3/4/2010 11:15:42 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 5.00 Mb Available Physical Memory | 2.00% Memory free
960.00 Mb Paging File | 412.00 Mb Available in Paging File | 43.00% Paging File free
Paging file location(s): C:\pagefile.sys 400 750 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 15.39 Gb Free Space | 20.65% Space Free | Partition Type: NTFS
Drive D: | 677.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRAGON
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/04 23:13:54 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/12/29 01:05:53 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/09/29 18:07:55 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/09 10:52:54 | 000,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/12/05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/04 23:13:54 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2007/04/19 12:33:12 | 000,063,032 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (ITMRTSVC)
SRV - File not found [Disabled | Stopped] -- -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- -- (Apple Mobile Device)
SRV - File not found [Disabled | Stopped] -- -- (aawservice)
SRV - [2010/02/22 06:07:36 | 000,000,000 | -HSD | M] [Disabled | Stopped] -- C:\WINNT\Installer -- (Installer)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/09/29 18:07:55 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/11/07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Paused] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2003/08/27 09:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Disabled | Stopped] -- C:\WINNT\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2008/06/19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINNT\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/02/18 04:45:08 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINNT\system32\STEC3.sys -- (STEC3)
DRV - [2008/01/30 20:47:40 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/12/02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/08/01 16:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/07/13 06:20:24 | 000,113,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/03/11 16:37:20 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/03/11 16:37:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/02/27 12:39:26 | 000,032,256 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2006/10/18 03:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/18 03:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/10/10 13:53:48 | 000,005,632 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/02/16 17:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/02/19 05:00:40 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 12:51:18 | 000,005,068 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\Samhid.sys -- (samhid)
DRV - [2003/07/16 20:52:40 | 000,050,805 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2003/07/16 20:52:28 | 001,075,685 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2003/07/16 20:51:56 | 000,481,305 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2003/07/16 20:51:28 | 000,031,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/05/14 13:42:56 | 000,021,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2003/05/14 13:42:50 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2003/05/14 13:42:48 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003/05/14 13:42:44 | 000,044,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2003/04/25 01:48:02 | 000,730,092 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/03/21 02:00:00 | 000,201,088 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [1999/09/10 06:06:00 | 000,025,244 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\ASPI32.bak -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\..\URLSearchHook: {B7566291-84C1-FB43-B4EC-F8066BEE3896} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = res://C:\WINNT\hskuk.dll/sp.html#32777
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = res://C:\WINNT\hskuk.dll/sp.html#32777
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3324526158-1873222407-1723519602-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-3324526158-1873222407-1723519602-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-3324526158-1873222407-1723519602-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3324526158-1873222407-1723519602-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = res://C:\WINNT\qwiun.dll/sp.html#32777
IE - HKU\S-1-5-21-3324526158-1873222407-1723519602-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3324526158-1873222407-1723519602-1003\S-1-5-21-3324526158-1873222407-1723519602-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:1.9.98
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/17 22:23:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/28 01:33:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/29 01:06:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/13 16:26:57 | 000,000,000 | ---D | M]

[2010/01/13 16:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/01/13 16:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/04 03:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xbldsko3.default\extensions
[2009/11/05 20:21:13 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xbldsko3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/02/12 13:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xbldsko3.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/01/16 18:50:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xbldsko3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/01 06:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xbldsko3.default\extensions\artur.dubovoy@gmail.com
[2008/02/02 03:53:38 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xbldsko3.default\searchplugins\siteadvisor.xml
[2010/03/04 03:52:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/03 13:48:52 | 000,380,005 | R--- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 13118 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3324526158-1873222407-1723519602-1003\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-3324526158-1873222407-1723519602-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKU\S-1-5-21-3324526158-1873222407-1723519602-1003\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-3324526158-1873222407-1723519602-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-3324526158-1873222407-1723519602-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3324526158-1873222407-1723519602-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-3324526158-1873222407-1723519602-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1153161539781 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\My Documents\My Pictures\Infamous Cole Floating.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\My Documents\My Pictures\Infamous Cole Floating.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/08/13 16:05:24 | 001,572,864 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001/07/25 17:36:12 | 000,000,135 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7c454582-d737-11de-a648-00038a000015}\Shell\AutoRun\command - "" = E:\RECYCLER\usbassist.exe -- File not found
O33 - MountPoints2\{7c454582-d737-11de-a648-00038a000015}\Shell\opEN\CoMmanD - "" = E:\RECYCLER\usbassist.exe -- File not found
O33 - MountPoints2\{e4a32819-8343-11d8-a175-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e4a32819-8343-11d8-a175-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e4a32819-8343-11d8-a175-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2001/08/13 16:05:24 | 001,572,864 | R--- | M] ()
O33 - MountPoints2\{e4a32819-8343-11d8-a175-806d6172696f}\Shell\readit\command - "" = notepad readme.doc
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINNT\system32\ias [2003/10/06 15:13:16 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINNT\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "ITMRTSVC"
MsConfig - Services: "iPod Service"
MsConfig - Services: "WANMiniportService"
MsConfig - Services: "NetSvc"
MsConfig - Services: "McAfee HackerWatch Service"
MsConfig - Services: "IDriverT"
MsConfig - Services: "AOL ACS"
MsConfig - Services: "aawservice"
MsConfig - Services: "YahooAUService"
MsConfig - Services: "MpfService"
MsConfig - Services: "McSysmon"
MsConfig - Services: "McShield"
MsConfig - Services: "McProxy"
MsConfig - Services: "McODS"
MsConfig - Services: "McNASvc"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: 0UiXrpwPa - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: 7snX3qS - hkey= - key= - File not found
MsConfig - StartUpReg: 88c7d7310acf - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: a35699b0d19c - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: appbu32.exe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: appxo32.exe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Atari Launcher - hkey= - key= - C:\Program Files\Hasbro Interactive\Atari Arcade Hits 1\Atari icon.exe (Hasbro Interactive)
MsConfig - StartUpReg: AutoLoader7F4d1WPjJdaW - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: AutoLoader7F4r1WPjJdaW - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: bqhpkwmmak - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: c - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: crmb32.exe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: d3yy.exe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Gateway Extended Warranty - hkey= - key= - C:\Program Files\Gateway\GWCares\GWCares.exe (BillP Studios)
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Program Files\Common Files\AOL\1129251689\ee\aolsoftware.exe (AOL LLC)
MsConfig - StartUpReg: huH4Y - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: iede.exe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: InstaFinderK - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Ltho - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: m - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MB47RkepS - hkey= - key= - File not found
MsConfig - StartUpReg: mfcbb32.exe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Microsoft Works Update Detection - hkey= - key= - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
MsConfig - StartUpReg: Motive SmartBridge - hkey= - key= - C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: ntZTV0wkD - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Pure Networks Port Magic - hkey= - key= - C:\Program Files\Pure Networks\Port Magic\PortAOL.exe (Pure Networks, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: sdkof.exe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SemanticInsight - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe File not found
MsConfig - StartUpReg: T2uO - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: T6HbMVYI - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: tapisys - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: VBouncerDL - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Verizon_McciTrayApp - hkey= - key= - C:\Program Files\Verizon\McciTrayApp.exe File not found
MsConfig - StartUpReg: vmN - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: wCgJY - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: winbq.exe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - File not found
SafeBootMin: AVG Anti-Spyware Driver - Driver
SafeBootMin: AVG Anti-Spyware Guard - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: mfehidk - C:\WINNT\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootMin: mfehidk.sys - C:\WINNT\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootMin: mferkdk - C:\WINNT\system32\drivers\mferkdk.sys (McAfee, Inc.)
SafeBootMin: mferkdk.sys - C:\WINNT\system32\drivers\mferkdk.sys (McAfee, Inc.)
SafeBootMin: mfetdik - Reg Error: Value error.
SafeBootMin: mfetdik.sys - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - File not found
SafeBootNet: AVG Anti-Spyware Driver - Driver
SafeBootNet: AVG Anti-Spyware Guard - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINNT\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINNT\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mferkdk - C:\WINNT\system32\drivers\mferkdk.sys (McAfee, Inc.)
SafeBootNet: mferkdk.sys - C:\WINNT\system32\drivers\mferkdk.sys (McAfee, Inc.)
SafeBootNet: mfetdik - Reg Error: Value error.
SafeBootNet: mfetdik.sys - Reg Error: Value error.
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINNT\System32\Rundll32.exe C:\WINNT\System32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: cdb8884f-947e-4645-81d0-98c2dc046b8b - C:\WINNT\System32\qpqpwm.exe

Drivers32: msacm.iac2 - C:\WINNT\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/04 23:13:50 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/23 23:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/02/18 21:32:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2009/12/03 14:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/02/05 08:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/05 08:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/02/05 08:39:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/02/05 08:39:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/12/23 19:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/02/25 17:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/02/02 05:38:31 | 002,585,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsInstaller-KB893803-v2-x86.exe
[2008/01/30 05:23:48 | 000,359,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msicuu2.exe
[2006/12/14 05:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2005/12/24 23:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2004/03/01 11:10:19 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[15 C:\WINNT\System32\dllcache\*.tmp files -> C:\WINNT\System32\dllcache\*.tmp -> ]
[1 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/04 23:13:54 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/03/04 23:08:51 | 000,136,704 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 13:48:52 | 000,380,005 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2010/03/03 05:17:02 | 000,007,766 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Hair Loss Care.doc
[2010/03/01 17:07:42 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2010/03/01 01:00:01 | 000,000,332 | ---- | M] () -- C:\WINNT\tasks\McQcTask.job
[2010/02/28 22:12:45 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/02/28 22:12:40 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/02/28 16:21:12 | 012,320,768 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/02/28 16:21:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/28 16:04:20 | 000,345,649 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fatal_Fury__Battle_Archives_Vol._2-[Front].jpg
[2010/02/28 04:32:56 | 000,028,848 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/28 04:15:21 | 000,429,050 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Zone_Of_The_Enders_The_2nd_Runner_Dvd_ntsc-[cdcovers_cc]-front.jpg
[2010/02/27 04:25:12 | 000,015,040 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Songs To Get.doc
[2010/02/26 20:17:48 | 000,000,207 | -HS- | M] () -- C:\boot.ini
[2010/02/26 20:17:47 | 000,000,622 | ---- | M] () -- C:\WINNT\win.ini
[2010/02/26 20:17:46 | 000,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2010/02/26 08:01:56 | 000,088,071 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\PS & PS2 Faqs.rtf
[2010/02/26 06:11:07 | 000,380,005 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20100303-134850.backup
[2010/02/25 02:52:29 | 000,000,754 | ---- | M] () -- C:\WINNT\WORDPAD.INI
[2010/02/24 19:29:22 | 000,003,153 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Immediate Attention Notes.doc
[2010/02/18 22:06:04 | 000,026,021 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Reminder Notes.doc
[2010/02/16 15:20:51 | 000,004,184 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Resume.rtf
[2010/02/16 04:34:19 | 000,378,199 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20100226-061107.backup
[2010/02/15 01:00:00 | 000,000,336 | ---- | M] () -- C:\WINNT\tasks\McDefragTask.job
[2010/02/14 14:45:50 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Wife in Glasses.bmp
[2010/02/09 15:27:06 | 000,378,239 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20100216-043419.backup
[2010/02/09 03:33:03 | 000,002,184 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Body Detox and Cancer Prevention and Reduction notes.rtf
[2010/02/07 22:18:22 | 003,329,564 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[15 C:\WINNT\System32\dllcache\*.tmp files -> C:\WINNT\System32\dllcache\*.tmp -> ]
[1 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/03 05:15:06 | 000,007,766 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Hair Loss Care.doc
[2010/02/28 16:04:19 | 000,345,649 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Fatal_Fury__Battle_Archives_Vol._2-[Front].jpg
[2010/02/28 04:14:35 | 000,429,050 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Zone_Of_The_Enders_The_2nd_Runner_Dvd_ntsc-[cdcovers_cc]-front.jpg
[2010/02/16 14:48:15 | 000,000,532 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Resume.lnk
[2010/02/14 14:45:49 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\My Wife in Glasses.bmp
[2010/02/08 17:05:07 | 000,002,184 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Body Detox and Cancer Prevention and Reduction notes.rtf
[2010/02/06 13:35:33 | 000,001,927 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nuclear Attack Prep.rtf
[2009/11/28 01:04:29 | 000,002,469 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/01/29 02:30:48 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/07 19:45:12 | 000,136,704 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/23 00:22:38 | 000,000,029 | ---- | C] () -- C:\WINNT\atid.ini
[2005/06/04 01:00:13 | 000,000,036 | ---- | C] () -- C:\WINNT\GSP_ApRg.INI
[2005/02/26 11:03:28 | 000,000,049 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2005/02/08 15:45:55 | 000,000,000 | ---- | C] () -- C:\WINNT\systj.dll
[2005/01/20 21:51:29 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2005/01/19 20:59:19 | 000,000,024 | ---- | C] () -- C:\WINNT\msoffice.ini
[2005/01/01 20:34:17 | 000,000,159 | ---- | C] () -- C:\WINNT\System32\sam.ini
[2005/01/01 20:33:13 | 000,005,068 | ---- | C] () -- C:\WINNT\System32\drivers\Samhid.sys
[2004/12/08 15:13:23 | 000,000,754 | ---- | C] () -- C:\WINNT\WORDPAD.INI
[2004/11/18 10:48:26 | 000,003,049 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2004/11/06 07:46:27 | 000,000,002 | ---- | C] () -- C:\WINNT\System32\nthst32.dll
[2004/11/05 03:35:16 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2004/04/27 01:17:37 | 000,000,258 | ---- | C] () -- C:\WINNT\iPlayer.INI
[2004/03/01 10:08:25 | 000,000,571 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/10/06 15:40:33 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2003/09/06 11:53:52 | 000,000,017 | ---- | C] () -- C:\WINNT\uc.ini
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\e100bmsg.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\ServicePackFiles\i386\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\system32\drivers\agp440.sys
[2001/08/17 14:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINNT\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:atapi.sys
[2003/03/31 07:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINNT\$NtUninstallQ331958$\atapi.sys
[2002/08/29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINNT\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2002/08/29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINNT\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\drivers\atapi.sys
[2003/04/23 10:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINNT\$NtServicePackUninstall$\atapi.sys
[2003/04/23 10:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINNT\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\system32\eventlog.dll
[2003/03/31 07:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINNT\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2003/03/21 02:00:00 | 000,201,088 | ---- | M] (Intel Corporation) MD5=18E3972D9632485D80D609D4674F9D83 -- C:\OEMDRVRS\iaStor.sys
[2003/03/21 02:00:00 | 000,201,088 | ---- | M] (Intel Corporation) MD5=18E3972D9632485D80D609D4674F9D83 -- C:\WINNT\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2003/03/31 07:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINNT\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINNT\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINNT\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\system32\scecli.dll
[2003/03/31 07:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINNT\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\OpenMugenWin.zip:SummaryInformation
< End of report >








OTL EXTRAS FILE








OTL Extras logfile created on: 3/4/2010 11:15:42 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 5.00 Mb Available Physical Memory | 2.00% Memory free
960.00 Mb Paging File | 412.00 Mb Available in Paging File | 43.00% Paging File free
Paging file location(s): C:\pagefile.sys 400 750 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 15.39 Gb Free Space | 20.65% Space Free | Partition Type: NTFS
Drive D: | 677.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRAGON
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\MSC\mcshell.exe" = C:\Program Files\McAfee\MSC\mcshell.exe:*:Enabled:McAfee SecurityCenter -- (McAfee, Inc.)
"C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" = C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe:*:Enabled:WinPatrol -- (BillP Studios)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- File not found
"C:\Program Files\Listen Rhapsody\rhapsody.exe" = C:\Program Files\Listen Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (RealNetworks, Inc.)
"C:\Program Files\America Online 9.0d\waol.exe" = C:\Program Files\America Online 9.0d\waol.exe:*:Enabled:AMERIC~1.0D -- (America Online, Inc.)
"C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" = C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe:*:Enabled:RegistryBooster 2 -- (Uniblue Software)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1129251689\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1129251689\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1129251689\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1129251689\ee\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire 4.12.10 -- (Lime Wire, LLC)
"C:\WINNT\system32\dpnsvr.exe" = C:\WINNT\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINNT\system32\dxdiag.exe" = C:\WINNT\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-3976-4267-9F39-1DC4745090B7}" = Microsoft Learning and Research Plus Support Files
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{69423BE6-CF9F-4F9B-95D6-9ABCA7AD1210}" = Universal Combat
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{82EF8297-C8B2-4CA8-9430-FF2BC8C40414}" = GWCares
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8E0D233D-8B06-47A1-BA22-3A767CCD69E3}" = WinPatrol
"{8ED7CFEE-7222-403A-8B5F-FD0E9312C54C}" = Security Advisor
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = DVD
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{ABEB838C-A1A7-4C5D-B7E1-8B4314B00527}" = MSN Messenger 5.0
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E5B26C1E-4751-4F03-BC18-634F41F31EC6}" = DoMore
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FEE97F95-1037-4064-B96A-F771BA1DB21C}" = Republic: The Revolution
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"a-squared Free_is1" = a-squared Free 4.5
"Atari Arcade Hits 1" = Atari Arcade Hits 1
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner (remove only)
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"ImTOO Audio Maker" = ImTOO Audio Maker
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"Intel® 537EP Data Fax Modem" = Intel® 537EP Data Fax Modem
"InterActual Player" = InterActual Player
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Malwarebytes' RogueRemover FREE_is1" = Malwarebytes' RogueRemover 1.22
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSC" = McAfee SecurityCenter
"MSNMS" = MSN Internet Software
"MySpaceIM" = MySpaceIM
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NYKO AirFlo Controller v0.1" = NYKO AirFlo Controller v0.1
"Orb" = Winamp Remote
"Port Magic" = Pure Networks Port Magic
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Red Alert 2" = Command & Conquer Red Alert 2
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"SpeedUpMyPC_is1" = Uniblue SpeedUpMyPC 3
"StreetPlugin" = Learn2 Player (Uninstall Only)
"System Tweaker_is1" = Uniblue System Tweaker
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"VZBB" = Verizon Broadband Toolbar
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinPatrol" = WinPatrol 2008
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"WOLAPI" = Westwood Shared Internet Components
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3324526158-1873222407-1723519602-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/28/2010 2:14:17 AM | Computer Name = DRAGON | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

Error - 2/28/2010 2:17:00 AM | Computer Name = DRAGON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/28/2010 2:17:02 AM | Computer Name = DRAGON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/28/2010 2:17:03 AM | Computer Name = DRAGON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/28/2010 2:17:04 AM | Computer Name = DRAGON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/28/2010 2:17:19 AM | Computer Name = DRAGON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/28/2010 2:17:19 AM | Computer Name = DRAGON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/28/2010 2:17:20 AM | Computer Name = DRAGON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/28/2010 2:17:20 AM | Computer Name = DRAGON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/28/2010 11:13:17 PM | Computer Name = DRAGON | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

[ System Events ]
Error - 3/4/2010 6:00:26 AM | Computer Name = DRAGON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 3/4/2010 8:00:18 AM | Computer Name = DRAGON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 3/4/2010 10:00:12 AM | Computer Name = DRAGON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 3/4/2010 12:00:12 PM | Computer Name = DRAGON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 3/4/2010 2:00:12 PM | Computer Name = DRAGON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 3/4/2010 4:00:54 PM | Computer Name = DRAGON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 3/4/2010 6:00:31 PM | Computer Name = DRAGON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 3/4/2010 8:00:42 PM | Computer Name = DRAGON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 3/4/2010 10:00:21 PM | Computer Name = DRAGON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 3/5/2010 12:02:35 AM | Computer Name = DRAGON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}


< End of report >

Edited by Phammcast, 05 March 2010 - 06:14 AM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:12 AM

Posted 05 March 2010 - 05:49 PM

Hi,

please run a scan with gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Phammcast

Phammcast
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 08 March 2010 - 09:27 PM

I tried the scan in a full session and in safe mode. while in full session it restarted on its own mid-scan after finding quite a few intrusion entries, and in safe mode it hangs the entire computer while using up 100% of the cpu (without finding) anything even after I close the program. I have to unplug it to turn it off. Not to mention Firefox keeps crashing every time I try to send you a message. I'm also pretty sure I have the about:blank infection. What should I do now?

Edited by Phammcast, 08 March 2010 - 09:31 PM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:12 AM

Posted 09 March 2010 - 10:44 AM

Hi,

please try running gmer with the devices option unchecked. If that won't work, I'll give you some alternative tools to run.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Phammcast

Phammcast
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 12 March 2010 - 02:21 PM

I just did what you said and it locked my entire computer again! I had to unplug it to restart it. I don't wanna keep doing that for fear of permanent damage. Before I went to sleep it was stuck on one particular item. I just thought it was a big object to scan so I left it on all night to scan. When I woke up it was on the same object so I stopped the scan to try and copy what I had and then it froze everything. This is the registry object it got hung up one:

software\classes\clsid/083863f-70DE-11DO-BD40-00A0C911CE86}\instance\{

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:12 AM

Posted 12 March 2010 - 02:48 PM

Hi,


ok, this was the last thing I wanted you to try anyways. Please run a scan with RootRepeal instead:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

As well as a scan with mbr:
Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Phammcast

Phammcast
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 17 March 2010 - 05:21 AM

Is this safer to use than GMER? Will it freeze my computer?

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:12 AM

Posted 17 March 2010 - 07:50 AM

Hi,

it should be safe to run.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Phammcast

Phammcast
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 18 March 2010 - 06:12 AM

I tried Rootrepeal twice and both times it severily slowed down my computer almost to a stand-still. The only thing I could do was move the cursor and all it says is "Initializing, Please Wait" for about 45 min. with cpu usage at 100% using 978mb of my pagefile. It also gave me the "Your system is low on virtual memory. Windows is increasing the size of your pagefile" Warning. Once again, I had to unplug it to turn it off. I have an old computer that I got in 2003 (2.4 ghz, 248mb Ram with motherboard video and audio Realtek config.) I don't think It would be able to handle any programs that use a lot of resources. What should I do?

Edited by Phammcast, 18 March 2010 - 06:15 AM.


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:12 AM

Posted 19 March 2010 - 04:12 PM

Hi,

then please run a scan with sophos:
Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes.
  • Make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Phammcast

Phammcast
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 25 March 2010 - 05:41 PM

Is this program a resource eater like the last two? My A-Squared is no longer operational now and I had to uninstall it. It may have been damaged by my having to unplug to restart.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:12 AM

Posted 27 March 2010 - 11:51 AM

Hi,

a BSOD will not hurt your hardware and shouldn't damage your software either. It will use resources while scanning, cause it needs to, it would be best if you did not do anything beside the scan.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Phammcast

Phammcast
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 02 April 2010 - 02:47 AM

These are the results of the Sophos:

Warning: Failed to set privilege SeDebugPrivilege. You may not have sufficient access rights.

Not all privileges referenced are assigned to the caller.

Warning: Could not initialize Toolhelp. Please restart and try again.

Access is denied.


Unknown Hidden Item:
Area: Local hard drives

Description: Unknown hidden file

Location: C:\Documents and Settings\Owner\My Documents\My Music\Ready For The World - 20th Century Masters- The Millennium Collection - The Best Of Ready For The World\Ready For The World - 20th Century Masters- The Millennium Collection - The Best Of Ready For The World

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available)




I also just got a BSOD yesterday from win32k.sys. I also get and installer error saying "The installer has encountered a problem while installing the package. This may indicate a problem with the package. The error code is 2908."

Edited by Phammcast, 02 April 2010 - 11:54 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users