Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Keeps Rebooting-Works in Safe Mode


  • This topic is locked This topic is locked
55 replies to this topic

#1 margiemorgan

margiemorgan

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 08 March 2010 - 08:36 AM

I ran Spybot and AVG. Ran both in safe mode. Both came up with some malware and I cleaned everything that was identified. Thought I was done but when I tried to log on normally, it reboots again.

In the event log I got:

THE FOLLOWING ........DRIVERS FAILED TO LOAD:

ASPO32
AVGIO
AVIPBB
I0842PRT
SPLDR
SSMDRV
WANARPV6

I researched the ASP032 and found it was considered tied to malware but I could not find more info on it and I was tired and went to bed.

This morning I am loading the hijack log and hoping the gurus can help. Log has a lot of 'unknown files in winsock'. I tried to investigate those but everything I found said they 'might be' legitimate so be careful.


Here is the latest log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:41 AM, on 3/8/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
L:\Margie's Stuff\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe04a.dll
O13 - Gopher Prefix:
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://portal.warren-yazoo.org/XTSAC.cab
O21 - SSODL: KNaFTHIZPB - {CE955D30-643F-F79A-EB60-D160B0E0B16A} - C:\Windows\system32\gghx.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10589 bytes


Thanks for all you do. 0:-)

Margie

BC AdBot (Login to Remove)

 


#2 margiemorgan

margiemorgan
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 09 March 2010 - 08:31 AM

Additional Information: I was going to try another virus scan last night and I attempted to turn off system restore. The tab that I needed to get to was missing. I searched the internet (on my laptop) to try and find another way to turn it off but could not. I was able to use the system restore option to return my computer to a point as far back as Feb 12. However, I did not take that option at this time. One other thing I noticed is that when I was on the computer in safe mode, I tried to search for a file. Before I could type the file name, the computer started entering the number 666666666666666666666 and it kept on until I hit enter.

I will wait for help from the experts because I am out of ideas.

Thanks as always.

Margie


#3 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:17 AM

Posted 11 March 2010 - 12:45 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#4 margiemorgan

margiemorgan
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 11 March 2010 - 10:13 PM

I know you are all busy so I don't mind waiting. I have been trying to work through this on my own with little luck. It has taken me several days working off and on to be able to run any exe files so I was not able to download and run the programs you wanted. However, I have gotten around that with the exception of gmer program. When I run that program, it does not give me any reports to save. I have run it 2 times with same result. Please let me know if you know how to get around this. I am thinking that because I might have the notepad.exe virus, the real notepad program can't run. That's just my theory. I think I have narrowed down the virus to one of 2 possibilities: the virus tied to the notepad.exe file or the rootkit. I have a little bit of both symptoms.

I am running Vista. I can start my computer but when I click on my icon it starts to load and then I get the dreaded blue screen. I have to reboot and start safe mode. From there everything was blocked and I could not run any exe programs. I was able to get around that. At times if I am searching for a file and I get ready to type the file name, I get 6666666666666666666666 and it will keep going until I hit enter.

If I am googling a page, I get redirected quite often especially if I am looking for something about the virus. Also get the 6666666666666666666666's in my google bar as well.

I also am unable to uninstall ask toolbar as well as something called bullseye toolbar. I know several of your posts ask that these are removed but I get errors each time I try.

I am still able to connect to the internet and I can do regedit if needed. I have run out of ideas so I will wait for your wise guidance.


Thanks.

Attached Files


Edited by margiemorgan, 11 March 2010 - 10:18 PM.


#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 PM

Posted 12 March 2010 - 08:15 AM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

I am going to have you create a boot CD so I can work on your OS while it is not active. You will need a clean computer to create this CD.

==========

We need to create some logs


First.........

After you have successfully burned the OTLPE ISO to disc you will need to transfer the disc to the CD drive of your sick computer and boot from it.
  • Insert the CD-ROM into the CD-ROM drive, and then restart the computer.
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
    • Your PC should now boot from your CD.
    • Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
  • Please be patient as "Windows" loads
  • Your system should now display a REATOGO-X-PE desktop.
  • Double click on the icon on your desktop.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
    • Copy and Paste the following code into the textbox. Do not include the word "Code"

      Please note: Double click the Firefox Icon on the desktop to connect to this thread if you have a Wired connection otherwise you can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.

      CODE
      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %ALLUSERSPROFILE%\Application Data\*.
      %ALLUSERSPROFILE%\Application Data\*.exe /s
      %APPDATA%\*.
      %APPDATA%\*.exe /s
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
    • Push
    • When finished, the file will be saved in drive C:\OTL.txt
    • Please post the contents of the C:\OTL.txt file in your next reply.
    • Copy this file to your USB drive if you do not have an internet connection.


    Next........

  • Navigate here to the forum and click this link.
  • Download the program and save it to the REATOGO-X-PE desktop.
  • Once saved, close all other windows then double click the program to run it.
  • When completed, a log will open.
  • Save the log to the desktop using File>Save as, then post the log in a reply.

    Please note: If you are unable to connect to the internet then please download to a flash drive on a clean computer and transfer to the sick computer to run!

Kind regards,
~ t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#6 margiemorgan

margiemorgan
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 12 March 2010 - 01:05 PM

I have created the cd on a clean computer and I will attempt to reboot my computer from the cd this weekend. I will let you know what happens.

Thank you .

Margie


#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 PM

Posted 12 March 2010 - 05:58 PM

thumbup2.gif
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 margiemorgan

margiemorgan
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 12 March 2010 - 11:27 PM

Working on it.

busy.gif

Thanks

Edited by margiemorgan, 12 March 2010 - 11:48 PM.


#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 PM

Posted 13 March 2010 - 10:33 AM

smile.gif I am here. Take your time.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 margiemorgan

margiemorgan
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 13 March 2010 - 07:22 PM

Just finished the scan in OTLPE. I copied and pasted the code just as directed. It took a long time but the program is finished and says 'scan complete'. At first I could not find any kind of log. However, after searching the internet for more information, I think this might be it. I was expecting the log to pop up once the scan finished.

I found 2 logs that were created with OTL so I uploaded both.



Margie

Attached Files


Edited by margiemorgan, 13 March 2010 - 07:45 PM.


#11 margiemorgan

margiemorgan
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 13 March 2010 - 08:01 PM

Downloaded the next file - dds-bootcd and put it on the teatogo desk top. When I clicked it, a dos window opened and the following error popped up:

c:\windows\system32\regsvr32.exe is not a valid win32 application. In the dos window it says access denied. Can't figure out how to get around the error.

mm

#12 margiemorgan

margiemorgan
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 13 March 2010 - 08:04 PM

Going to try to copy it to the 'root of the targeted partitions' which is what comes up telling you what to do it there is an error.

#13 margiemorgan

margiemorgan
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 13 March 2010 - 08:06 PM

Tried to run it in the 'c' drive but that did not work either. Will wait till I hear from you

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 PM

Posted 13 March 2010 - 09:23 PM

You may forgo the DDS log for now. Please copy and paste all logs unless otherwise directed. Allow me to review the logs and then I will post your next step. Do not make any changes to your computer.

Thanks,
~ t

OTL Extras logfile created on: 3/13/2010 5:45:57 PM - Run
OTLPE by OldTimer - Version 3.1.35.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.50 Gb Total Space | 243.47 Gb Free Space | 74.57% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 219.26 Gb Free Space | 94.15% Space Free | Partition Type: NTFS
Drive E: | 973.17 Mb Total Space | 596.55 Mb Free Space | 61.30% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 8.85 Gb Total Space | 1.21 Gb Free Space | 13.72% Space Free | Partition Type: NTFS
Drive K: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 429.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Lindsey\AppData\Local\Temp\tvehlpg.exe" = C:\Users\Lindsey\AppData\Local\Temp\tvehlpg.exe:*:Enabled:tvehlpg -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{14CE561C-3ED2-4B1C-A6A8-E48E27C5E787}" = RS-1000
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AE00DF4-ADF1-479E-834C-D1B2E71570BD}" = YouSendIt Application Plug-in SDK
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F8B155C-312C-41CF-B82D-21D03A04F58D}" = Movica
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
"123 DVD Converter_is1" = 123 DVD Converter
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip
"AoA DVD Ripper_is1" = AoA DVD Ripper
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"CopySafe Plugin" = CopySafe Plugin
"CUZ4_is1" = CAM UnZip 4.42
"DVD To AVI Converter_is1" = DVD To AVI Converter 1.00
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"InstallShield_{3AE00DF4-ADF1-479E-834C-D1B2E71570BD}" = YouSendIt Application Plug-in SDK
"LimeWire" = LimeWire 4.16.6
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Media Center 12" = Media Center 12
"Media Jukebox 12" = Media Jukebox 12
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RealPlayer 6.0" = RealPlayer
"Replay Converter 3" = Replay Converter 3
"Replay Media Catcher 3.01" = Replay Media Catcher 3.01
"Replay_AV_807" = Replay AV 8
"Replay_Converter_1" = Replay Converter 2.8
"RS1000" = RS-1000 USB Drivers
"TBSB09835.TBSB09835Toolbar" = Bullseye Tool Bar
"TurboTax 2008" = TurboTax 2008
"WildTangent hp Master Uninstall" = My HP Games
"WinPcapInst" = WinPcap 4.0
"WinZip Self-Extractor" = WinZip Self-Extractor
"XviD_is1" = XviD 1.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\Chris_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MySpaceIM" = MySpaceIM

< End of report >

==========

OTL logfile created on: 3/13/2010 5:45:57 PM - Run
OTLPE by OldTimer - Version 3.1.35.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.50 Gb Total Space | 243.47 Gb Free Space | 74.57% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 219.26 Gb Free Space | 94.15% Space Free | Partition Type: NTFS
Drive E: | 973.17 Mb Total Space | 596.55 Mb Free Space | 61.30% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 8.85 Gb Total Space | 1.21 Gb Free Space | 13.72% Space Free | Partition Type: NTFS
Drive K: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 429.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto] -- -- (LiveUpdate Notice Ex)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] () [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/07/07 10:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2009/07/28 17:33:56 | 000,055,656 | ---- | M] () [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 11:12:24 | 000,028,520 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 11:33:07 | 000,096,104 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 13:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/15 19:19:04 | 002,047,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/26 19:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/05/03 13:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/03/12 03:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2007/01/25 12:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2006/11/28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2003/11/24 19:39:24 | 000,025,628 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RS1000.sys -- (RS1000)
DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System] -- C:\Windows\System32\drivers\Aspi32.sys -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Chris_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Chris_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Lindsey_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\Lindsey_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Lindsey_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Margie_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Margie_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Margie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Margie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/11 19:26:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/27 20:14:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/27 20:14:41 | 000,000,000 | ---D | M]

[2009/09/08 21:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/04 19:44:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/11/11 02:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2010/03/10 22:58:36 | 000,288,701 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 9948 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Chris_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Lindsey_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Margie_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Chris_ON_C..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Users\Chris\AppData\Local\Temp\win.exe File not found
O4 - HKU\Chris_ON_C..\Run: [MySpaceIM] C:\Users\Chris\AppData\Roaming\MySpace\IM\bin\MySpaceIM.exe ()
O4 - HKU\Chris_ON_C..\Run: [Remote System Protection] C:\Windows\System32\smxf9mafi.DLL File not found
O4 - HKU\Chris_ON_C..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe File not found
O4 - HKU\Chris_ON_C..\Run: [smss32.exe] C:\Windows\System32\smss32.exe File not found
O4 - HKU\Lindsey_ON_C..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Users\Lindsey\AppData\Local\Temp\services.exe File not found
O4 - HKU\Lindsey_ON_C..\Run: [eventcreatexp.exe] C:\Users\Lindsey\AppData\Local\Temp\eventcreatexp.exe File not found
O4 - HKU\Lindsey_ON_C..\Run: [LosAlamos] C:\Windows\System32\sshnas21.DLL File not found
O4 - HKU\Lindsey_ON_C..\Run: [Remote System Protection] C:\Windows\System32\smxf9mafi.DLL File not found
O4 - HKU\Lindsey_ON_C..\Run: [ROUA3O12PW] C:\Windows\msa.exe File not found
O4 - HKU\Lindsey_ON_C..\Run: [smss32.exe] C:\Windows\System32\smss32.exe File not found
O4 - HKU\Lindsey_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Lindsey_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Lindsey_ON_C..\Run: [TOY5KNQ8OC] C:\Users\Lindsey\AppData\Local\Temp\Pch.exe ()
O4 - HKU\Lindsey_ON_C..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] C:\Users\Lindsey\AppData\Local\Temp\pt9wd.exe File not found
O4 - HKU\Margie_ON_C..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Users\Margie\AppData\Local\Temp\notepad.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe (PC-Doctor, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\Lindsey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Lindsey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Lindsey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\Lindsey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Lindsey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Margie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Margie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\Margie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\lspE04A.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - C:\Windows\System32\lspE04A.dll ()
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://portal.warren-yazoo.org/XTSAC.cab (XTSAC Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: KNaFTHIZPB - {CE955D30-643F-F79A-EB60-D160B0E0B16A} - C:\Windows\System32\gghx.dll ()
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/11 19:47:44 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/02/12 14:53:42 | 000,000,277 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{bc64d6e2-1712-11dd-820d-001bb98c59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{bc64d6e2-1712-11dd-820d-001bb98c59a8}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c3c43980-4ee8-11dc-8574-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c3c43980-4ee8-11dc-8574-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.bat -- File not found
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/09/23 05:58:24 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe - ()
MsConfig - StartUpReg: asg984jgkfmgasi8ug98jgkfgfb - hkey= - key= - C:\Users\Margie\AppData\Local\Temp\notepad.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.iac2 - C:\Program Files\Replay AV 8\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/03/11 21:14:29 | 000,000,000 | ---D | C] -- C:\Users\Margie\Desktop\gmer(2)
[2010/03/11 21:14:06 | 000,000,000 | ---D | C] -- C:\Users\Margie\Desktop\gmer
[2010/03/11 21:11:56 | 000,181,000 | ---- | C] (Kaspersky Lab) -- C:\Program Files\Margies file.exe
[2010/03/11 21:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\CAM Development
[2010/03/11 21:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip Self-Extractor
[2010/03/11 21:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESTsoft
[2010/03/10 22:58:36 | 000,000,000 | ---D | C] -- C:\Users\Margie\Desktop\backups
[2010/03/10 21:38:57 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Users\Margie\Desktop\OTL.exe
[2010/03/10 18:26:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/03/08 08:43:45 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Margie\Desktop\HiJackThis.exe
[2010/02/28 21:02:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ApplicationHistory
[2010/02/18 18:10:23 | 000,000,000 | ---D | C] -- C:\Users\Margie\AppData\Roaming\Malwarebytes
[2010/02/18 17:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/18 17:25:14 | 005,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Margie\Desktop\mbam-setup(2).exe
[2010/02/17 23:10:06 | 000,000,000 | ---D | C] -- C:\Users\Margie\AppData\Roaming\uTorrent
[2010/02/17 22:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/02/17 17:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\IEToolbar
[2010/02/17 17:08:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\ESTsoft
[2010/02/17 14:01:55 | 000,000,000 | ---D | C] -- C:\Users\Lindsey\AppData\Roaming\uTorrent
[2010/02/17 14:01:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/13 18:26:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/13 18:26:32 | 000,000,006 | -H-- | M] () -- C:\Windows\System32\myspace.xvd
[2010/03/13 18:25:53 | 000,002,595 | ---- | M] () -- C:\Users\Margie\Desktop\Microsoft Word.lnk
[2010/03/11 21:31:13 | 000,000,006 | -H-- | M] () -- C:\Windows\System32\mail.xvd
[2010/03/11 21:18:51 | 181,371,686 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/11 20:39:09 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/11 20:39:09 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/11 20:38:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/10 22:58:36 | 000,288,701 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/10 22:38:39 | 000,010,460 | ---- | M] () -- C:\Users\Margie\Desktop\hijackthis2
[2010/03/10 21:38:09 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\Margie\Desktop\OTL.exe
[2010/03/10 21:34:21 | 000,000,135 | ---- | M] () -- C:\Users\Margie\Desktop\fixregtools.reg
[2010/03/10 21:02:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/10 18:11:55 | 013,837,640 | ---- | M] () -- C:\Users\Margie\Desktop\winzip140.exe
[2010/03/10 18:01:57 | 000,524,288 | ---- | M] () -- C:\Users\Margie\Desktop\dds.scr
[2010/03/10 18:00:28 | 000,050,477 | ---- | M] () -- C:\Users\Margie\Desktop\Defogger.exe
[2010/03/10 16:53:32 | 000,181,000 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Margies file.exe
[2010/03/08 21:37:26 | 000,001,356 | ---- | M] () -- C:\Users\Margie\AppData\Local\d3d9caps.dat
[2010/03/05 23:20:53 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/05 22:36:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/03 03:07:35 | 000,747,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/03 03:07:35 | 000,633,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/03 03:07:35 | 000,117,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/28 16:52:44 | 002,275,434 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010/02/28 16:11:09 | 000,023,552 | ---- | M] () -- C:\Users\Margie\Desktop\income tax 2010.xls
[2010/02/28 15:27:14 | 000,077,312 | ---- | M] () -- C:\Users\Margie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/26 01:52:01 | 000,010,710 | -HS- | M] () -- C:\Users\Lindsey\AppData\Local\UYxp8qC
[2010/02/26 01:50:37 | 000,064,512 | ---- | M] () -- C:\Windows\System32\lspE04A.dll
[2010/02/26 01:50:37 | 000,000,508 | -H-- | M] () -- C:\Windows\System32\iexplore.sy_
[2010/02/26 01:50:20 | 000,197,632 | -HS- | M] () -- C:\Users\Lindsey\AppData\Local\av.exe
[2010/02/26 01:49:53 | 000,000,680 | ---- | M] () -- C:\Users\Lindsey\AppData\Local\d3d9caps.dat
[2010/02/26 01:49:53 | 000,000,552 | ---- | M] () -- C:\Users\Lindsey\AppData\Local\d3d8caps.dat
[2010/02/25 22:09:03 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMargie.job
[2010/02/24 13:24:23 | 002,232,897 | -H-- | M] () -- C:\Users\Lindsey\AppData\Local\IconCache.db
[2010/02/18 17:54:06 | 000,000,235 | ---- | M] () -- C:\Windows\System32\_VOIDuqfrqvqbvt.dat
[2010/02/18 15:55:56 | 005,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Margie\Desktop\mbam-setup(2).exe
[2010/02/18 15:54:46 | 000,363,008 | ---- | M] () -- C:\rkill.com
[2010/02/17 23:22:44 | 000,000,541 | ---- | M] () -- C:\Users\Margie\Desktop\hijackthis.lnk
[2010/02/17 17:20:41 | 000,000,677 | ---- | M] () -- C:\Users\Chris\Desktop\Security essentials 2010.lnk
[2010/02/17 17:11:22 | 000,045,056 | ---- | M] () -- C:\Windows\System32\_VOIDivvrmbxywx.dll
[2010/02/17 17:11:22 | 000,032,256 | ---- | M] () -- C:\Windows\System32\_VOIDduxtpqkygx.dll
[2010/02/17 17:11:13 | 000,026,624 | ---- | M] () -- C:\Windows\System32\_VOIDdheurjcepe.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/11 21:11:56 | 000,002,258 | ---- | C] () -- C:\Program Files\eula.txt
[2010/03/10 22:38:39 | 000,010,460 | ---- | C] () -- C:\Users\Margie\Desktop\hijackthis2
[2010/03/10 21:34:21 | 000,000,135 | ---- | C] () -- C:\Users\Margie\Desktop\fixregtools.reg
[2010/03/10 18:12:03 | 013,837,640 | ---- | C] () -- C:\Users\Margie\Desktop\winzip140.exe
[2010/03/10 18:02:09 | 000,524,288 | ---- | C] () -- C:\Users\Margie\Desktop\dds.scr
[2010/03/10 18:00:56 | 000,050,477 | ---- | C] () -- C:\Users\Margie\Desktop\Defogger.exe
[2010/02/28 16:11:09 | 000,023,552 | ---- | C] () -- C:\Users\Margie\Desktop\income tax 2010.xls
[2010/02/28 14:34:51 | 000,000,006 | -H-- | C] () -- C:\Windows\System32\mail.xvd
[2010/02/26 02:08:45 | 000,000,006 | -H-- | C] () -- C:\Windows\System32\myspace.xvd
[2010/02/26 01:50:37 | 000,064,512 | ---- | C] () -- C:\Windows\System32\lspE04A.dll
[2010/02/26 01:50:37 | 000,000,508 | -H-- | C] () -- C:\Windows\System32\iexplore.sy_
[2010/02/26 01:50:20 | 000,197,632 | -HS- | C] () -- C:\Users\Lindsey\AppData\Local\av.exe
[2010/02/26 01:50:20 | 000,010,710 | -HS- | C] () -- C:\Users\Lindsey\AppData\Local\UYxp8qC
[2010/02/26 01:49:53 | 000,000,552 | ---- | C] () -- C:\Users\Lindsey\AppData\Local\d3d8caps.dat
[2010/02/18 17:25:14 | 000,363,008 | ---- | C] () -- C:\rkill.com
[2010/02/17 22:13:29 | 000,096,104 | ---- | C] () -- C:\Windows\System32\drivers\avipbb.sys
[2010/02/17 22:13:29 | 000,055,656 | ---- | C] () -- C:\Windows\System32\drivers\avgntflt.sys
[2010/02/17 22:13:29 | 000,028,520 | ---- | C] () -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/02/17 17:18:42 | 000,000,677 | ---- | C] () -- C:\Users\Chris\Desktop\Security essentials 2010.lnk
[2010/02/17 17:11:18 | 000,045,056 | ---- | C] () -- C:\Windows\System32\_VOIDivvrmbxywx.dll
[2010/02/17 17:11:16 | 000,032,256 | ---- | C] () -- C:\Windows\System32\_VOIDduxtpqkygx.dll
[2010/02/17 17:11:13 | 000,026,624 | ---- | C] () -- C:\Windows\System32\_VOIDdheurjcepe.dll
[2010/02/17 17:11:13 | 000,000,235 | ---- | C] () -- C:\Windows\System32\_VOIDuqfrqvqbvt.dat
[2009/09/17 00:40:24 | 000,032,768 | ---- | C] () -- C:\Windows\System32\gghx.dll
[2009/09/17 00:40:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/13 18:05:57 | 000,169,990 | ---- | C] () -- C:\Users\Margie\AppData\Roaming\ReplayConverterLog.log
[2009/03/14 22:18:42 | 000,000,600 | ---- | C] () -- C:\Users\Margie\AppData\Local\PUTTY.RND
[2009/03/14 21:24:44 | 000,001,356 | ---- | C] () -- C:\Users\Margie\AppData\Local\d3d9caps.dat
[2009/01/26 18:31:35 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2008/07/17 21:14:53 | 000,000,680 | ---- | C] () -- C:\Users\Lindsey\AppData\Local\d3d9caps.dat
[2008/06/02 21:38:29 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\prvlcl.dat
[2008/05/18 20:54:44 | 000,015,360 | ---- | C] () -- C:\Users\Lindsey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/26 14:49:38 | 000,001,361 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2008/04/23 08:25:11 | 000,000,626 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/12/10 20:12:47 | 000,000,059 | ---- | C] () -- C:\Windows\System32\RS1000UN.ini
[2007/12/10 19:57:11 | 000,000,059 | ---- | C] () -- C:\Windows\System32\FTD2XXUN.INI
[2007/10/29 18:33:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/28 20:46:36 | 000,000,229 | ---- | C] () -- C:\Windows\AoADVDRipper.INI
[2007/10/28 20:27:03 | 000,000,318 | ---- | C] () -- C:\Windows\dvdtoaviconverter.ini
[2007/10/28 20:24:56 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007/10/28 20:24:56 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2007/10/28 20:24:56 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2007/10/24 14:53:23 | 000,000,278 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\wklnhst.dat
[2007/10/23 14:50:58 | 000,000,177 | ---- | C] () -- C:\Windows\DVDConverter.INI
[2007/10/23 14:50:52 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/10/23 14:50:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/10/23 06:51:22 | 000,077,312 | ---- | C] () -- C:\Users\Margie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 23:38:43 | 000,011,264 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/18 06:37:09 | 000,000,038 | ---- | C] () -- C:\Windows\System32\llbiirc.dll
[2007/10/17 16:36:29 | 001,936,528 | ---- | C] () -- C:\Windows\System32\ltmm15.dll
[2007/08/11 19:25:28 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/08/11 19:25:28 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/05/14 07:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/03/09 02:12:32 | 000,027,648 | -HS- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007/03/06 04:14:48 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/03/06 04:14:48 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/01/25 12:31:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:50 | 000,023,860 | ---- | C] () -- C:\Windows\System32\dtinks.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/08/19 00:38:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\J River
[2010/02/19 14:23:03 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LimeWire
[2007/12/12 14:46:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Snapfish
[2007/10/24 14:53:24 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Template
[2010/02/17 14:34:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2007/10/17 17:07:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WildTangent
[2008/04/17 20:31:08 | 000,000,000 | ---D | M] -- C:\Users\Lindsey\AppData\Roaming\J River
[2009/10/26 00:20:11 | 000,000,000 | ---D | M] -- C:\Users\Lindsey\AppData\Roaming\LimeWire
[2007/10/17 16:50:42 | 000,000,000 | ---D | M] -- C:\Users\Lindsey\AppData\Roaming\Snapfish
[2010/02/17 14:01:57 | 000,000,000 | ---D | M] -- C:\Users\Lindsey\AppData\Roaming\uTorrent
[2007/11/12 19:55:46 | 000,000,000 | ---D | M] -- C:\Users\Lindsey\AppData\Roaming\WildTangent
[2008/04/26 14:45:32 | 000,000,000 | ---D | M] -- C:\Users\Lindsey\AppData\Roaming\WinBatch
[2008/07/13 16:22:51 | 000,000,000 | ---D | M] -- C:\Users\Margie\AppData\Roaming\GetRightToGo
[2008/04/17 20:35:02 | 000,000,000 | ---D | M] -- C:\Users\Margie\AppData\Roaming\J River
[2010/02/28 15:33:13 | 000,000,000 | ---D | M] -- C:\Users\Margie\AppData\Roaming\LimeWire
[2008/03/09 18:57:51 | 000,000,000 | ---D | M] -- C:\Users\Margie\AppData\Roaming\Orbit
[2007/10/17 10:51:44 | 000,000,000 | ---D | M] -- C:\Users\Margie\AppData\Roaming\Snapfish
[2010/02/17 23:10:09 | 000,000,000 | ---D | M] -- C:\Users\Margie\AppData\Roaming\uTorrent
[2008/03/09 17:38:41 | 000,000,000 | ---D | M] -- C:\Users\Margie\AppData\Roaming\WinBatch
[2010/03/05 23:18:58 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

< %SYSTEMDRIVE%\*.exe >
[2009/03/14 20:15:34 | 001,224,533 | ---- | M] () -- C:\torrentprivacyinstall.exe


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/17 04:03:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/17 04:03:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/17 04:03:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007/10/26 19:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=7EBA6C9A0A295B1559EFB9062E701218 -- C:\Windows\System32\drivers\nvstor32.sys
[2007/10/26 19:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=7EBA6C9A0A295B1559EFB9062E701218 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_0f6358b4\nvstor32.sys
[2007/07/02 12:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\hp\DRIVERS\NVIDIA_Serial_ATA\nvstor32.sys
[2007/07/02 12:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_6b03e392\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:28:19 | 000,142,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\fontext.dll
[2009/04/11 01:28:24 | 011,584,000 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\shell32.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Chris\Documents\2pac Resurection - Tupac - Ghost.mp3:Roxio EMC Stream
< End of report >



Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 PM

Posted 13 March 2010 - 10:03 PM

Hi, smile.gif

Do not miss my previous post!!!!!

First a question... Have you ever run Combofix??

Please boot back into Reatogo.

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL
    SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - File not found [Auto] -- -- (LiveUpdate Notice Ex)
    DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
    DRV - File not found [Kernel | On_Demand] -- -- (catchme)
    O4 - HKU\Chris_ON_C..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Users\Chris\AppData\Local\Temp\win.exe File not found
    O4 - HKU\Chris_ON_C..\Run: [Remote System Protection] C:\Windows\System32\smxf9mafi.DLL File not found
    O4 - HKU\Chris_ON_C..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe File not found
    O4 - HKU\Chris_ON_C..\Run: [smss32.exe] C:\Windows\System32\smss32.exe File not found
    O4 - HKU\Lindsey_ON_C..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Users\Lindsey\AppData\Local\Temp\services.exe File not found
    O4 - HKU\Lindsey_ON_C..\Run: [eventcreatexp.exe] C:\Users\Lindsey\AppData\Local\Temp\eventcreatexp.exe File not found
    O4 - HKU\Lindsey_ON_C..\Run: [LosAlamos] C:\Windows\System32\sshnas21.DLL File not found
    O4 - HKU\Lindsey_ON_C..\Run: [Remote System Protection] C:\Windows\System32\smxf9mafi.DLL File not found
    O4 - HKU\Lindsey_ON_C..\Run: [ROUA3O12PW] C:\Windows\msa.exe File not found
    O4 - HKU\Lindsey_ON_C..\Run: [smss32.exe] C:\Windows\System32\smss32.exe File not found
    O4 - HKU\Lindsey_ON_C..\Run: [TOY5KNQ8OC] C:\Users\Lindsey\AppData\Local\Temp\Pch.exe ()
    O4 - HKU\Lindsey_ON_C..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] C:\Users\Lindsey\AppData\Local\Temp\pt9wd.exe File not found
    O4 - HKU\Margie_ON_C..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Users\Margie\AppData\Local\Temp\notepad.exe ()
    O7 - HKU\Lindsey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\Lindsey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\Lindsey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKU\Lindsey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\Lindsey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\Margie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\Margie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKU\Margie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O21 - SSODL: KNaFTHIZPB - {CE955D30-643F-F79A-EB60-D160B0E0B16A} - C:\Windows\System32\gghx.dll ()
    O32 - AutoRun File - [2007/08/11 19:47:44 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2007/02/12 14:53:42 | 000,000,277 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
    O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{bc64d6e2-1712-11dd-820d-001bb98c59a8}\Shell - "" = AutoRun
    O33 - MountPoints2\{bc64d6e2-1712-11dd-820d-001bb98c59a8}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{c3c43980-4ee8-11dc-8574-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{c3c43980-4ee8-11dc-8574-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.bat -- File not found
    O33 - MountPoints2\L\Shell - "" = AutoRun
    O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
    [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [2010/02/26 01:50:20 | 000,197,632 | -HS- | M] () -- C:\Users\Lindsey\AppData\Local\av.exe
    [2010/02/18 17:54:06 | 000,000,235 | ---- | M] () -- C:\Windows\System32\_VOIDuqfrqvqbvt.dat
    [2010/02/17 17:20:41 | 000,000,677 | ---- | M] () -- C:\Users\Chris\Desktop\Security essentials 2010.lnk
    [2010/02/17 17:11:22 | 000,045,056 | ---- | M] () -- C:\Windows\System32\_VOIDivvrmbxywx.dll
    [2010/02/17 17:11:22 | 000,032,256 | ---- | M] () -- C:\Windows\System32\_VOIDduxtpqkygx.dll
    [2010/02/17 17:11:13 | 000,026,624 | ---- | M] () -- C:\Windows\System32\_VOIDdheurjcepe.dll

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Users\Lindsey\AppData\Local\Temp\tvehlpg.exe"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.
You will find the log at C:\_OTL

==========

Are you able to boot into normal Windows?

==========

With your next post please provide:

* Have you ever run Combofix?
* OTL fix log
* Are you able to boot into normal Windows?

Kind regards,
~t

Edited by thcbytes, 13 March 2010 - 10:05 PM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users