Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Antivirus Soft


  • This topic is locked This topic is locked
14 replies to this topic

#1 helderman

helderman

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 17 March 2010 - 11:48 AM

I cleaned with Malware Bytes but the computer still locks up after launching applications and the start bar and task manager become translucent. Please help!

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by Dan at 19:26:09.34 on Tue 03/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2574 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [Write DVD-R!] c:\program files\write dvd!\saimon.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dyndns~1.lnk - c:\program files\dyndns updater\DynTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\s3xv7coo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\dan\application data\mozilla\firefox\profiles\s3xv7coo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\dan\application data\mozilla\firefox\profiles\s3xv7coo.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 385536]
R1 saicdr;saicdr;c:\windows\system32\drivers\Saicdr.sys [2009-4-18 51456]
R1 saicdrwup;saicdrwup;c:\windows\system32\drivers\saicdrwup.sys [2009-4-18 3328]
R1 saiudf;saiudf;c:\windows\system32\drivers\Saiudf.sys [2009-4-18 364800]
S2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2006-9-9 263751]
S2 DynDNS Updater;DynDNS Updater;c:\program files\dyndns updater\DynUpSvc.exe [2008-4-23 61440]
S2 EPVCE;El Paso Virus Check Enforcer;c:\epvce\EPVCE_Service.exe [2006-9-9 90112]
S2 gupdate1c9889bfde8c56e;Google Update Service (gupdate1c9889bfde8c56e);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]
S2 GV800_4A;GV800_4A;c:\windows\system32\drivers\GV800_4A.SYS [2006-9-9 37760]
S2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [2000-6-8 50176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-3-7 93320]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-3-7 359952]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-3-7 144704]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-4-27 16512]
S3 GVAUDIO;GVAUDIO;c:\windows\system32\drivers\GVAUDIO.SYS [2006-9-9 14016]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-3-7 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-7 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-7 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-3-7 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-3-7 40552]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-2-5 212992]
S4 BlackICE;BlackICE;c:\program files\network ice\blackice\blackd.exe [2006-9-9 651264]
S4 SSL-Explorer;SSL-Explorer;c:\program files\sslexplorer\install\platforms\windows\wrapper.exe [2008-5-16 135168]

=============== Created Last 30 ================

2010-03-17 00:22:58 0 ----a-w- c:\documents and settings\dan\defogger_reenable
2010-03-12 14:17:00 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-07 14:12:13 9313 ----a-w- c:\windows\system32\Config.MPF
2010-03-07 14:08:34 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-03-07 14:08:34 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-03-07 14:08:34 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-03-07 14:08:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-03-07 14:07:50 0 d-----w- c:\program files\McAfee.com
2010-03-07 14:07:50 0 d-----w- c:\program files\common files\McAfee
2010-03-07 14:07:42 0 d-----w- c:\program files\McAfee
2010-03-07 14:05:08 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-03-05 21:17:21 0 d-----w- c:\docume~1\dan\applic~1\Malwarebytes
2010-03-05 21:17:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-05 21:17:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-05 21:16:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-05 21:16:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-05 20:14:27 0 d-----w- c:\windows\system32\Debug
2010-03-05 16:19:42 0 d-----w- c:\docume~1\dan\applic~1\AVG8
2010-03-05 15:12:56 2493 ----a-w- c:\windows\system32\uninstall.hta
2010-03-04 02:30:16 263 ----a-w- c:\windows\geohealth-03.ini
2010-03-03 01:22:55 0 d-----w- c:\docume~1\dan\applic~1\PC Tools
2010-03-03 01:22:55 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

==================== Find3M ====================

2010-02-18 19:39:59 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT
2010-02-12 13:42:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-01 17:01:50 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-12-23 20:29:13 87608 ----a-w- c:\docume~1\dan\applic~1\inst.exe
2009-12-23 20:29:13 47360 ----a-w- c:\docume~1\dan\applic~1\pcouffin.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-02-05 16:44:21 75 --sh--r- c:\windows\ICMET20.BIN
2009-03-10 10:16:53 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031020090311\index.dat

============= FINISH: 19:26:44.45 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:19 AM

Posted 20 March 2010 - 11:50 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 helderman

helderman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 21 March 2010 - 06:20 PM

Here is the result of the OTL scan...

OTL logfile created on: 3/21/2010 5:54:18 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 47.77 Gb Free Space | 20.52% Space Free | Partition Type: NTFS
Drive D: | 931.50 Gb Total Space | 702.17 Gb Free Space | 75.38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 152.66 Gb Total Space | 84.44 Gb Free Space | 55.31% Space Free | Partition Type: NTFS

Computer Name: CAMERA
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/21 17:50:29 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
PRC - [2010/02/22 07:30:31 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/11 13:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/02/11 13:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/11 12:14:06 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/11 11:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/02/06 15:46:09 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/23 11:57:02 | 000,061,440 | ---- | M] () -- C:\Program Files\DynDNS Updater\DynUpSvc.exe
PRC - [2008/04/23 11:57:00 | 000,065,536 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynTray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/09 20:51:40 | 000,540,672 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007/11/05 21:34:58 | 000,741,376 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2007/10/31 15:40:40 | 000,094,208 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2007/10/11 19:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/07/21 03:14:36 | 000,086,016 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/05/29 15:53:18 | 000,122,880 | ---- | M] () -- C:\Program Files\Write DVD!\Saimon.exe
PRC - [2002/08/07 13:22:08 | 001,282,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2002/04/16 15:32:04 | 000,090,112 | ---- | M] () -- C:\EPVCE\EPVCE_Service.exe
PRC - [2000/06/08 08:15:23 | 000,050,176 | ---- | M] () -- C:\WINDOWS\LogWatNT.exe


========== Modules (SafeList) ==========

MOD - [2010/03/21 17:50:29 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/11 13:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/01/25 10:03:04 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/11 12:14:06 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/11 11:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 21:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/04/23 11:57:02 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2008/03/28 11:54:56 | 000,135,168 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\sslexplorer\install\platforms\windows\wrapper.exe -- (SSL-Explorer)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/05/07 19:28:58 | 000,589,824 | ---- | M] (TightVNC Group) [Disabled | Stopped] -- C:\Program Files\TightVNC\WinVNC.exe -- (winvnc)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2002/08/07 13:22:08 | 001,282,112 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2002/05/06 11:49:18 | 000,651,264 | R--- | M] (Internet Security Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Network ICE\BlackICE\blackd.exe -- (BlackICE)
SRV - [2002/04/16 15:32:04 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\EPVCE\EPVCE_Service.exe -- (EPVCE)
SRV - [2000/06/08 08:15:23 | 000,050,176 | ---- | M] () [Auto | Running] -- C:\WINDOWS\LogWatNT.exe -- (LogWatch)


========== Driver Services (SafeList) ==========

DRV - [2010/01/05 19:04:02 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/11 12:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/11 12:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 12:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/11 12:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 13:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/04/17 21:03:54 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/12 17:09:36 | 002,870,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/12 01:35:46 | 000,212,992 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2007/09/20 05:07:40 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/09/20 05:07:38 | 000,053,632 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/07/20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/25 16:20:48 | 004,030,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2006/12/28 11:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/02/24 05:08:16 | 000,014,016 | ---- | M] (GeoVision) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GVAUDIO.SYS -- (GVAUDIO)
DRV - [2006/01/25 23:02:52 | 000,037,760 | R--- | M] (GeoVision) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GV800_4A.SYS -- (GV800_4A)
DRV - [2005/09/20 18:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/06/24 14:18:44 | 000,051,456 | ---- | M] (Software Architects, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Saicdr.sys -- (saicdr)
DRV - [2003/06/24 14:13:38 | 000,364,800 | ---- | M] (Software Architects, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Saiudf.sys -- (saiudf)
DRV - [2003/05/16 14:32:04 | 000,003,328 | ---- | M] (Software Architects, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\saicdrwup.sys -- (saicdrwup)
DRV - [2002/08/07 13:23:02 | 000,263,751 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDrv.sys -- (CVPNDRV)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002/01/09 16:10:30 | 000,128,380 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2001/08/23 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-746137067-583907252-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-746137067-583907252-682003330-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-746137067-583907252-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/08 14:10:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/22 07:30:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/22 07:30:35 | 000,000,000 | ---D | M]

[2009/02/08 09:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions
[2010/03/16 19:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\s3xv7coo.default\extensions
[2009/09/03 20:59:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\s3xv7coo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/01 13:51:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\s3xv7coo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/20 22:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\s3xv7coo.default\extensions\moveplayer@movenetworks.com
[2010/03/16 19:30:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/09 16:46:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/05/06 21:09:05 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: ([2009/05/19 20:26:30 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-746137067-583907252-682003330-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\TightVNC\WinVNC.exe (TightVNC Group)
O4 - HKLM..\Run: [Write DVD-R!] C:\Program Files\Write DVD!\Saimon.exe ()
O4 - HKU\S-1-5-21-746137067-583907252-682003330-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.)
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe File not found
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-583907252-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/30 07:26:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 18:08:43 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4843740a-e7d0-11dc-9010-0016ec67338c}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{76277d42-cac1-11dd-877a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{76277d42-cac1-11dd-877a-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/08/30 07:26:05 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.G264 - C:\WINDOWS\System32\GX264.dll (GeoVision)
Drivers32: vidc.GEOV - C:\WINDOWS\system32\GeoCodec.dll (GeoVision)
Drivers32: vidc.GEOX - C:\WINDOWS\system32\GeoCodec.dll (GeoVision)
Drivers32: vidc.GM20 - C:\WINDOWS\System32\GXGM20.dll (GeoVision Inc.)
Drivers32: vidc.GM40 - C:\WINDOWS\System32\GXAMP4.dll (GeoVision)
Drivers32: vidc.GMP4 - C:\WINDOWS\System32\GXAMP4.dll (GeoVision)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\Mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\Mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\Mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.XVID - xvidvfw.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/21 17:50:28 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2010/03/12 09:17:00 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/07 09:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/03/07 09:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2010/03/07 09:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\ApplicationHistory
[2010/03/07 09:08:34 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/03/07 09:08:34 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2010/03/07 09:08:34 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/03/07 09:08:32 | 000,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/03/07 09:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/03/07 09:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/03/07 09:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/03/07 09:05:08 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2010/03/07 09:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/03/05 16:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Malwarebytes
[2010/03/05 16:17:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/05 16:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/05 16:16:59 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/05 16:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/05 15:14:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Debug
[2010/03/05 11:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\AVG8
[2010/03/04 21:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Threat Expert
[2010/03/02 20:29:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/03/02 20:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\PC Tools
[2010/03/02 20:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/03/02 20:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/01 21:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\bftqsd
[2009/12/23 11:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/05 21:00:10 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dan\Application Data\pcouffin.sys
[2009/03/10 05:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/02/26 22:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intuit
[2009/02/06 15:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/01/10 22:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/08/30 07:42:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/08/30 07:29:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/08/30 07:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/21 17:50:29 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2010/03/21 17:46:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/21 14:46:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/21 13:11:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/21 09:42:34 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/03/21 09:27:01 | 000,531,786 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/21 09:27:01 | 000,448,866 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/21 09:27:01 | 000,073,340 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/21 09:23:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/21 09:23:29 | 000,009,313 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/21 09:22:04 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/03/21 09:22:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/21 09:22:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/16 19:30:10 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\gmer.exe
[2010/03/16 19:29:27 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\gmer.zip
[2010/03/16 19:24:06 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\dds.scr
[2010/03/16 19:22:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dan\defogger_reenable
[2010/03/16 19:22:14 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Defogger.exe
[2010/03/16 18:00:50 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\rkill.com
[2010/03/15 17:53:32 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Dan\NTUSER.DAT
[2010/03/15 17:53:04 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dan\ntuser.ini
[2010/03/13 09:45:07 | 002,689,716 | -H-- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\IconCache.db
[2010/03/13 09:44:18 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/08 18:33:46 | 000,000,263 | ---- | M] () -- C:\WINDOWS\geohealth-03.ini
[2010/03/08 18:33:41 | 000,001,255 | ---- | M] () -- C:\WINDOWS\GeoRuntime.ini
[2010/03/08 18:33:41 | 000,000,425 | ---- | M] () -- C:\WINDOWS\GeoDebug61.ini
[2010/03/08 18:33:41 | 000,000,115 | ---- | M] () -- C:\WINDOWS\GeoPAL.ini
[2010/03/08 18:33:40 | 000,005,495 | ---- | M] () -- C:\WINDOWS\GeoMulti.ini
[2010/03/08 18:33:40 | 000,000,275 | ---- | M] () -- C:\WINDOWS\GeoRepair.ini
[2010/03/08 18:33:39 | 000,000,147 | ---- | M] () -- C:\WINDOWS\Upload.ini
[2010/03/08 18:33:36 | 000,000,107 | ---- | M] () -- C:\WINDOWS\GeoHealth.ini
[2010/03/08 18:33:33 | 000,017,603 | ---- | M] () -- C:\WINDOWS\GeoPTZ.ini
[2010/03/08 18:32:50 | 000,001,022 | ---- | M] () -- C:\WINDOWS\Geo6cam.ini
[2010/03/08 18:32:46 | 000,000,041 | ---- | M] () -- C:\WINDOWS\geoat.ini
[2010/03/08 18:32:45 | 000,000,151 | ---- | M] () -- C:\WINDOWS\geomcast.ini
[2010/03/08 18:32:34 | 000,000,022 | ---- | M] () -- C:\WINDOWS\geobcast.ini
[2010/03/08 18:32:31 | 000,000,020 | ---- | M] () -- C:\WINDOWS\GEO_CS.ini
[2010/03/08 18:32:15 | 000,006,318 | ---- | M] () -- C:\WINDOWS\ELBEX_U.ini
[2010/03/08 18:32:15 | 000,006,302 | ---- | M] () -- C:\WINDOWS\Samsung_U.ini
[2010/03/08 18:32:14 | 000,006,458 | ---- | M] () -- C:\WINDOWS\Semsonmatic_U.ini
[2010/03/08 18:32:14 | 000,006,302 | ---- | M] () -- C:\WINDOWS\Samsung(SDC-1600)_U.ini
[2010/03/08 18:32:14 | 000,006,302 | ---- | M] () -- C:\WINDOWS\Kalatal_U.ini
[2010/03/08 18:32:13 | 000,006,302 | ---- | M] () -- C:\WINDOWS\Dynacolor_U.ini
[2010/03/08 18:32:13 | 000,005,962 | ---- | M] () -- C:\WINDOWS\Panasonic_U.ini
[2010/03/08 18:32:13 | 000,003,517 | ---- | M] () -- C:\WINDOWS\Sony_U.ini
[2010/03/08 18:32:12 | 000,006,194 | ---- | M] () -- C:\WINDOWS\Lilin_U.ini
[2010/03/08 18:32:12 | 000,001,235 | ---- | M] () -- C:\WINDOWS\DongYang_U.ini
[2010/03/08 18:32:11 | 000,006,302 | ---- | M] () -- C:\WINDOWS\Dome_PelcoP_U.ini
[2010/03/08 18:32:11 | 000,006,302 | ---- | M] () -- C:\WINDOWS\Dome_PelcoD_U.ini
[2010/03/08 18:32:11 | 000,006,302 | ---- | M] () -- C:\WINDOWS\AdemCo_U.ini
[2010/03/08 18:32:10 | 000,006,302 | ---- | M] () -- C:\WINDOWS\VCC4_U.ini
[2010/03/08 18:32:07 | 000,006,302 | ---- | M] () -- C:\WINDOWS\VCC3_U.ini
[2010/03/08 18:32:06 | 000,000,395 | ---- | M] () -- C:\WINDOWS\PTZBackupFile.ini
[2010/03/08 18:32:02 | 000,014,062 | ---- | M] () -- C:\WINDOWS\GeoVStatus.ini
[2010/03/08 16:28:04 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/07 09:53:59 | 000,000,044 | ---- | M] () -- C:\WINDOWS\geonet.ini
[2010/03/07 09:11:22 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/03/07 09:10:49 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk
[2010/03/07 09:10:43 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\fusioncache.dat
[2010/03/07 09:08:01 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/03/07 09:08:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/03/06 15:18:08 | 000,000,069 | ---- | M] () -- C:\WINDOWS\GeoTwin.ini
[2010/03/02 21:22:02 | 000,059,656 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/01 11:17:00 | 002,020,755 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Honda EU200i manual.pdf
[2010/03/01 07:38:10 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Microsoft Office Outlook 2003.lnk
[2010/02/26 22:17:51 | 000,000,255 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\WebKinz.url
[2010/02/26 17:22:15 | 000,000,342 | ---- | M] () -- C:\WINDOWS\geohealth-02.ini
[2010/02/25 04:01:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/24 21:30:32 | 000,000,080 | ---- | M] () -- C:\WINDOWS\GeoLan.ini
[2010/02/24 21:30:31 | 000,000,512 | ---- | M] () -- C:\WINDOWS\GeoImageProcess.ini
[2010/02/24 21:30:31 | 000,000,060 | ---- | M] () -- C:\WINDOWS\GeoDxDraw.ini
[2010/02/24 09:50:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/16 19:29:27 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\gmer.zip
[2010/03/16 19:24:06 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\dds.scr
[2010/03/16 19:22:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan\defogger_reenable
[2010/03/16 19:22:14 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Defogger.exe
[2010/03/16 18:00:44 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\rkill.com
[2010/03/07 09:12:13 | 000,009,313 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/07 09:11:22 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/03/07 09:10:49 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk
[2010/03/07 09:10:43 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\fusioncache.dat
[2010/03/07 09:08:01 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/03/07 09:08:00 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/03/05 16:17:17 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/05 10:12:56 | 000,002,493 | ---- | C] () -- C:\WINDOWS\System32\uninstall.hta
[2010/03/03 21:30:16 | 000,000,263 | ---- | C] () -- C:\WINDOWS\geohealth-03.ini
[2010/03/01 11:17:00 | 002,020,755 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Honda EU200i manual.pdf
[2010/02/01 10:40:50 | 000,000,342 | ---- | C] () -- C:\WINDOWS\geohealth-02.ini
[2009/12/08 14:48:13 | 000,000,267 | ---- | C] () -- C:\WINDOWS\geohealth-12.ini
[2009/12/02 22:53:49 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/12/02 22:53:49 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\E6D98C2419.sys
[2009/11/06 15:52:19 | 000,002,563 | ---- | C] () -- C:\WINDOWS\geohealth-11.ini
[2009/09/21 16:12:02 | 000,000,512 | ---- | C] () -- C:\WINDOWS\GeoImageProcess.ini
[2009/09/03 01:00:06 | 000,000,132 | ---- | C] () -- C:\WINDOWS\geohealth-09.ini
[2009/08/13 09:40:16 | 000,000,666 | ---- | C] () -- C:\WINDOWS\geohealth-08.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/10 15:55:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\GeoTwin.ini
[2009/06/05 21:00:16 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\pcouffin.log
[2009/06/05 21:00:10 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\inst.exe
[2009/06/05 21:00:10 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\pcouffin.cat
[2009/06/05 21:00:10 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\pcouffin.inf
[2009/06/05 20:42:44 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDIdle.INI
[2009/06/05 20:00:36 | 000,001,699 | ---- | C] () -- C:\WINDOWS\geohealth-06.ini
[2009/06/02 15:10:36 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/04/21 18:18:56 | 000,005,014 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fjsyqunb.wgo
[2009/04/19 10:57:57 | 000,005,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xqkcebzs.dik
[2009/04/18 17:49:17 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009/04/18 13:12:27 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/03/27 21:18:48 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/03/27 21:18:29 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/03/27 21:18:29 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/03/27 21:17:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/03/27 21:17:11 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/03/27 21:17:10 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/03/27 21:17:09 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/03/27 21:15:09 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/02/05 14:26:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2009/02/05 14:11:30 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/12/22 12:39:10 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Libraries
[2008/12/22 12:39:10 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Dan\Application Data\Keychains
[2008/12/22 12:39:10 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2008/12/22 12:36:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\LaunchAgents
[2008/12/22 12:36:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Dan\Application Data\Kernel Extension
[2008/12/22 12:36:16 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2007/10/06 16:38:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\GeoRIOM.ini
[2007/10/06 16:35:20 | 000,001,080 | ---- | C] () -- C:\WINDOWS\WebPar.ini
[2007/07/29 10:40:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2007/07/23 13:41:08 | 000,000,080 | ---- | C] () -- C:\WINDOWS\GeoErrorLog.ini
[2007/07/23 12:25:16 | 000,000,121 | ---- | C] () -- C:\WINDOWS\multiview.ini
[2007/07/23 10:08:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/07/23 09:37:16 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/03/10 22:28:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DMMcast.INI
[2007/03/10 22:27:01 | 000,000,197 | ---- | C] () -- C:\WINDOWS\geoModem.ini
[2007/03/10 22:27:01 | 000,000,044 | ---- | C] () -- C:\WINDOWS\geonet.ini
[2006/09/09 16:07:01 | 000,000,080 | ---- | C] () -- C:\WINDOWS\GeoLan.ini
[2006/09/09 15:53:33 | 000,000,275 | ---- | C] () -- C:\WINDOWS\GeoRepair.ini
[2006/09/09 15:53:14 | 000,000,151 | ---- | C] () -- C:\WINDOWS\geomcast.ini
[2006/09/09 15:53:14 | 000,000,041 | ---- | C] () -- C:\WINDOWS\geoat.ini
[2006/09/09 15:53:13 | 000,017,603 | ---- | C] () -- C:\WINDOWS\GeoPTZ.ini
[2006/09/09 15:53:13 | 000,001,022 | ---- | C] () -- C:\WINDOWS\Geo6cam.ini
[2006/09/09 15:53:11 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Upload.ini
[2006/09/09 15:53:10 | 000,000,022 | ---- | C] () -- C:\WINDOWS\geobcast.ini
[2006/09/09 15:53:10 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GEO_CS.ini
[2006/09/09 15:53:09 | 000,001,255 | ---- | C] () -- C:\WINDOWS\GeoRuntime.ini
[2006/09/09 15:53:09 | 000,000,425 | ---- | C] () -- C:\WINDOWS\GeoDebug61.ini
[2006/09/09 15:53:00 | 000,006,302 | ---- | C] () -- C:\WINDOWS\YAAN_U.ini
[2006/09/09 15:52:59 | 000,006,865 | ---- | C] () -- C:\WINDOWS\VIDO_U.ini
[2006/09/09 15:52:59 | 000,006,743 | ---- | C] () -- C:\WINDOWS\TOA_cc551_U.ini
[2006/09/09 15:52:59 | 000,006,458 | ---- | C] () -- C:\WINDOWS\SAE_U.ini
[2006/09/09 15:52:59 | 000,006,302 | ---- | C] () -- C:\WINDOWS\PelcoSpetra3_U.ini
[2006/09/09 15:52:59 | 000,006,302 | ---- | C] () -- C:\WINDOWS\MESSOA_U.ini
[2006/09/09 15:52:59 | 000,006,298 | ---- | C] () -- C:\WINDOWS\Minking_U.ini
[2006/09/09 15:52:59 | 000,001,079 | ---- | C] () -- C:\WINDOWS\KZC_U.ini
[2006/09/09 15:52:58 | 000,006,879 | ---- | C] () -- C:\WINDOWS\JVC_TK_U.ini
[2006/09/09 15:52:58 | 000,006,318 | ---- | C] () -- C:\WINDOWS\ELBEX_U.ini
[2006/09/09 15:52:58 | 000,006,302 | ---- | C] () -- C:\WINDOWS\JEC_P_U.ini
[2006/09/09 15:52:58 | 000,006,302 | ---- | C] () -- C:\WINDOWS\GKB_U.ini
[2006/09/09 15:52:58 | 000,006,302 | ---- | C] () -- C:\WINDOWS\Dynacolor2_U.ini
[2006/09/09 15:52:58 | 000,006,301 | ---- | C] () -- C:\WINDOWS\KamKo_U.ini
[2006/09/09 15:52:58 | 000,001,944 | ---- | C] () -- C:\WINDOWS\PTU_U.ini
[2006/09/09 15:52:58 | 000,001,080 | ---- | C] () -- C:\WINDOWS\D-max_U.ini
[2006/09/09 15:52:57 | 000,006,458 | ---- | C] () -- C:\WINDOWS\Semsonmatic_U.ini
[2006/09/09 15:52:57 | 000,006,302 | ---- | C] () -- C:\WINDOWS\Samsung_U.ini
[2006/09/09 15:52:57 | 000,006,302 | ---- | C] () -- C:\WINDOWS\Samsung(SDC-1600)_U.ini
[2006/09/09 15:52:57 | 000,006,302 | ---- | C] () -- C:\WINDOWS\Kalatal_U.ini
[2006/09/09 15:52:57 | 000,006,302 | ---- | C] () -- C:\WINDOWS\CPT_U.ini
[2006/09/09 15:52:57 | 000,006,288 | ---- | C] () -- C:\WINDOWS\Bosch_U.ini
[2006/09/09 15:52:57 | 000,005,948 | ---- | C] () -- C:\WINDOWS\ZC-122_U.ini
[2006/09/09 15:52:56 | 000,006,302 | ---- | C] () -- C:\WINDOWS\Dynacolor_U.ini
[2006/09/09 15:52:56 | 000,006,302 | ---- | C] () -- C:\WINDOWS\Dome_PelcoP_U.ini
[2006/09/09 15:52:56 | 000,006,302 | ---- | C] () -- C:\WINDOWS\Dome_PelcoD_U.ini
[2006/09/09 15:52:56 | 000,006,302 | ---- | C] () -- C:\WINDOWS\AdemCo_U.ini
[2006/09/09 15:52:56 | 000,006,194 | ---- | C] () -- C:\WINDOWS\Lilin_U.ini
[2006/09/09 15:52:56 | 000,005,962 | ---- | C] () -- C:\WINDOWS\Panasonic_U.ini
[2006/09/09 15:52:56 | 000,003,517 | ---- | C] () -- C:\WINDOWS\Sony_U.ini
[2006/09/09 15:52:56 | 000,001,235 | ---- | C] () -- C:\WINDOWS\DongYang_U.ini
[2006/09/09 15:52:55 | 000,006,302 | ---- | C] () -- C:\WINDOWS\VCC4_U.ini
[2006/09/09 15:52:55 | 000,006,302 | ---- | C] () -- C:\WINDOWS\VCC3_U.ini
[2006/09/09 15:52:55 | 000,000,395 | ---- | C] () -- C:\WINDOWS\PTZBackupFile.ini
[2006/09/09 15:52:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\GeoMpeg4.ini
[2006/09/09 15:52:54 | 000,014,062 | ---- | C] () -- C:\WINDOWS\GeoVStatus.ini
[2006/09/09 15:51:20 | 000,000,083 | ---- | C] () -- C:\WINDOWS\DMGateWay.INI
[2006/09/09 15:51:17 | 000,000,033 | ---- | C] () -- C:\WINDOWS\GeoBrand.ini
[2006/09/09 15:51:11 | 000,005,495 | ---- | C] () -- C:\WINDOWS\GeoMulti.ini
[2006/09/09 15:51:11 | 000,000,060 | ---- | C] () -- C:\WINDOWS\GeoDxDraw.ini
[2006/09/09 15:49:51 | 000,000,107 | ---- | C] () -- C:\WINDOWS\GeoHealth.ini
[2006/09/09 15:49:50 | 000,000,115 | ---- | C] () -- C:\WINDOWS\GeoPAL.ini
[2006/09/09 14:50:58 | 000,122,946 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/09/09 14:49:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/24 20:14:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/03/12 16:17:16 | 000,372,736 | R--- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/09 22:38:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/03/09 22:38:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/09 22:38:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/03/09 22:38:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:540B0D53222E9392
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

OTL Extras logfile created on: 3/21/2010 5:54:18 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 47.77 Gb Free Space | 20.52% Space Free | Partition Type: NTFS
Drive D: | 931.50 Gb Total Space | 702.17 Gb Free Space | 75.38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 152.66 Gb Total Space | 84.44 Gb Free Space | 55.31% Space Free | Partition Type: NTFS

Computer Name: CAMERA
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"443:TCP" = 443:TCP:*:Enabled:httpssl
"54925:UDP" = 54925:UDP:*:Enabled:Brother Network Scanner
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Antivirus\ScanEng\Inodist.exe" = C:\Antivirus\ScanEng\Inodist.exe:*:Enabled:Inodist -- File not found
"C:\GV800\BcastTcp.exe" = C:\GV800\BcastTcp.exe:*:Enabled:BcastTcp Application -- ( )
"C:\GV800\GV800.exe" = C:\GV800\GV800.exe:*:Enabled:Multicam Surveillance System -- ( )
"C:\GV800\DMMcast.exe" = C:\GV800\DMMcast.exe:*:Enabled:Multicast Application -- ( )
"C:\GV800\DMWebCam.exe" = C:\GV800\DMWebCam.exe:*:Enabled:WebCam -- ( )
"C:\GV800\AudioServer.exe" = C:\GV800\AudioServer.exe:*:Enabled:AudioServer -- ()
"C:\GV800\WebCamServer.exe" = C:\GV800\WebCamServer.exe:*:Enabled:HTTP Server -- ()
"C:\Program Files\v8010\DMMultiView\MultiView.exe" = C:\Program Files\v8010\DMMultiView\MultiView.exe:*:Enabled:MultiView -- ( )
"C:\GV800\VLSvr.exe" = C:\GV800\VLSvr.exe:*:Enabled:ViewLog Server -- ()
"C:\GV800\CMSvr.exe" = C:\GV800\CMSvr.exe:*:Enabled:Control Center Server -- ()
"C:\Program Files\sslexplorer\install-sslexplorer.exe" = C:\Program Files\sslexplorer\install-sslexplorer.exe:*:Enabled:install-sslexplorer -- ()
"C:\GV800\TCPsvr.exe" = C:\GV800\TCPsvr.exe:*:Enabled:TcpSvr Application -- ( )
"C:\Documents and Settings\Dan\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Dan\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\Program Files\Brother\Brmfl07b\FAXRX.exe" = C:\Program Files\Brother\Brmfl07b\FAXRX.exe:*:Enabled:FAXRX.EXE -- (Brother Industries Ltd.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\GV800\TwinServer.exe" = C:\GV800\TwinServer.exe:*:Enabled:TwinServer -- ()
"C:\Program Files\Corel\DVD9\WinDVD.exe" = C:\Program Files\Corel\DVD9\WinDVD.exe:*:Enabled:WinDVD -- (Corel Corporation)
"C:\Program Files\CA\eTrustITM\InoTask.exe" = C:\Program Files\CA\eTrustITM\InoTask.exe:*:Enabled:InoTask -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013BE9DC-2E1A-7E95-15D9-C81E91A19510}" = Catalyst Control Center Graphics Full Existing
"{033E06D3-487A-8ED4-1672-B060C0A97D24}" = Skins
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06542CA3-F90C-BE75-656E-83A0B076213A}" = Catalyst Control Center Localization Czech
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{074C0987-378C-5E80-15F6-437B8717A16D}" = ccc-core-preinstall
"{1583C7B3-5D84-4E62-9C55-BCB795EE7B19}" = Catalyst Control Center Core Implementation
"{18070238-0B24-6C19-52B8-368D26E8F1BC}" = Catalyst Control Center Localization Italian
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner PRO v2.10.0.192
"{1D341BEB-869D-E150-1A18-10B02B7E10BF}" = Catalyst Control Center Localization Finnish
"{1D544865-1A49-C99A-7189-ADD5464D8381}" = Catalyst Control Center Localization Thai
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21DAFB84-2421-488F-B17D-102FF53396AA}" = Ulead DVD Player
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EE09C14-D1C8-D38C-B8BD-4A5DDA31A33C}" = CCC Help Danish
"{2F6D51D7-F65C-840D-69B3-F9CDC4D1C2CC}" = CCC Help Turkish
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3187E3CF-A2C8-F15F-ADEE-3A966CCAB69E}" = CCC Help Thai
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3D84CD86-8A47-D0BF-CD0D-AC1749D1B895}" = CCC Help Norwegian
"{44BABF05-8ED2-CEE4-D59F-17E605C4B6FE}" = CCC Help Chinese Traditional
"{469231D8-0FBD-82A8-4DC6-DDC664A77629}" = Catalyst Control Center Localization Portuguese
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{49899342-3922-06B5-E38E-17DE462A18C3}" = CCC Help Russian
"{49F10BCB-9587-6C5B-51F8-BE18A732183F}" = Catalyst Control Center Localization Dutch
"{4A545288-D1F5-0C0F-BC97-8179E6FF1794}" = CCC Help Japanese
"{510D967A-B190-C5B9-D2F8-D2009EB2EF93}" = Catalyst Control Center Localization Russian
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{580EC579-E476-469F-9EBF-F82D696FC67A}" = iClone v2.1 SE
"{59B84475-BEA1-CCBB-36C0-A7CD804F821F}" = Catalyst Control Center Localization Spanish
"{5AFAF0D6-E4FB-CB2C-CAA1-AF78055CD951}" = CCC Help Italian
"{60469B62-EB5C-D37E-D473-4F763F541783}" = Catalyst Control Center Localization Norwegian
"{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}" = Catalyst Control Center - Branding
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71A78AEF-7D16-0917-778E-1E04D486FB9E}" = Catalyst Control Center Graphics Light
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770A65D6-F37E-7447-517A-E62282C7EA18}" = CCC Help French
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B2387B2-63DC-5F0D-3E44-130AB689F1A2}" = Catalyst Control Center Graphics Previews Common
"{7D3CA676-421C-5854-1D80-535FD684E5BC}" = Catalyst Control Center Localization Hungarian
"{8041F412-ABCE-51DA-B8D4-E1BC75FDBF0D}" = Catalyst Control Center Localization Chinese Standard
"{8314CCDE-D301-CABC-EDE7-D391D3E1C7DC}" = CCC Help Spanish
"{8428DF28-CCAF-501E-25CD-1391CD2D5CC9}" = CCC Help Portuguese
"{86B03DBF-D97A-02D7-C6E0-64B1CF7998D8}" = Catalyst Control Center Localization German
"{86B879A5-927E-4536-B5FC-17CA96B60078}" = Garmin Communicator Plugin
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{88F93347-0F9B-4FED-BA71-6C2A4CDFE61D}" = Ulead DVD MovieFactory 2 SE
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF06947-F556-D573-95D1-AB7A7440AAA1}" = CCC Help Greek
"{8DC25D22-3957-4F3F-14F1-4413DB0ED51F}" = Catalyst Control Center Localization Polish
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90D12C0F-9EC0-4E4C-A44C-C76AA0E44FEE}" = Write DVD!
"{913CA370-6B97-3C12-F54D-1BBA8F41303A}" = CCC Help Czech
"{94175F2B-39EB-B64B-50B0-501EDD13D820}" = CCC Help Hungarian
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{966077F9-4923-B3B1-73A6-593E4627B5F7}" = Catalyst Control Center Localization French
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9DA4749E-BF71-8DAE-948A-3A44408550D6}" = Catalyst Control Center Graphics Full New
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5227CA4-8613-CB80-EFC0-D90A424B5430}" = Catalyst Control Center Localization Turkish
"{A9212616-FCA2-4173-BD99-5C741EB3A068}" = Ulead DVD PictureShow 2 SE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A99FBC32-DE3C-450D-A2C7-A39BCF08F04F}" = Ulead Burn.Now
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B197FA45-6A2A-8CA4-888B-38BF0DD5DC90}" = CCC Help Chinese Standard
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4F40112-0067-880A-C696-5E2ECC547F2B}" = Catalyst Control Center Localization Danish
"{BA185841-9581-E711-8DB3-24FA5ADED6AD}" = CCC Help English
"{BB00789E-CDE5-0824-F8CB-ABF5EAA0BB1A}" = Catalyst Control Center Localization Chinese Traditional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6BA2362-C93F-73F5-29E9-CF4100C5CA02}" = Catalyst Control Center Localization Swedish
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C930BF21-C79B-C4DC-7092-2E7898FE5554}" = CCC Help Swedish
"{C9BC573D-3BB5-C839-409D-C964E874188D}" = CCC Help Polish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D657FAA8-9042-9CE7-14D9-048A5C88818D}" = Catalyst Control Center Localization Greek
"{D859D35F-E947-4F2A-8591-C76A4D116178}" = Dora Backpack
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E1DED507-D03F-C0E4-ECE6-542541897A0C}" = CCC Help Finnish
"{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"{E3B35466-F7B6-3BE0-EE8D-3DEE37492649}" = CCC Help German
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7F430A8-AADA-6F9C-CE37-E1174BAD27B0}" = ccc-utility
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EC15C65D-4DE1-3AC7-93B5-D7B2FC02EC09}" = ccc-core-static
"{ECD2A0EE-7BAB-463A-F910-4FD7CE58FC00}" = Catalyst Control Center Localization Japanese
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6C11B5C-0E30-E6F8-46B9-21EF9CE7995D}" = CCC Help Korean
"{F79E3C41-5367-5ADA-5C18-4C9E91FD9852}" = Catalyst Control Center Localization Korean
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FEF74B44-EF2B-762C-3D69-4CA101E792B4}" = CCC Help Dutch
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"Codec_264" = GeoVision H264
"Codec_amp4" = GeoVision MPEG4 ASP
"Codec_mp2" = GeoVision MPEG2
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dave Ramsey's Financial Peace Financial Software5.3" = Dave Ramsey's Financial Peace Financial Software
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.4.0
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"DynDNSUpdater" = DynDNS Updater
"GeoVision GV-800 System" = GeoVision GV-800 System
"GEOXCodec" = GeoVision MPEG4
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Handbrake" = HandBrake 0.9.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSC" = McAfee SecurityCenter
"Nero - Burning Rom!UninstallKey" = Ahead Nero Express
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"SpeedFan" = SpeedFan (remove only)
"SSL-Explorer 1.0.0_RC18" = SSL-Explorer 1.0.0_RC18
"TightVNC_is1" = TightVNC 1.3.9
"TurboTax 2008" = TurboTax 2008
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-746137067-583907252-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Term_Services" = Juniper Terminal Services Client
"Log Upload" = Juniper Networks Log Upload
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/12/2010 7:41:05 AM | Computer Name = CAMERA | Source = Google Update | ID = 20
Description =

Error - 3/12/2010 8:41:05 AM | Computer Name = CAMERA | Source = Google Update | ID = 20
Description =

Error - 3/12/2010 9:41:05 AM | Computer Name = CAMERA | Source = Google Update | ID = 20
Description =

Error - 3/13/2010 5:03:12 AM | Computer Name = CAMERA | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3112 (0xc28) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe

by C:\WINDOWS\system32\MRT.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 3/13/2010 10:44:53 AM | Computer Name = CAMERA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module iertutil.dll, version 8.0.6001.18876, fault address 0x001181ad.

Error - 3/15/2010 10:53:07 AM | Computer Name = CAMERA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/15/2010 2:29:48 PM | Computer Name = CAMERA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module explorer.exe, version 6.0.2900.5512, fault address 0x000027b1.

Error - 3/15/2010 2:29:57 PM | Computer Name = CAMERA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/21/2010 6:56:45 PM | Computer Name = CAMERA | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3824 (0xef0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\dllcache\msls31.dll

by C:\Documents and Settings\Dan\Desktop\OTL.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 3/21/2010 7:01:02 PM | Computer Name = CAMERA | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3448 (0xd78) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\dllcache\msls31.dll

by C:\Documents and Settings\Dan\Desktop\OTL.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 3/21/2010 5:13:42 PM | Computer Name = CAMERA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/21/2010 5:21:05 PM | Computer Name = CAMERA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/21/2010 5:57:58 PM | Computer Name = CAMERA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/21/2010 5:58:00 PM | Computer Name = CAMERA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/21/2010 6:04:03 PM | Computer Name = CAMERA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/21/2010 6:04:05 PM | Computer Name = CAMERA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/21/2010 6:04:08 PM | Computer Name = CAMERA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/21/2010 6:04:10 PM | Computer Name = CAMERA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/21/2010 6:31:36 PM | Computer Name = CAMERA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/21/2010 6:31:38 PM | Computer Name = CAMERA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:19 AM

Posted 21 March 2010 - 07:02 PM

Hi,

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide to clean please run the following tool:
Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.



In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.

Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.

Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 helderman

helderman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 21 March 2010 - 09:28 PM

It said the MBR was infected... i hope in removed it... here is the log. I really appreciate all of your help!!

C:\Documents and Settings\Dan\Desktop\HelpAsst_mebroot_fix.exe
Sun 03/21/2010 at 20:51:43.39

HelpAssistant account was found to be Active ~ attempting to de-activate

Full Name Remote Desktop Help Assistant Account
Account active Yes
Local Group Memberships *Administrators

HelpAssistant successfully set Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove
Remove on reboot: C:\WINDOWS\system32\termsrv32.dll

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"3246:TCP"=-
"2479:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"3246:TCP"=-
"2479:TCP"=-

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-746137067-583907252-682003330-1000
HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant ~ attempting to remove

~ Not all HelpAssistant files sucessfully removed ~
Remove on reboot: C:\DOCUME~1\HELPAS~1\Cookies\index.dat
Remove on reboot: C:\DOCUME~1\HELPAS~1\LOCALS~1\History\History.IE5\index.dat
Remove on reboot: C:\DOCUME~1\HELPAS~1\LOCALS~1\TEMPOR~1\Content.IE5\index.dat
Remove on reboot: C:\DOCUME~1\HELPAS~1\LOCALS~1\TEMPOR~1\Content.IE5
Remove on reboot: C:\DOCUME~1\HELPAS~1\LOCALS~1\TEMPOR~1
Remove on reboot: C:\DOCUME~1\HELPAS~1\LOCALS~1\History\History.IE5
Remove on reboot: C:\DOCUME~1\HELPAS~1\LOCALS~1\History
Remove on reboot: C:\DOCUME~1\HELPAS~1\LOCALS~1
Remove on reboot: C:\DOCUME~1\HELPAS~1\Cookies
Remove on reboot: C:\Documents and Settings\HelpAssistant


~~ Checking mbr ~~

mbr infection detected! ~ running mbr -f

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x8a1dd708
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> 0x8964d330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x01D1A4F79
malicious code @ sector 0x01D1A4F7C !
PE file found in sector at 0x01D1A4F92 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x8a1dd708
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> 0x8964d330
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x01D1A4F79
malicious code @ sector 0x01D1A4F7C !
PE file found in sector at 0x01D1A4F92 !
Use "Recovery Console" command "fixmbr" to clear infection !
user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Sun 03/21/2010 at 21:25:20.90

Full Name Remote Desktop Help Assistant Account
Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x01D1A4F79
malicious code @ sector 0x01D1A4F7C !
PE file found in sector at 0x01D1A4F92 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in List

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:19 AM

Posted 22 March 2010 - 04:36 PM

Hi,

that looks good. How is your PC doing now?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 helderman

helderman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 22 March 2010 - 10:34 PM

Seems good so far... i moved off all of the financial stuff just in case... but it is running the camera surveillance system for the house now, before that would lock it up every time. Thanks for all your help! I really appreciate it.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:19 AM

Posted 24 March 2010 - 04:18 PM

Hi,

I'm not exactly sure I understood your previous statement, does it still lock up?

Please run a scan with Eset as well:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 helderman

helderman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 28 March 2010 - 05:32 PM

I has quit freezing up (requiring a power cycle) but still hangs for a few seconds at a time. Here is the file from the scan.

C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1\Local Settings\Temp\plugtmp-9\plugin-pdf.php PDF/Exploit.Gen trojan cleaned by deleting - quarantined
D:\Program Files\OnlineHelpConsole\Hide.exe probably a variant of Win32/Adware.Agent application cleaned by deleting - quarantined
D:\WINDOWS\system32\Tools\Hide.exe probably a variant of Win32/Adware.Agent application cleaned by deleting - quarantined


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:19 AM

Posted 30 March 2010 - 07:09 AM

When does your PC freeze? What are you doing when it happens?

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 18 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your Adobe Reader is also out of date. Please uninstall it and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

Let me know if you run into any trouble.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 helderman

helderman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 30 March 2010 - 11:09 AM

What i meant by hanging... was that when i clicked on any window or application there was a 3-5 second delay before launching. I updated the Java as you suggested and it seems to have gone away. Does that make sense? Can an old version of Java cause that kind of a problem?

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:19 AM

Posted 03 April 2010 - 11:32 AM

Hi,

everything is possible I guess. laugh.gif Is the slowness staying away or as it come back?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 helderman

helderman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 05 April 2010 - 09:53 AM

So far, still no slowness. Thanks!

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:19 AM

Posted 05 April 2010 - 11:59 AM

Hi,

happy to hear! smile.gif

The only thing left to do then is to remove the programs we used:
Into Start>Run type and hit enter: helpasst -cleanup
  1. Delete the remaining tools used during the disinfection:
    • Download OTC from the following mirrors and save it to your desktop:
    • Double click on
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  2. If OTC faild to remove all programs from your Desktop, please delete the rest manually.
  3. Disable and Enable System Restore.
    You can find instructions on how to disable and reenable system restore here:
    Windows ME System Restore Guide
    Windows XP System Restore Guide
    Windows Vista System Restore Guide

    Note: You should only do this once, not on a regular basis!
    You will not be able to restore computer to any earlier than today!

Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:19 AM

Posted 20 April 2010 - 03:58 PM

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users