Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antimalware Doctor Still On Laptop After Uninstall Attempt


  • This topic is locked This topic is locked
30 replies to this topic

#1 JimB

JimB

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Location:Fredericksburg, Va. (USA)
  • Local time:11:28 PM

Posted 10 July 2010 - 02:34 PM

Greetings - I acquired this bug yesterday. I followed instructions at http://www.bleepingcomputer.com/virus-remo...imalware-doctor and the virus still remains.

So I headed on to step two (2) located at http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Here is the DDS log (text box below) and I have attached the ATTACH.TXT and ARK.TXT's as directed.

I appreciate your assistance, as usual. You guys are fantastic. Many thanks -Jim

-------------------------------------------------------------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by jimb at 12:42:39.79 on Sat 07/10/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1326 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\config\svchost.exe /service
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\explorer.exe
E:\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = hxxp://www.atssa.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.bing.com/?FORM=MFEHPG&PUBL=Google&CREA=userid1743go51d367c64cb6b50c6d8b0b7fe5f35618
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Microsoft Internet Explorer provided by ATSSA
mDefault_Page_URL = hxxp://www.atssa.com
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: c:\windows\system32\jiln05d1a.dll: {c3ba40a2-75f1-52bd-f413-04b15a2c8953} - c:\windows\system32\jiln05d1a.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Ask && Record Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Rxiqesazuyuf] rundll32.exe "c:\windows\kce2xbdi.dll",Startup
uRun: [070700Setup.exe] c:\documents and settings\jimb.atssahq\application data\447d36942813e3527f594a9a373de6bb\070700Setup.exe
uRun: [sdr8gdrgdrgke49orkgsjkjfjhsd] c:\docume~1\jimb~1.ats\locals~1\temp\mdm.exe
uRun: [hsef87ehf3jishfs87fhuishfsgggfdgs4g] c:\docume~1\jimb~1.ats\locals~1\temp\vq4rttl0.exe
uRun: [hsehf98u34i9tjioaugy987iuegdsg] c:\docume~1\jimb~1.ats\locals~1\temp\win.exe
uRun: [JDK5SWFMZY] c:\docume~1\jimb~1.ats\locals~1\temp\Ofr.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [AdobeVersionCue] c:\program files\adobe\adobe version cue\controlpanel\VersionCueTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Ask and Record FLV Service] "c:\program files\ask & record toolbar\FLVSrvc.exe" /run
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
StartupFolder: c:\docume~1\jimb~1.ats\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\jimb~1.ats\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: mediasource.com\www.research
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217618975790
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cisionpoint.webex.com/client/T26L10NSP49EP30/sales/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\jiln05d1a.dll: {c3ba40a2-75f1-52bd-f413-04b15a2c8953} - c:\windows\system32\jiln05d1a.dll
LSA: Authentication Packages = msv1_0 wvauth

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================

2008-09-01 22:40:00 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat

============= FINISH: 12:44:28.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 JimB

JimB
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Location:Fredericksburg, Va. (USA)
  • Local time:11:28 PM

Posted 12 July 2010 - 11:35 AM

Next problem - this morning, when I turned the computer on, Windows would not start up. After repeated attempts, I attempted to boot (with a disc) using the XP recovery console. When prompted for the Admin password, I enter it. Correctly (case sensitive). After three attempts it boots me back to the beginning. l tried leaving the password blank (nothing) and hitting enter, that doesn't work either. I see there are ways to recover the password in Windows, but I can't get into windows. Heck, I can't even get a DOS prompt!

Edited by JimB, 12 July 2010 - 12:43 PM.


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:28 AM

Posted 13 July 2010 - 09:34 AM

Hello Jim, My names Syler and I will be helping you to solve your malware issues.

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have
since resolved your issues I would appreciate if you would let me no so I can close this topic.


Please download OTLPE (filesize 120,9 MB)
  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

unite.jpg


#4 JimB

JimB
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Location:Fredericksburg, Va. (USA)
  • Local time:11:28 PM

Posted 13 July 2010 - 10:14 AM

Downloading OTLPE now, will make a CD, attempt a reboot and get back with you shortly.

#5 JimB

JimB
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Location:Fredericksburg, Va. (USA)
  • Local time:11:28 PM

Posted 13 July 2010 - 11:38 AM

Syler - here's the log...

------------------------------------------

OTL logfile created on: 7/13/2010 1:36:14 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2800.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 84.17 Gb Free Space | 56.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Disabled] -- -- (Pchecan)
SRV - [2010/07/10 00:23:14 | 000,045,716 | ---- | M] () [Auto] -- C:\WINDOWS\system32\config\svchost.exe -- (svchost32)
SRV - [2009/12/13 12:37:08 | 000,030,192 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/11/19 12:26:54 | 000,455,944 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/11 18:31:14 | 000,039,424 | ---- | M] (Xobni Corporation) [Auto] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2008/02/22 13:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/12/05 21:07:34 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/11/08 23:50:10 | 001,552,384 | ---- | M] () [Auto] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/09/13 15:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 18:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/08/31 18:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2004/03/25 11:35:26 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)
SRV - [2004/03/12 15:18:06 | 000,169,192 | ---- | M] (symantec) [Auto] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/03/12 15:17:46 | 001,221,864 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/03/12 15:17:10 | 000,029,928 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/03/11 14:58:32 | 000,193,760 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/02/29 16:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/02/29 16:44:52 | 000,087,160 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/02/29 16:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Boot] -- -- (cerc6)
DRV - [2010/07/11 20:30:21 | 000,000,000 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\gzeywwog.sys -- (gzeywwog)
DRV - [2010/07/09 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100709.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/09 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100709.002\NAVENG.SYS -- (NAVENG)
DRV - [2009/10/07 04:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere AF(UVC)
DRV - [2009/10/07 04:48:18 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2009/10/07 04:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/03/25 11:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/03/25 11:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/03/25 11:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/03/25 11:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/03/25 11:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/04/14 03:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 03:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 03:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 03:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 03:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 03:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 03:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 03:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 03:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 03:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 03:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 03:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 03:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 03:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 03:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 03:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/03/06 15:57:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/01/03 16:21:32 | 000,026,504 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/12/05 21:07:36 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/28 17:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/10/09 05:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/09/10 10:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 10:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2007/09/06 10:18:40 | 000,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 15:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/23 15:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/05/31 16:50:20 | 006,727,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/04/15 22:49:08 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/18 16:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/12/19 15:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 13:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/03/11 14:58:10 | 000,263,616 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/03/11 14:58:08 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/03/04 23:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/09 15:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 15:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.atssa.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080726
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080726


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080726
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080726
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.ATSSAHQ_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb
IE - HKU\Administrator.ATSSAHQ_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Administrator.ATSSAHQ_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Administrator.ATSSAHQ_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080726
IE - HKU\Administrator.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Administrator.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Administrator.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080726
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080726
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\jimb.ATSSAHQ_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.atssa.com
IE - HKU\jimb.ATSSAHQ_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb
IE - HKU\jimb.ATSSAHQ_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\jimb.ATSSAHQ_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\jimb.ATSSAHQ_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?FORM=MFEHPG&PUBL=...d8b0b7fe5f35618
IE - HKU\jimb.ATSSAHQ_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\jimb.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\jimb.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\jimb.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\jimb_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080726
IE - HKU\jimb_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb
IE - HKU\jimb_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atssa.com/
IE - HKU\jimb_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0






O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (C:\WINDOWS\system32\jiln05d1a.dll) - {C3BA40A2-75F1-52BD-F413-04B15A2C8953} - C:\WINDOWS\system32\jiln05d1a.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Ask && Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\jimb.ATSSAHQ_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\jimb.ATSSAHQ_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\jimb.ATSSAHQ_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\jimb.ATSSAHQ_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\jimb.ATSSAHQ_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\jimb_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Systems)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\Administrator.ATSSAHQ_ON_C..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\Administrator_ON_C..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\jimb.ATSSAHQ_ON_C..\Run: [070700Setup.exe] C:\Documents and Settings\jimb.ATSSAHQ\Application Data\447D36942813E3527F594A9A373DE6BB\070700Setup.exe (MS)
O4 - HKU\jimb.ATSSAHQ_ON_C..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKU\jimb.ATSSAHQ_ON_C..\Run: [hsef87ehf3jishfs87fhuishfsgggfdgs4g] C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Temp\vq4rttl0.exe ()
O4 - HKU\jimb.ATSSAHQ_ON_C..\Run: [hsehf98u34i9tjioaugy987iuegdsg] C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Temp\win.exe ()
O4 - HKU\jimb.ATSSAHQ_ON_C..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\jimb.ATSSAHQ_ON_C..\Run: [JDK5SWFMZY] C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Temp\Ofr.exe (ConeXware, Inc.)
O4 - HKU\jimb.ATSSAHQ_ON_C..\Run: [Rxiqesazuyuf] C:\WINDOWS\kce2xbdi.DLL (Wondershare)
O4 - HKU\jimb.ATSSAHQ_ON_C..\Run: [sdr8gdrgdrgke49orkgsjkjfjhsd] C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Temp\mdm.exe ()
O4 - HKU\jimb.ATSSAHQ_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\jimb_ON_C..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\jimb.ATSSAHQ\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\jimb.ATSSAHQ\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.ATSSAHQ_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\jimb.ATSSAHQ_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\jimb.ATSSAHQ_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\jimb_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1217618975790 (WUWebControl Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cisionpoint.webex.com/client/T26L10...les/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ATSSA.NET
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O22 - SharedTaskScheduler: {C3BA40A2-75F1-52BD-F413-04B15A2C8953} - jahs8973fioafnh98fasfw3gadfgjdsdf - C:\WINDOWS\system32\jiln05d1a.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/19 08:18:46 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: drivutou - (C:\WINDOWS\system32\bootpgds.dll) - C:\WINDOWS\system32\bootpgds.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/12 04:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Dell
[2010/07/09 18:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jimb.ATSSAHQ\Application Data\Malwarebytes
[2010/07/09 17:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ATSSAHQ\Application Data\Malwarebytes
[2010/07/09 17:37:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/09 17:37:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/09 17:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/09 16:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/09 16:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/09 16:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ATSSAHQ\Application Data\Macromedia
[2010/07/09 16:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ATSSAHQ\Application Data\Adobe
[2010/07/09 16:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ATSSAHQ\Application Data\Yahoo!
[2010/07/09 15:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ATSSAHQ\Application Data\Research In Motion
[2010/07/09 15:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ATSSAHQ\My Documents\Ask and Record Toolbar
[2010/07/09 15:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ATSSAHQ\Local Settings\Application Data\FLVService
[2010/07/09 15:17:34 | 000,062,976 | ---- | C] (Blog do Birungueta) -- C:\Documents and Settings\Administrator.ATSSAHQ\Application Data\cba8e882.exe
[2010/07/09 15:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/09 15:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/09 14:51:39 | 000,206,336 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Oxihia.exe
[2010/07/09 14:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Application Data\uttlmdhmi
[2010/07/09 14:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jimb.ATSSAHQ\Application Data\447D36942813E3527F594A9A373DE6BB
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\jimb.ATSSAHQ\Desktop\*.tmp files -> C:\Documents and Settings\jimb.ATSSAHQ\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/13 03:41:45 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2010/07/13 03:40:58 | 000,000,345 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/07/13 03:40:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/11 20:30:24 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\jimb.ATSSAHQ\NTUSER.DAT
[2010/07/11 20:30:24 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/07/11 20:30:24 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/07/11 20:30:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\gzeywwog.sys
[2010/07/11 20:30:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/11 20:28:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/11 20:01:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/11 19:41:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/11 17:48:22 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0704A39E-00F1-40ED-962A-0DDEA8353AD9}.job
[2010/07/11 15:41:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/11 14:23:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/10 17:49:50 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/07/10 17:48:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Application Data\WavXMapDrive.bat
[2010/07/10 17:48:56 | 000,019,986 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/07/10 17:48:24 | 000,002,148 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/10 17:48:21 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\157b9948.job
[2010/07/10 16:25:33 | 2145,353,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 00:22:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/10 00:22:41 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/10 00:22:39 | 000,047,616 | -H-- | M] () -- C:\WINDOWS\System32\bootpgds.dll
[2010/07/09 19:20:05 | 000,088,064 | ---- | M] () -- C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/09 18:54:29 | 000,019,986 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/09 18:52:51 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator.ATSSAHQ\NTUSER.DAT
[2010/07/09 18:52:10 | 006,457,748 | -H-- | M] () -- C:\Documents and Settings\Administrator.ATSSAHQ\Local Settings\Application Data\IconCache.db
[2010/07/09 17:05:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator.ATSSAHQ\Local Settings\Application Data\WavXMapDrive.bat
[2010/07/09 16:52:32 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\jimb.ATSSAHQ\Desktop\rkill.com
[2010/07/09 14:59:58 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/09 14:58:34 | 000,002,716 | ---- | M] () -- C:\WINDOWS\inayatupekamos.dll
[2010/07/09 14:55:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/07/09 14:55:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/07/09 14:51:34 | 000,206,336 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Oxihia.exe
[2010/07/09 14:51:15 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\jiln05d1a.dll
[2010/07/09 07:46:58 | 000,000,063 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/07/05 19:24:03 | 021,406,852 | -H-- | M] () -- C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Application Data\IconCache.db
[2010/06/22 07:15:03 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\jimb.ATSSAHQ\Desktop\PAYMENT REQUEST FORM.xls
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\jimb.ATSSAHQ\Desktop\*.tmp files -> C:\Documents and Settings\jimb.ATSSAHQ\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/10 00:22:41 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/10 00:22:39 | 000,047,616 | -H-- | C] () -- C:\WINDOWS\System32\bootpgds.dll
[2010/07/09 19:20:22 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\jimb.ATSSAHQ\Desktop\rkill.com
[2010/07/09 17:05:52 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/07/09 17:03:33 | 000,002,148 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 16:51:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 15:56:56 | 000,019,986 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/09 15:56:56 | 000,019,986 | ---- | C] () -- C:\WINDOWS\System32\nvModes.001
[2010/07/09 15:39:03 | 000,088,388 | ---- | C] () -- C:\Documents and Settings\Administrator.ATSSAHQ\Local Settings\Application Data\FASTWiz.log
[2010/07/09 14:58:34 | 000,002,716 | ---- | C] () -- C:\WINDOWS\inayatupekamos.dll
[2010/07/09 14:51:47 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/09 14:51:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\gzeywwog.sys
[2010/07/09 14:51:29 | 000,000,294 | -H-- | C] () -- C:\WINDOWS\tasks\157b9948.job
[2010/07/09 14:51:15 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\jiln05d1a.dll
[2010/06/22 07:15:03 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\jimb.ATSSAHQ\Desktop\PAYMENT REQUEST FORM.xls
[2010/03/30 13:15:03 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/12/17 11:28:39 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Application Data\xobni_installer_updater.log
[2009/12/08 15:53:25 | 000,000,063 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/10/08 06:47:41 | 008,801,704 | ---- | C] () -- C:\Program Files\FLV PlayerATBSetup.exe
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/09 07:14:52 | 000,022,094 | ---- | C] () -- C:\Documents and Settings\jimb.ATSSAHQ\Application Data\Comma Separated Values (Windows).ADR
[2008/10/03 09:05:31 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\jimb.ATSSAHQ\g2mdlhlpx.exe
[2008/08/12 14:30:00 | 000,000,095 | ---- | C] () -- C:\WINDOWS\RAMS.INI
[2008/08/12 14:29:01 | 000,000,105 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/12 08:47:00 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/08 09:44:03 | 000,000,199 | ---- | C] () -- C:\WINDOWS\OPLV.INI
[2008/08/07 19:19:17 | 000,030,169 | ---- | C] () -- C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Application Data\FASTWiz.log
[2008/08/07 18:44:18 | 000,000,395 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2008/08/07 17:38:07 | 000,026,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/08/07 17:07:05 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Application Data\FASTWiz.html
[2008/08/07 17:03:22 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\jimb.ATSSAHQ\wave_license.txt
[2008/08/07 17:03:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Application Data\WavXMapDrive.bat
[2008/08/07 17:03:21 | 006,815,744 | -H-- | C] () -- C:\Documents and Settings\jimb.ATSSAHQ\NTUSER.DAT
[2008/08/07 17:03:21 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\jimb.ATSSAHQ\ntuser.dat.LOG
[2008/08/07 17:03:21 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\jimb.ATSSAHQ\ntuser.ini
[2008/08/07 17:02:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/08/07 16:53:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.ATSSAHQ\Local Settings\Application Data\WavXMapDrive.bat
[2008/08/07 16:53:19 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\Administrator.ATSSAHQ\ntuser.dat.LOG
[2008/08/07 16:53:19 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\Administrator.ATSSAHQ\wave_license.txt
[2008/08/07 16:53:19 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator.ATSSAHQ\ntuser.ini
[2008/08/07 16:53:18 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Administrator.ATSSAHQ\NTUSER.DAT
[2008/08/01 14:10:09 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\jimb\wave_license.txt
[2008/08/01 14:10:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jimb\Local Settings\Application Data\WavXMapDrive.bat
[2008/08/01 14:10:08 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\jimb\NTUSER.DAT
[2008/08/01 14:10:08 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\jimb\ntuser.dat.LOG
[2008/08/01 14:10:08 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\jimb\ntuser.ini
[2008/07/26 02:59:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/26 02:56:41 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/07/26 02:55:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat
[2008/07/26 02:52:04 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/07/26 02:52:03 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/07/26 02:47:29 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\Administrator\wave_license.txt
[2008/07/26 02:45:00 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/07/26 02:42:25 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/07/26 02:42:25 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/07/26 02:16:40 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/26 02:16:40 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/26 02:16:39 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/07/26 02:16:39 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/26 02:15:07 | 000,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/09/13 15:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 15:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 15:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 15:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 15:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 15:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 15:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 16:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 16:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 16:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 16:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 16:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 16:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 16:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 16:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 16:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 16:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 10:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/15 11:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/08/14 12:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 09:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 14:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 14:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/12 01:20:24 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2004/08/12 01:20:15 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2004/08/12 01:20:15 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:20:25 | 000,086,016 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2004/08/11 18:20:25 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2004/08/11 18:20:16 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2004/08/11 18:20:15 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/08/11 18:20:15 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2004/08/11 18:20:15 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/24 11:13:48 | 001,027,072 | ---- | C] () -- C:\WINDOWS\System32\UPSTrack.dll
[2002/05/16 16:06:52 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2001/07/31 09:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2000/10/31 19:39:10 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2000/10/31 19:25:00 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

========== LOP Check ==========

[2008/08/08 10:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2010/07/09 15:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.ATSSAHQ\Application Data\Research In Motion
[2008/07/26 02:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.ATSSAHQ\Application Data\Wave Systems Corp
[2008/07/26 02:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2010/07/09 15:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimb.ATSSAHQ\Application Data\447D36942813E3527F594A9A373DE6BB
[2008/08/08 10:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimb.ATSSAHQ\Application Data\AT&T
[2009/12/29 10:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimb.ATSSAHQ\Application Data\Blackberry Desktop
[2008/08/08 10:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimb.ATSSAHQ\Application Data\Bytemobile
[2008/08/07 17:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimb.ATSSAHQ\Application Data\DBUpdater
[2010/07/09 14:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimb.ATSSAHQ\Application Data\Euclid Technology
[2010/02/25 11:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimb.ATSSAHQ\Application Data\Facebook
[2010/03/30 13:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimb.ATSSAHQ\Application Data\Leadertech
[2008/08/07 18:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimb.ATSSAHQ\Application Data\Research In Motion
[2008/08/07 17:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimb.ATSSAHQ\Application Data\Sierra Wireless
[2009/09/18 10:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimb.ATSSAHQ\Application Data\Summitsoft
[2010/03/11 08:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimb.ATSSAHQ\Application Data\Wave Systems Corp
[2008/08/01 16:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimb\Application Data\OfficeUpdate12
[2008/07/26 02:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jimb\Application Data\Wave Systems Corp
[2009/08/25 06:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/07/10 17:48:21 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\Tasks\157b9948.job
[2010/07/11 20:01:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/07/11 17:48:22 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0704A39E-00F1-40ED-962A-0DDEA8353AD9}.job
[2010/07/11 20:28:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========


< End of report >


#6 JimB

JimB
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Location:Fredericksburg, Va. (USA)
  • Local time:11:28 PM

Posted 13 July 2010 - 11:45 AM

sad.gif After I posted this log, returned to the infected laptop - it's locked, so I assume I will have to run the start-up CD again...

Edited by JimB, 13 July 2010 - 11:46 AM.


#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:28 AM

Posted 13 July 2010 - 11:55 AM

Hi,

Please don't make any other changes at the moment, I don't have time to have a proper look at the log but I will do as soon as I get home, then i will give you some more instructions. Can you explain what you mean when you say the computer is locked?

unite.jpg


#8 JimB

JimB
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Location:Fredericksburg, Va. (USA)
  • Local time:11:28 PM

Posted 13 July 2010 - 11:59 AM

QUOTE(syler @ Jul 13 2010, 11:55 AM) View Post
Hi,

Please don't make any other changes at the moment, I don't have time to have a proper look at the log but I will do as soon as I get home, then i will give you some more instructions. Can you explain what you mean when you say the computer is locked?


Mouse stopped moving. Froze. Locked up. Just restarted with the CD and it's fine for now. Mouse is moveable.

#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:28 AM

Posted 13 July 2010 - 12:02 PM

Is that in the REATOGO enviroment or can you now boot into wiindows?

unite.jpg


#10 JimB

JimB
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Location:Fredericksburg, Va. (USA)
  • Local time:11:28 PM

Posted 13 July 2010 - 12:04 PM

Question (sorry) - I would like to export my PST files. Can I do so via Reatogo? I'd like to get them OFF the infected computer onto a thumb drive just in case this is an issue that can't be resolved... i.e. a WIPE has to be done.
Just curious. Thanks for all your help so far.

QUOTE(syler @ Jul 13 2010, 12:02 PM) View Post
Is that in the REATOGO enviroment or can you now boot into wiindows?


That was in the REATOGO environment. I have NOT attempted to reboot into windows without the CD yet.

#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:28 AM

Posted 13 July 2010 - 12:09 PM

Yes you would be able to transfer any files to a flash drive in the Reatogo enviroment. I could give you instructions
but you would need to wait untill I get home. If you are ok with computers, you should be able to figure out how to
do it easily.

unite.jpg


#12 JimB

JimB
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Location:Fredericksburg, Va. (USA)
  • Local time:11:28 PM

Posted 13 July 2010 - 12:23 PM

No need for instructions, I can get the PST files no problem. Just wasn't sure if the REATOGO environment would allow or not.

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:28 AM

Posted 13 July 2010 - 01:16 PM

Ok, let's try and get your computer working again. Please let me know if you can boot windows normally after doing the
following fix.


Run OTLPE
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - [2010/07/10 00:23:14 | 000,045,716 | ---- | M] () [Auto] -- C:\WINDOWS\system32\config\svchost.exe -- (svchost32)
    DRV - [2010/07/11 20:30:21 | 000,000,000 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\gzeywwog.sys -- (gzeywwog)
    O2 - BHO: (C:\WINDOWS\system32\jiln05d1a.dll) - {C3BA40A2-75F1-52BD-F413-04B15A2C8953} - C:\WINDOWS\system32\jiln05d1a.dll ()
    O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
    O4 - HKU\jimb.ATSSAHQ_ON_C..\Run: [070700Setup.exe] C:\Documents and Settings\jimb.ATSSAHQ\Application Data\447D36942813E3527F594A9A373DE6BB\070700Setup.exe (MS)
    O4 - HKU\jimb.ATSSAHQ_ON_C..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
    O4 - HKU\jimb.ATSSAHQ_ON_C..\Run: [hsef87ehf3jishfs87fhuishfsgggfdgs4g] C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Temp\vq4rttl0.exe ()
    O4 - HKU\jimb.ATSSAHQ_ON_C..\Run: [hsehf98u34i9tjioaugy987iuegdsg] C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Temp\win.exe ()
    O4 - HKU\jimb.ATSSAHQ_ON_C..\Run: [JDK5SWFMZY] C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Temp\Ofr.exe (ConeXware, Inc.)
    O4 - HKU\jimb.ATSSAHQ_ON_C..\Run: [Rxiqesazuyuf] C:\WINDOWS\kce2xbdi.DLL (Wondershare)
    O4 - HKU\jimb.ATSSAHQ_ON_C..\Run: [sdr8gdrgdrgke49orkgsjkjfjhsd] C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Temp\mdm.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O22 - SharedTaskScheduler: {C3BA40A2-75F1-52BD-F413-04B15A2C8953} - jahs8973fioafnh98fasfw3gadfgjdsdf - C:\WINDOWS\system32\jiln05d1a.dll ()
    [2010/07/09 15:17:34 | 000,062,976 | ---- | C] (Blog do Birungueta) -- C:\Documents and Settings\Administrator.ATSSAHQ\Application Data\cba8e882.exe
    [2010/07/09 14:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Application Data\uttlmdhmi
    [2010/07/09 14:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jimb.ATSSAHQ\Application Data\447D36942813E3527F594A9A373DE6BB
    [1 C:\Documents and Settings\jimb.ATSSAHQ\Desktop\*.tmp files -> C:\Documents and Settings\jimb.ATSSAHQ\Desktop\*.tmp -> ]
    [2010/07/10 17:48:21 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\157b9948.job
    :Reg
    [HKU\Administrator.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=dword:00000000
    [HKU\Administrator.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=""
    [HKU\jimb.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=dword:00000000
    [HKU\jimb.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=""
    :Commands
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • When finished, the log will be saved in drive C:\_OTL\MovedFiles with a name made up of the date/time that the fix was performed.
  • Try to restart windows normally and post the log in your reply.

unite.jpg


#14 JimB

JimB
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Location:Fredericksburg, Va. (USA)
  • Local time:11:28 PM

Posted 13 July 2010 - 01:29 PM

After I Run the Fix, you ask me to re-boot.
REMOVE the CD for the Reboot? Or leave it in.

#15 JimB

JimB
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Location:Fredericksburg, Va. (USA)
  • Local time:11:28 PM

Posted 13 July 2010 - 01:32 PM

Here's the log ----

-------------------------------

Error: Unable to interpret <CODE> in the current context!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svchost32 deleted successfully.
C:\WINDOWS\system32\config\svchost.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gzeywwog deleted successfully.
C:\WINDOWS\system32\drivers\gzeywwog.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3BA40A2-75F1-52BD-F413-04B15A2C8953}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3BA40A2-75F1-52BD-F413-04B15A2C8953}\ deleted successfully.
C:\WINDOWS\system32\jiln05d1a.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\SITEguard deleted successfully.
Registry value HKEY_USERS\jimb.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\070700Setup.exe deleted successfully.
C:\Documents and Settings\jimb.ATSSAHQ\Application Data\447D36942813E3527F594A9A373DE6BB\070700Setup.exe moved successfully.
Registry value HKEY_USERS\jimb.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 deleted successfully.
Registry value HKEY_USERS\jimb.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\hsef87ehf3jishfs87fhuishfsgggfdgs4g deleted successfully.
C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Temp\vq4rttl0.exe moved successfully.
Registry value HKEY_USERS\jimb.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\hsehf98u34i9tjioaugy987iuegdsg deleted successfully.
C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Temp\win.exe moved successfully.
Registry value HKEY_USERS\jimb.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\JDK5SWFMZY deleted successfully.
C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Temp\Ofr.exe moved successfully.
Registry value HKEY_USERS\jimb.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Rxiqesazuyuf deleted successfully.
C:\WINDOWS\kce2xbdi.dll moved successfully.
Registry value HKEY_USERS\jimb.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\sdr8gdrgdrgke49orkgsjkjfjhsd deleted successfully.
C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Temp\mdm.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Administrator.ATSSAHQ_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\jimb.ATSSAHQ_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\jimb_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C3BA40A2-75F1-52BD-F413-04B15A2C8953} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3BA40A2-75F1-52BD-F413-04B15A2C8953}\ not found.
File C:\WINDOWS\system32\jiln05d1a.dll not found.
C:\Documents and Settings\Administrator.ATSSAHQ\Application Data\cba8e882.exe moved successfully.
C:\Documents and Settings\jimb.ATSSAHQ\Local Settings\Application Data\uttlmdhmi folder moved successfully.
C:\Documents and Settings\jimb.ATSSAHQ\Application Data\447D36942813E3527F594A9A373DE6BB folder moved successfully.
C:\Documents and Settings\jimb.ATSSAHQ\Desktop\~WRL2070.tmp deleted successfully.
C:\WINDOWS\tasks\157b9948.job moved successfully.
========== REGISTRY ==========
HKU\Administrator.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|dword:00000000 /E : value set successfully!
HKU\Administrator.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E : value set successfully!
HKU\jimb.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|dword:00000000 /E : value set successfully!
HKU\jimb.ATSSAHQ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator.ATSSAHQ
->Temp folder emptied: 1275329 bytes
->Temporary Internet Files folder emptied: 147590 bytes
->Java cache emptied: 10680337 bytes
->Flash cache emptied: 1924 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: jimb
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 405 bytes

User: jimb.ATSSAHQ
->Temp folder emptied: 1142403355 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Java cache emptied: 66825883 bytes
->Flash cache emptied: 0 bytes

User: JIMB~1~ATS

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 50758 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 639378 bytes
->Java cache emptied: 27 bytes
->Flash cache emptied: 1973 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 107317 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1250395857 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 51768428 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

Total Files Cleaned = 2,408.00 mb


OTLPE by OldTimer - Version 3.1.39.0 log created on 07132010_173318





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users