:OTL DRV - (RkHit) -- C:\WINDOWS\system32\drivers\RKHit.sys File not found DRV - (mfeavfk01) -- Device\mfeavfk01.sys File not found DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [cdEaqoYrltbao.exe] C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe File not found O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.) O27 - HKLM IFEO\ekrn.exe : Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation) O33 - MountPoints2\{d1f2cff4-23cd-11de-adc2-0015c5badd08}\Shell\AutoRun\command - "" = 0iocrb1h.cmd O33 - MountPoints2\{d1f2cff4-23cd-11de-adc2-0015c5badd08}\Shell\explore\Command - "" = 0iocrb1h.cmd O33 - MountPoints2\{d1f2cff4-23cd-11de-adc2-0015c5badd08}\Shell\open\Command - "" = 0iocrb1h.cmd NetSvcs: SSHNAS - File not found [2012/04/23 17:43:03 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys [2012/04/23 17:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\stinger [2012/04/23 17:31:19 | 009,396,288 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Brid Dinan\Desktop\stinger sunday.exe [2012/04/23 18:09:43 | 000,000,061 | RH-- | M] () -- C:\Documents and Settings\Brid Dinan\Desktop\stinger sunday.opt [2012/04/23 17:43:03 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys [2012/04/22 23:53:48 | 009,396,288 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Brid Dinan\Desktop\stinger sunday.exe [2012/04/21 18:49:05 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd [2012/04/21 18:48:48 | 000,381,952 | ---- | C] () -- C:\Documents and Settings\Brid Dinan\Local Settings\Application Data\pfioahpvsu.exe [2011/07/27 23:53:47 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Pq1AbpuK0.dat [2011/07/27 23:32:54 | 000,012,924 | -HS- | C] () -- C:\Documents and Settings\Brid Dinan\Local Settings\Application Data\3707e7x82801v345n742586p5s3h1gq4 [2011/07/27 23:32:54 | 000,012,924 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3707e7x82801v345n742586p5s3h1gq4 [2011/07/27 23:32:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brid Dinan\Local Settings\Application Data\psmx.exe [2011/07/27 23:32:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ftnm.exe [2011/07/27 23:32:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brid Dinan\Local Settings\Application Data\xqnp.exe [2011/07/27 23:32:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cwlk.exe [2011/07/27 23:32:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brid Dinan\Local Settings\Application Data\cwdj.exe [2011/07/27 23:32:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ctdm.exe [2011/07/27 23:32:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bjfq.exe [2011/07/27 23:32:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brid Dinan\Local Settings\Application Data\xpkb.exe [2011/07/23 23:07:30 | 000,014,628 | -HS- | C] () -- C:\Documents and Settings\Brid Dinan\Local Settings\Application Data\15ho16v480qtjopuusb031qp2362v1q [2011/07/23 23:07:30 | 000,014,628 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\15ho16v480qtjopuusb031qp2362v1q [2011/07/23 23:06:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brid Dinan\Local Settings\Application Data\pewu.exe [2011/07/23 23:06:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brid Dinan\Local Settings\Application Data\ofss.exe [2011/07/23 23:06:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtuf.exe [2011/07/23 23:06:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jcqp.exe [2011/07/23 23:06:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ckkt.exe [2011/07/23 23:06:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brid Dinan\Local Settings\Application Data\ckey.exe [2011/07/23 23:06:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\prat.exe [2011/07/23 23:06:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brid Dinan\Local Settings\Application Data\posp.exe [2011/06/19 19:32:45 | 000,016,220 | -HS- | C] () -- C:\Documents and Settings\Brid Dinan\Local Settings\Application Data\ux28k8k70xg6ehd13ev2e [2011/06/19 19:32:45 | 000,016,220 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ux28k8k70xg6ehd13ev2e [2011/05/14 19:21:14 | 000,014,030 | -HS- | C] () -- C:\Documents and Settings\Brid Dinan\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 [2011/05/14 19:21:14 | 000,014,030 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 [2011/08/02 17:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"="1" "DoNotAllowExceptions"="1" "DisableNotifications"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"="1" "DoNotAllowExceptions"="1" "DisableNotifications"="0" :Files C:\WINDOWS\Tasks\At*.job C:\WINDOWS\System 32\drivers\inspec.sys ipconfig /flushdns /c :Commands [emptytemp] [CREATERESTOREPOINT] [Reboot]