Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

need help with win32/crypto virus [Closed]

Started by mountaineer26070 , Jul 26 2009 02:01 PM

  • This topic is locked This topic is locked

#1
mountaineer26070
Posted 26 July 2009 - 02:01 PM

mountaineer26070

    Member

  • Member
  • PipPip
  • 17 posts
The problem started the other day when my wife started egetting messages that windows antivirus pro found a virus. I was not able to run mcafees( my anti virus ) as I kept getting a message that it was disabled. ZI then triedto start windows defender which I had disabled when I went to mcafees but could not start the service. At this point I was able to download avg 8.5 which found 3 viruses wich it moved to the virus vault. I then started the processes outlined in the malware removal steps. I ran TFC without any problems, then created a restore point, I ran erunt without a problem, then tried to run malware bytes but it would not run. I tried renaming but it would start then the process would disappear and was never able to get it to run. I then ran another virus scan which found 2 instances of the win32/crypto which avg moved to the virus vault. I tried to run malwares again but still unable to run. I then ran windows updates without a problem, then ran rootappeal and otl and the logs are as follows:

ROOTREPEAL:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/26 15:28
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3F5A000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79BF000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB8245000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF77DF000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF4017000 Size: 61440 File Visible: No Signed: -
Status: -

==EOF==

OTL:
OTL logfile created on: 7/26/2009 3:31:48 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\Jim\Desktop\malware removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.42 Mb Total Physical Memory | 159.26 Mb Available Physical Memory | 35.68% Memory free
1.35 Gb Paging File | 0.93 Gb Available in Paging File | 69.18% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 42.11 Gb Free Space | 59.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 959.72 Mb Total Space | 840.81 Mb Free Space | 87.61% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYROOM
Current User Name: Jim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/07/23 22:26:53 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/07/13 16:27:16 | 00,528,384 | ---- | M] ( ) -- C:\WINDOWS\System32\lxctcoms.exe
PRC - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/23 22:27:07 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/23 22:27:07 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2006/08/23 20:12:44 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2009/06/26 09:04:58 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2005/09/26 11:26:58 | 00,110,592 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
PRC - [2007/01/11 13:57:22 | 00,291,760 | ---- | M] () -- C:\Program Files\Lexmark 5400 Series\lxctmon.exe
PRC - [2006/06/07 02:05:20 | 00,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 5400 Series\ezprint.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/23 22:27:02 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/07/23 19:51:13 | 00,027,136 | ---- | M] () -- C:\windows\ld12.exe
PRC - [2006/08/15 10:38:14 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/09/08 20:20:46 | 00,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2005/10/05 04:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 06:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
PRC - [2007/05/23 21:43:45 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/09/08 20:20:46 | 00,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2008/05/10 07:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2006/09/11 21:02:00 | 01,568,768 | ---- | M] (Belkin) -- C:\Program Files\My Essentials\USB ME1001-USB\Wireless Utility\O-Maxwcui.exe
PRC - [2005/09/08 20:20:46 | 00,464,384 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
PRC - [2007/11/01 18:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2009/07/25 10:28:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\malware removal\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (AntipPro2009_12 [Auto | Stopped])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/07/23 22:26:53 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/06/26 09:04:58 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331 [On_Demand | Stopped])
SRV - [2009/05/21 17:28:40 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - File not found -- -- (KodakCCS [On_Demand | Stopped])
SRV - [2006/07/13 16:27:16 | 00,528,384 | ---- | M] ( ) -- C:\WINDOWS\System32\lxctcoms.exe -- (lxct_device [Auto | Running])
SRV - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2005/07/12 19:10:18 | 00,963,072 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService [Auto | Stopped])
SRV - [2006/08/23 20:12:44 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061010
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061010
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061010
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/07 02:03:21 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (McAfee AntiPhishing Filter) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\System32\geBqRiiG.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (ICQSys (IE PlugIn)) - {F54AF7DE-6038-4026-8433-CC30E3F17212} - C:\WINDOWS\System32\dddesot.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Lexmark 5400 Series Fax Server] C:\Program Files\Lexmark 5400 Series\fm3032.exe ()
O4 - HKLM..\Run: [LXCTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PhilipsDM] C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [sysldtray] C:\windows\ld12.exe ()
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\My Essentials Wireless USB Utility.lnk = C:\Program Files\My Essentials\USB ME1001-USB\Wireless Utility\O-Maxwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.to...8.34/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\geBqRiiG: DllName - geBqRiiG.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\System32\geBqRiiG.dll File not found
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/03/09 14:28:38 | 00,024,576 | ---- | M] () - E:\Auto Narrative-E11.doc -- [ FAT ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/07/26 15:15:50 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/26 14:56:23 | 46,817,6896 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/26 14:52:57 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/26 14:52:55 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/26 14:52:53 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/26 14:52:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/26 14:52:21 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/26 14:52:18 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\NTREGOPT.lnk
[2009/07/26 14:52:18 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\ERUNT.lnk
[2009/07/26 13:49:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Malwarebytes
[2009/07/26 10:58:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\Mozilla
[2009/07/25 14:47:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Apple Computer
[2009/07/25 14:47:10 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/07/25 14:47:10 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/07/25 14:47:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\Apple Computer
[2009/07/25 13:36:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/07/25 13:28:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Mozilla
[2009/07/25 12:52:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(2)
[2009/07/25 11:56:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/25 11:55:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/25 11:54:18 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/25 11:18:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Desktop\malware removal
[2009/07/23 22:44:12 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/07/23 22:28:03 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/07/23 22:28:02 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/07/23 22:28:02 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/07/23 22:27:56 | 00,335,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/23 22:27:56 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/07/23 22:27:32 | 39,281,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/23 22:27:30 | 00,041,419 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/23 22:27:29 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/07/23 22:27:20 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/07/23 22:27:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/07/23 22:26:48 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/07/23 22:26:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/07/23 22:22:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\AVG8
[2009/07/23 20:54:59 | 00,000,002 | ---- | C] () -- C:\WINDOWS\0535251103110107106.xvb
[2009/07/23 20:54:58 | 00,000,002 | ---- | C] () -- C:\WINDOWS\0101120101465749.dat
[2009/07/23 20:54:56 | 00,000,002 | ---- | C] () -- C:\WINDOWS\0101120101464853.dat
[2009/07/23 20:11:34 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\onhelp.htm
[2009/07/23 19:57:26 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\bincd32.dat
[2009/07/23 19:56:43 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\sysnet.dat
[2009/07/23 19:56:29 | 00,000,002 | ---- | C] () -- C:\WINDOWS\ppp3.dat
[2009/07/23 19:56:28 | 00,000,064 | ---- | C] () -- C:\WINDOWS\ppp4.dat
[2009/07/23 19:56:21 | 00,000,019 | ---- | C] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/07/23 19:54:52 | 00,000,002 | ---- | C] () -- C:\WINDOWS\0101120101464849.dat
[2009/07/23 19:54:48 | 00,000,002 | ---- | C] () -- C:\WINDOWS\010112010146118114.dat
[2009/07/23 19:54:33 | 00,000,002 | ---- | C] () -- C:\-1532092109
[2009/07/23 19:54:04 | 00,000,204 | ---- | C] () -- C:\WINDOWS\prxid93ps.dat
[2009/07/23 19:51:13 | 00,027,136 | ---- | C] () -- C:\WINDOWS\ld12.exe
[2009/07/22 17:52:12 | 00,009,216 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Untitled_Document5.wps
[2009/07/22 17:51:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Template
[2009/07/22 17:51:32 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\wklnhst.dat
[2009/07/19 11:24:33 | 00,000,425 | ---- | C] () -- C:\WINDOWS\System32\geyekrmejqakkt.dat
[2009/07/18 14:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009/07/18 11:59:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\AdobeUM

========== Files - Modified Within 14 Days ==========

[2009/07/26 15:24:52 | 00,000,204 | ---- | M] () -- C:\WINDOWS\prxid93ps.dat
[2009/07/26 15:23:41 | 00,065,580 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/07/26 15:22:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/26 15:22:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/26 15:22:23 | 46,817,6896 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/26 15:20:05 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/07/26 15:20:04 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/26 15:20:04 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/26 14:52:57 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/26 14:52:21 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/26 14:52:18 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\NTREGOPT.lnk
[2009/07/26 14:52:18 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\ERUNT.lnk
[2009/07/26 10:36:05 | 01,579,166 | -H-- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\IconCache.db
[2009/07/26 08:41:31 | 39,281,634 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/25 18:52:43 | 00,041,419 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/25 14:47:10 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/07/25 14:47:10 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/07/24 18:30:02 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (MYROOM-Amanda).job
[2009/07/23 22:28:03 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/07/23 22:28:02 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/07/23 22:28:02 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/07/23 22:27:56 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/23 22:27:56 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/07/23 22:27:30 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/07/23 22:27:29 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/07/23 21:55:30 | 00,000,064 | ---- | M] () -- C:\WINDOWS\ppp4.dat
[2009/07/23 21:55:30 | 00,000,002 | ---- | M] () -- C:\WINDOWS\ppp3.dat
[2009/07/23 21:47:39 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\bincd32.dat
[2009/07/23 21:36:40 | 00,001,382 | ---- | M] () -- C:\WINDOWS\System32\onhelp.htm
[2009/07/23 20:54:59 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0535251103110107106.xvb
[2009/07/23 20:54:58 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101465749.dat
[2009/07/23 20:54:56 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101464853.dat
[2009/07/23 19:56:43 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\sysnet.dat
[2009/07/23 19:56:21 | 00,000,019 | ---- | M] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/07/23 19:54:59 | 00,000,002 | ---- | M] () -- C:\-1532092109
[2009/07/23 19:54:52 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101464849.dat
[2009/07/23 19:54:48 | 00,000,002 | ---- | M] () -- C:\WINDOWS\010112010146118114.dat
[2009/07/23 19:51:13 | 00,027,136 | ---- | M] () -- C:\WINDOWS\ld12.exe
[2009/07/22 17:57:45 | 00,000,136 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\wklnhst.dat
[2009/07/22 17:52:16 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Untitled_Document5.wps
[2009/07/19 11:39:28 | 00,000,425 | ---- | M] () -- C:\WINDOWS\System32\geyekrmejqakkt.dat
[2009/07/16 03:03:26 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 01:20:02 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== LOP Check ==========

[2009/07/25 11:56:48 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/06/14 19:17:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5400 Series
[2007/04/06 00:07:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2004/08/10 14:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/06/02 11:49:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2007/10/25 18:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/26 13:49:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Jim\Application Data
[2009/06/16 19:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\5400 Series
[2009/06/19 13:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\PlayFirst
[2009/06/07 01:30:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Skinux
[2009/07/22 17:51:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Template
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/24 18:30:02 | 00,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (MYROOM-Amanda).job
[2009/07/15 01:20:02 | 00,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/07/01 01:00:01 | 00,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/07/26 15:22:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >

EXTRAS:
OTL Extras logfile created on: 7/26/2009 3:31:48 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\Jim\Desktop\malware removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.42 Mb Total Physical Memory | 159.26 Mb Available Physical Memory | 35.68% Memory free
1.35 Gb Paging File | 0.93 Gb Available in Paging File | 69.18% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 42.11 Gb Free Space | 59.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 959.72 Mb Total Space | 840.81 Mb Free Space | 87.61% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYROOM
Current User Name: Jim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\WINDOWS\system32\lxctcoms.exe" = C:\WINDOWS\system32\lxctcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 14
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9799BD05-5F89-484C-008E-F50592F53440}" = Harry Potter and the Goblet of Fire™
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA}" = Harry Potter and the Prisoner of Azkaban™
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter and the Order of the Phoenix™
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{BD41AD34-9D28-4384-B5BA-221A92D5E6AC}" = My Essentials Wireless USB Utility
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E8535487-9942-4173-BC98-E5B6460806C6}" = Might and Magic IX
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM Toolbar" = AIM Toolbar 5.0
"AIM_6" = AIM 6
"AVG8Uninstall" = AVG Free 8.5
"Bejeweled Deluxe 1.87" = Bejeweled Deluxe 1.87
"Clue" = Clue
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Diner Dash" = Diner Dash
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"Disney's Toontown Online" = Disney's Toontown Online
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{BD41AD34-9D28-4384-B5BA-221A92D5E6AC}" = My Essentials Wireless USB Utility
"InterActual Player" = InterActual Player
"Lexmark 5400 Series" = Lexmark 5400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Might and Magic® VI" = Might and Magic® VI
"Monopoly" = Monopoly
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Risk" = Risk
"SearchAssist" = SearchAssist
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/25/2009 1:26:04 PM | Computer Name = MYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/25/2009 1:34:16 PM | Computer Name = MYROOM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/25/2009 1:49:17 PM | Computer Name = MYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/25/2009 5:53:47 PM | Computer Name = MYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/25/2009 6:48:20 PM | Computer Name = MYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/26/2009 2:11:47 AM | Computer Name = MYROOM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/26/2009 8:29:45 AM | Computer Name = MYROOM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/26/2009 11:07:07 AM | Computer Name = MYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/26/2009 1:48:14 PM | Computer Name = MYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/26/2009 1:48:18 PM | Computer Name = MYROOM | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 7/26/2009 3:24:36 PM | Computer Name = MYROOM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server
service to connect.

Error - 7/26/2009 3:24:36 PM | Computer Name = MYROOM | Source = Service Control Manager | ID = 7000
Description = The McAfee SpamKiller Server service failed to start due to the following
error: %%1053

Error - 7/26/2009 3:25:55 PM | Computer Name = MYROOM | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {5A63D47D-1BA2-48FF-9955-31207899BE01}.
The
error: "%2" Happened while starting this command: c:\program files\mcafee.com\shared\mcinfo.exe
-Embedding

Error - 7/26/2009 3:26:03 PM | Computer Name = MYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MskService
with arguments "" in order to run the server: {5109B8D8-73AF-4C41-A70E-73707E1F908A}

Error - 7/26/2009 3:26:04 PM | Computer Name = MYROOM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server
service to connect.

Error - 7/26/2009 3:26:04 PM | Computer Name = MYROOM | Source = Service Control Manager | ID = 7000
Description = The McAfee SpamKiller Server service failed to start due to the following
error: %%1053

Error - 7/26/2009 3:28:06 PM | Computer Name = MYROOM | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {5A63D47D-1BA2-48FF-9955-31207899BE01}.
The
error: "%2" Happened while starting this command: c:\program files\mcafee.com\shared\mcinfo.exe
-Embedding

Error - 7/26/2009 3:28:09 PM | Computer Name = MYROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MskService
with arguments "" in order to run the server: {5109B8D8-73AF-4C41-A70E-73707E1F908A}

Error - 7/26/2009 3:28:09 PM | Computer Name = MYROOM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server
service to connect.

Error - 7/26/2009 3:28:09 PM | Computer Name = MYROOM | Source = Service Control Manager | ID = 7000
Description = The McAfee SpamKiller Server service failed to start due to the following
error: %%1053


< End of report >
  • 0

Advertisements

#2
Perplexus
Posted 27 July 2009 - 08:38 AM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Hello and welcome to Geeks To Go!:)

My name is Perplexus and I will be helping you fix your computer problem.

I am still in training here, so there might be a delay between my replies as they need to be checked by a resident expert before I can post them. I appreciate your patience.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate, so stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Before we proceed to clean your computer from malware there are some points you should consider that will make the process go smoother:
  • To make sure that you receive an email when this topic is updated, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
  • Before beginning the fix, read this post completely. If there's anything that you do not understand, please ask your questions before proceeding as you may temporarily be disconnected from the internet. No question is considered dumb here. It's better to be safe than sorry!
  • Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
  • It is IMPORTANT that you do not miss a step & perform everything in the correct order/sequence.
  • Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested, as it can be very dangerous and cause harm to your system.
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
---------------------------------------------------------------------------------------------

I am currently reviewing your logs and will post back instructions soon.
  • 0

#3
Perplexus
Posted 27 July 2009 - 03:09 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Hi mountaineer26070,

Let's begin trying to clear your computer of these nasty infections! :)

------------------
Step 1:
------------------

Too Many Antivirus Programs Installed

You have too many Antivirus programs installed. Antivirus programs often conflict and can cause system slowdowns, crashes, or even leave you unprotected. Select one of these to keep and remove the others:

  • McAfee Antivirus - unless you have a current subscription, you should uninstall this. After removing, download the McAfee Removal Tool and run it.
  • AVG - if you chose to remove this download and run the AVG removal tool from HERE. This should get rid of AVG.
.

------------------
Step 2:
------------------

Open RootRepeal, click the Driver tab and select Scan. Right click and select Wipe File on:

win32k.sys:1
win32k.sys:2

Reboot your machine

------------------
Step 3:
------------------

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - [2009/07/23 19:51:13 | 00,027,136 | ---- | M] () -- C:\windows\ld12.exe
SRV - File not found -- -- (AntipPro2009_12 [Auto | Stopped])
O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\System32\geBqRiiG.dll File not found
O2 - BHO: (ICQSys (IE PlugIn)) - {F54AF7DE-6038-4026-8433-CC30E3F17212} - C:\WINDOWS\System32\dddesot.dll File not found
O4 - HKLM..\Run: [sysldtray] C:\windows\ld12.exe ()
O20 - Winlogon\Notify\geBqRiiG: DllName - geBqRiiG.dll - File not found
O28 - HKLM ShellExecuteHooks: {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\System32\geBqRiiG.dll File not found
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O32 - AutoRun File - [2008/03/09 14:28:38 | 00,024,576 | ---- | M] () - E:\Auto Narrative-E11.doc -- [ FAT ]

:Files
C:\WINDOWS\0535251103110107106.xvb
C:\WINDOWS\0101120101465749.dat
C:\WINDOWS\0101120101464853.dat
C:\WINDOWS\System32\onhelp.htm
C:\WINDOWS\System32\bincd32.dat
C:\WINDOWS\System32\sysnet.dat
C:\WINDOWS\ppp3.dat
C:\WINDOWS\ppp4.dat
C:\WINDOWS\System32\sonhelp.htm
C:\WINDOWS\0101120101464849.dat
C:\WINDOWS\010112010146118114.dat
C:\-1532092109
C:\WINDOWS\prxid93ps.dat
C:\WINDOWS\ld12.exe
C:\WINDOWS\System32\geyekrmejqakkt.dat

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

------------------
Step 4:
------------------

Can you please reboot into Normal mode and follow these instructions after deleting the copy of Combofix you have on your desktop.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt log so we can continue cleaning the system.

------------------
Step 5:
------------------

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

------------------
Step 6:
------------------

Please post back with the following:
  • How is your computer running now? Any problems?
  • OTL fix log
  • C:\ComboFix.txt log
  • checkup.txt

  • 0

#4
mountaineer26070
Posted 27 July 2009 - 08:58 PM

mountaineer26070

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I tried to wipe file on the 2 files
win32k.sys:1
win32k.sys:2

but received the error message "could not find file on disk" I will not do any of the other steps until we resolve this or you tell me I can without completing step 2
  • 0

#5
Perplexus
Posted 27 July 2009 - 09:04 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Thanks for letting me know. Please proceed with the rest of the fix :)
  • 0

#6
mountaineer26070
Posted 30 July 2009 - 06:04 PM

mountaineer26070

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
sorry it took so long to get back to you but when I ran combofix it crashed windows. I have tried to access windows every way I can find but it goes to a blue screen with the message:
stop:c000007b{bad image}
The application or DLL \??\windows\system32\sfcfiles.dll is not a valid image. Please check this against your installation diskette.

Any suggestions on how to fix this?
  • 0

#7
Perplexus
Posted 31 July 2009 - 11:37 AM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Hi mountaineer26070,

Oh no! Let's get windows back and the we can go from there.

------------------
Step 1:
------------------

We'll try to restore you machine back to the Last Know Good Configuraiton.

Restart your computer and as soon as it starts booting up again continuously tap F8. When the menu comes up, select Last Known Good Configuration.

If that does not work then try this:

To restore you system to a previous restore point:

  • Click Start > All Programs > Accessories > System Tools > System Restore. System Restore starts.
  • On the Welcome to System Restore page, click Restore my computer to an earlier time (if it is not already selected), and then click Next.
  • On the Select a Restore Point page, click the most recent system restore point in the On this list, click a restore point list, and then click Next.
    Note A System Restore message may appear that lists configuration changes that System Restore will make. Click OK.
  • On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows XP configuration, and then restarts the computer.
  • Log on and the System Restore Restoration Complete page is displayed.
  • Click OK.

------------------
Step 2:
------------------

Download this tool to desktop:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)

------------------
Step 3:
------------------

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

------------------
Step 4:
------------------

Please post back with the following:
  • Let me know if you are able to get back into Windows.
  • OTS log

  • 0

#8
mountaineer26070
Posted 31 July 2009 - 07:09 PM

mountaineer26070

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I have tried to start windows using every option that is listed when you hit f8 and it will not boot into windows so i can not download anything to that computer
  • 0

#9
Perplexus
Posted 31 July 2009 - 07:58 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Let's try a System Repair. Go HERE and follow the instructions. If you have any questions, I will help you. Let me know if this worked. :)
  • 0

#10
mountaineer26070
Posted 01 August 2009 - 09:28 AM

mountaineer26070

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I ran into a problem with the repair. I get to the welcome to setup screen and my keyboard quits working. I do not have the xp disk from this computer but I am using a disk from an older dell. Any suggestions?
  • 0

Advertisements

#11
Perplexus
Posted 01 August 2009 - 09:49 AM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
You will need the original disk to do the repair.

Ok, let's try this first.

Microsoft Windows Recovery Console repair

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Microsoft Windows Recovery Console.
  • Type cd \ then hit Enter
  • Type cd "system volume information"\_resto~1 then hit Ener
  • Type dir then hit Enter
At this point you should see a list of all the restore points folders, e.g. rp1, rp2, etc. We have to see the last restore point to copy the file from a recent backup. If the restore points have more than one page then you have to keep on hitting the Enter key to view the last restore point folder. You will have to choose the second to the last option, if it has more than 2 restore points.
  • Type cd rp{the second to the last restore point number}
    Note: Example: cd rp9 if rp9 is the second to the last restore point, where last restore point number=9
  • Type cd snapshot
    [i]Now the command prompt will look like this c:\system~1\resto~1\rp9\snapshot>
  • Type copy _registry_machine_system c:\windows\system32\config\system then hit Enter
  • Type copy _registry_machine_software c:\windows\system32\config\software then hit Enter
  • Type exit
Reboot your machine.

Edited by Perplexus, 01 August 2009 - 09:56 AM.

  • 0

#12
mountaineer26070
Posted 01 August 2009 - 01:40 PM

mountaineer26070

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
It comes up to the same error message about the sfcfiles.dll is not a valid windows image.
  • 0

#13
Perplexus
Posted 02 August 2009 - 05:44 AM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Hi mountaineer26070,

This goes beyond my expertise. Please go HERE and post for help to get your pc back up and running. Post the url for this thread and tell them that I sent you. Once you are back up and running, post back here and let me know and we will continue to clean your machine.
  • 0

#14
mountaineer26070
Posted 02 August 2009 - 04:21 PM

mountaineer26070

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank you for all your help and I hope it won't be to long before we can get back to finishing with the malware
  • 0

#15
mountaineer26070
Posted 04 August 2009 - 08:35 PM

mountaineer26070

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The computer is back up and booting into windows so we can continue with the virus/malware problem when you are ready.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP