Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another safe mode virus

Started by HomeDog , Mar 12 2011 07:10 PM

  • Please log in to reply

#1
HomeDog
Posted 12 March 2011 - 07:10 PM

HomeDog

    Member

  • Member
  • PipPip
  • 19 posts
Every time I attempt to start the computer the words "safe mode" appear in all four corners of a black screen; I have no access to anything - desktop icons, taskbar or the start menu. Ctrl+Shift+ESC does not load the task manager.

As soon as windows starts, I get a pop up that says:

"Windows boot failure: Press 'ok' to fix boot failure"

With two check marked items
* Check hard drive sector
* Check file system integrity

If I run that, I get another pop up saying:

"A problem with the hard disk has been detected.
It is strongly recommended that you download and install the following certified software to fix the detected hard drive error. Do you want to download the recommended software?"
*OK *Cancel
if you click cancel the pop up starts over again and you can endlessly loop
if you click OK it seems nothing happens...and the computer freezes on a safe mode black screen

I can get into "safe mode with command prompt" and change the registry to enable me to load the task manager. I need to repeat this each time I re-start the system. I have run "chkdsk" and it appears the disk is okay. I have no internet access, and have run Malwarebytes and OTLPE from a flash drive.

I am hopeful someone can help me fix this problem - am currently "dead in the water". Thank you all in advance.

Attached Files

  • Attached File  OTL.txt   62.89KB   318 downloads

  • 0

Advertisements

#2
Cold Titanium
Posted 13 March 2011 - 12:28 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Hello HomeDog and welcome to G2G!

My name is Cold Titanium ;) , and I will be assisting you with your problem. I am still in training, so all my replies need to be checked by an expert first. So there may be a slight delay in between replies.

Please follow all of my instructions without skipping anything. Also, please refrain from experimenting around whilst I am helping you. At times some of the things I tell you to do may seem unnecessary and frustrating, but just stick to it and we'll get through :D

:D Note: Please save these instructions in a file or print them out, as the internet may not be available while we are fixing the system.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'm clearing my fix with my instructor now :D
  • 0

#3
Cold Titanium
Posted 13 March 2011 - 12:36 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
I'm taking the liberty of posting this. In the future please do not attatch the logs as that makes them hard to read, just post them.



OTL logfile created on: 3/12/2011 7:55:34 PM - Run
OTLPE by OldTimer - Version 3.1.45.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 22.27 Gb Free Space | 14.94% Space Free | Partition Type: NTFS
Drive D: | 1.92 Gb Total Space | 1.78 Gb Free Space | 92.75% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (MpfService)
SRV - File not found [On_Demand] -- -- (McSysmon)
SRV - File not found [Auto] -- -- (McShield)
SRV - File not found [Auto] -- -- (McProxy)
SRV - File not found [Auto] -- -- (McNASvc)
SRV - File not found [Auto] -- -- (mcmscsvc)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2008/03/17 18:59:36 | 000,099,056 | ---- | M] (Radialpoint Inc.) [On_Demand] -- C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe -- (RPSUpdaterR)
SRV - [2007/04/04 17:41:28 | 000,177,672 | R--- | M] (Authentium, Inc.) [Auto] -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe -- (dvpapi)
SRV - [2004/01/05 02:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | System] -- -- (MPFP)
DRV - File not found [Kernel | On_Demand] -- -- (mfesmfk)
DRV - File not found [Kernel | On_Demand] -- -- (mferkdk)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/07/10 23:07:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/07/10 23:07:15 | 004,424,192 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/04 17:15:02 | 000,839,880 | ---- | M] (Authentium, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Css-Dvp.sys -- (CSS DVP)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\user_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/04 04:04:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/05 21:26:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 21:26:06 | 000,000,000 | ---D | M]

[2011/03/06 21:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/12/10 10:50:19 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - File not found
O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MediaManager] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKU\Administrator_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\user_ON_C..\Run: [{9CF93FFF-CDAC-164D-F451-1AB504FCE41B}] File not found
O4 - HKU\user_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\user_ON_C..\Run: [Fhiwanawozavuyub] C:\WINDOWS\kbhrfskq.dll ()
O4 - HKU\user_ON_C..\Run: [hewjtfrj] File not found
O4 - HKU\user_ON_C..\Run: [smss32.exe] File not found
O4 - HKU\user_ON_C..\Run: [wuaucldt] File not found
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...S Installer.cab (Support.com Configuration Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinn...d/bejeweled.cab (Bejeweled Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} http://www.worldwinn...v46/sol/sol.cab (Sol Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinn...apit/swapit.cab (SwapIt Control)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Temp\679811900.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/06 11:56:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\OcLVneIOUmyW.dll) - C:\Documents and Settings\All Users\Application Data\OcLVneIOUmyW.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/12 17:15:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PackageAware
[2011/03/12 16:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/03/12 16:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\SUPERAntiSpyware
[2011/03/12 16:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/12 14:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Safemode
[2011/03/12 10:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Malwarebytes' Anti-Malware
[2011/03/12 10:19:14 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/03/12 10:19:08 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr
[2011/03/11 22:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/03/11 18:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2011/03/11 18:08:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/11 18:08:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/11 18:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/10 21:08:55 | 000,000,000 | ---D | C] -- C:\PROGRAMS
[2011/03/10 20:08:31 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/03/10 19:56:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/03/10 19:53:42 | 002,232,832 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/03/10 19:52:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/09 18:09:59 | 000,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hhctrl.ocx
[2011/03/09 18:08:42 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2011/03/09 17:44:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/03/09 12:20:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2011/03/07 16:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\{EAD11612-EAC2-4DEA-A681-B799BDD48879}
[2011/03/07 16:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Uwymc
[2011/03/07 16:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Omlig
[2011/02/17 19:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2011/02/14 22:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/02/14 20:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\x86
[2011/02/14 20:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\resources
[2011/02/14 20:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\redist
[2011/02/14 20:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\1033_enu_lp
[2011/02/13 22:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\PCHealth
[2011/02/13 22:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Microsoft_Corporation
[2011/02/13 21:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Download Manager
[2011/02/13 21:07:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Administrative Tools
[2011/02/13 18:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Solver Foundation
[2011/02/13 18:27:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Microsoft Solver Foundation
[2008/07/10 02:38:22 | 000,018,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files\setup.rll
[1998/12/08 21:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 21:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 21:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 21:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 21:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/08 21:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL

========== Files - Modified Within 30 Days ==========

[2011/03/12 19:46:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/12 19:45:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/12 16:22:36 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/12 16:07:30 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to registrybooster.lnk
[2011/03/12 16:07:19 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to tdsskiller.lnk
[2011/03/12 16:07:12 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to SUPERAntiSpyware.lnk
[2011/03/12 15:20:12 | 000,207,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/12 14:58:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/12 13:39:15 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\uouk.sys
[2011/03/11 22:36:39 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Safemode.lnk
[2011/03/11 20:01:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/03/11 20:01:26 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr
[2011/03/11 19:44:26 | 000,956,416 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/03/10 20:57:26 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/03/10 20:57:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/10 16:43:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/10 14:02:10 | 000,000,552 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for user.job
[2011/03/10 03:25:27 | 000,534,298 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/10 03:25:27 | 000,106,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/09 17:15:14 | 2136,616,960 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/03/08 14:09:17 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2011/03/08 14:07:17 | 000,000,318 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/03/07 21:08:38 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\user\Desktop\BOB.lnk
[2011/03/07 16:10:56 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Jtuzewehap.dat
[2011/03/07 16:10:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qrawejesux.bin
[2011/03/07 16:08:53 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/04 03:01:23 | 000,718,954 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/03/02 13:02:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/28 13:30:42 | 002,232,832 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2011/02/26 12:08:14 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/02/22 08:33:11 | 001,767,686 | ---- | M] () -- C:\Documents and Settings\user\Desktop\cover.jpg
[2011/02/14 19:09:12 | 1407,248,152 | ---- | M] () -- C:\Program Files\SQLFULL_x86_ENU.exe
[2011/02/13 22:03:10 | 1581,398,808 | ---- | M] () -- C:\Documents and Settings\user\My Documents\SQLFULL_x64_ENU.exe
[2011/02/13 03:17:08 | 000,267,912 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1454471165-1004336348-725345543-1004-0.dat
[2011/02/13 03:17:04 | 000,231,506 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

========== Files Created - No Company Name ==========

[2011/03/12 16:22:36 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/12 16:07:30 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to registrybooster.lnk
[2011/03/12 16:07:19 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to tdsskiller.lnk
[2011/03/12 16:07:12 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to SUPERAntiSpyware.lnk
[2011/03/12 13:39:15 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\uouk.sys
[2011/03/12 10:20:04 | 000,956,416 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/03/11 22:36:39 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows Safemode.lnk
[2011/03/07 16:10:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jtuzewehap.dat
[2011/03/07 16:10:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qrawejesux.bin
[2011/02/22 13:31:50 | 001,767,686 | ---- | C] () -- C:\Documents and Settings\user\Desktop\cover.jpg
[2011/02/14 18:54:32 | 1407,248,152 | ---- | C] () -- C:\Program Files\SQLFULL_x86_ENU.exe
[2011/02/13 21:33:03 | 1581,398,808 | ---- | C] () -- C:\Documents and Settings\user\My Documents\SQLFULL_x64_ENU.exe
[2011/02/13 17:42:51 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\user\Desktop\BOB.lnk
[2011/02/13 03:17:05 | 000,267,912 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1454471165-1004336348-725345543-1004-0.dat
[2011/02/13 03:16:59 | 000,231,506 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/02 22:11:56 | 000,296,247 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2010/08/26 14:06:08 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\user\usb2
[2009/01/08 18:11:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/07/03 21:32:24 | 000,015,182 | ---- | C] () -- C:\Program Files\readme.htm
[2008/01/31 20:44:51 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2007/12/08 22:38:39 | 000,000,059 | ---- | C] () -- C:\WINDOWS\cleandrv.INI
[2007/12/08 21:16:25 | 000,000,049 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2007/12/08 20:50:13 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/08 18:25:17 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\user\default.pls
[2007/12/08 17:33:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/08 14:16:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/12/08 00:03:51 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2007/12/08 00:03:51 | 000,029,567 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2007/12/07 23:38:20 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2007/12/07 23:38:20 | 000,029,567 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2007/12/07 23:28:22 | 000,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2007/12/07 23:02:41 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/12/07 23:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/12/07 22:06:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/07 21:06:18 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/12/07 20:45:16 | 000,000,301 | ---- | C] () -- C:\WINDOWS\ARCADE.INI
[2007/12/06 19:48:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/12/06 19:47:24 | 000,207,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/06 17:26:44 | 001,672,336 | ---- | C] () -- C:\Program Files\install_easyshare.exe
[2007/12/06 17:09:47 | 001,410,680 | ---- | C] () -- C:\Program Files\install_flash_player.exe
[2007/12/06 12:43:29 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/12/06 12:39:34 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2007/12/06 11:57:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/12/06 11:53:53 | 000,026,764 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,534,298 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,106,530 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\kbhrfskq.dll
[2006/02/28 07:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/10/23 16:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/03/07 21:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Omlig
[2011/01/27 18:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PhotoScape
[2009/01/19 18:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent
[2011/03/11 18:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Uwymc

========== Purity Check ==========


< End of report >
  • 0

#4
HomeDog
Posted 13 March 2011 - 01:04 PM

HomeDog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Cold Titanium -
Thanks for the follow-up. Ready when you are. I will be using a USB drive to transfer downloads between computers.
HomeDog
  • 0

#5
Cold Titanium
Posted 13 March 2011 - 02:35 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Step #1


Copy the attached Fix.txt to a USB Attached File  Fix.txt   2.6KB   402 downloads

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


If you are able to boot into normal mode then do the following steps, else, return and tell me.


Step #2


  • Download GMER to your desktop
  • Right-Click and extract it to the desktop
  • Double-Click gmer.exe
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. (Please be patient as it can take some time to complete)

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

After it finishes scanning
  • Click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save it to your desktop

Post ark.txt in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Step #3


  • Re-open MalwareBytes and click the Update tab
  • Update it
  • Click the scanner Tab and perform a Full Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like to see ark.txt and the MBAM report in your next post... :D
  • 0

#6
HomeDog
Posted 14 March 2011 - 05:10 AM

HomeDog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Requested logs attached. The system rebooted in the middle of GMER and I had to restart (unaware that system updates had been running in the background). Received 2 messages at startup:
1: Application could not be loaded: Please reinstall McAfee Security Center
2: Error loading C:\windows\kbhrfskq.dll. The specified module could not be found.

Thank you for your help.

MBAM
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6047

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3/14/2011 8:49:36 AM
mbam-log-2011-03-14 (08-49-36).txt

Scan type: Full scan (C:\|)
Objects scanned: 291220
Time elapsed: 1 hour(s), 29 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA42713-5C1E-48E2-B432-D8BF420DD31D} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ere94fe5o32 (Trojan.FakeAV) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Value: smss32.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{9CF93FFF-CDAC-164D-F451-1AB504FCE41B} (Trojan.ZbotR.Gen) -> Value: {9CF93FFF-CDAC-164D-F451-1AB504FCE41B} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\hewjtfrj (Trojan.FakeAlert.Gen) -> Value: hewjtfrj -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-Internetsecurity10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-is2010.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download25.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is10-soft-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\32453.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\35250.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\38031.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\6523500.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d7438ae8-0208-4c23-ac84-d4420f59d095}\RP3\A0034587.exe (Trojan.Wigon) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d7438ae8-0208-4c23-ac84-d4420f59d095}\RP3\A0034588.exe (Trojan.Wigon) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d7438ae8-0208-4c23-ac84-d4420f59d095}\RP3\A0034589.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d7438ae8-0208-4c23-ac84-d4420f59d095}\RP4\A0066643.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\03132011_181902\c_windows\kbhrfskq.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

ARK.txt
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-14 03:04:47
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD1600AAJS-00PSA0 rev.05.06H05
Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\kxldqpow.sys


---- System - GMER 1.0.15 ----

Code 89562018 ZwCreateSection
Code 89C71CE8 ZwDuplicateObject
Code 89484018 ZwSetInformationFile
Code 8950B2D0 ZwSetSystemInformation
Code 89B8D018 ZwWriteFile
Code 89562017 NtCreateSection
Code 89C71CE7 NtDuplicateObject
Code 89484017 NtSetInformationFile
Code 89B8D017 NtWriteFile

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!IoGetBootDiskInformation + 66F 8057579D 7 Bytes JMP 894B301C
PAGE ntkrnlpa.exe!NtSetInformationFile 80579E30 7 Bytes JMP 8948401C
PAGE ntkrnlpa.exe!NtWriteFile 8057BCEE 7 Bytes JMP 89B8D01C
PAGE ntkrnlpa.exe!NtCreateSection 805A9E9E 7 Bytes JMP 8956201C
PAGE ntkrnlpa.exe!ObCloseHandle + 17 805BAF6F 7 Bytes JMP 89B1201C
PAGE ntkrnlpa.exe!NtDuplicateObject 805BC950 7 Bytes JMP 89C71CEC
PAGE ntkrnlpa.exe!ZwSetSystemInformation 8060DC1E 5 Bytes JMP 8950B2D4
PAGE Fastfat.SYS A8214948 7 Bytes JMP 89B20304

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \FatCdrom Code 89B20300
Device \FileSystem\Fastfat \Fat Code 89B20300

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
  • 0

#7
Cold Titanium
Posted 15 March 2011 - 12:52 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Step #1


We need to temporarily remove your Anti-Virus, as it interfere with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceeding

Download AppRemover and run it.

Click Next >>
Posted Image


Ensure "Remove Security Application" is collected and click Next >>
Posted Image


AppRemover will scan all the security applications on your PC
Posted Image

Select Any [<<McAfee>> entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot, please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #2

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top make sure it is set to Standard Output.
  • Ensure the Use SafeList is selected for Extra Registry
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    msconfig
    safebootminimal
    safebootnetwork
    activex
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like to see OTL.txt and Extras.txt in your next reply...
  • 0

#8
HomeDog
Posted 15 March 2011 - 01:49 PM

HomeDog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Cold Titanium - OTL and Extras lists follow - looks like they both fit. I have disconnected the machine from the internet(using USB between machines). HomeDog

OTL logfile created on: 3/15/2011 5:31:13 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 22.51 Gb Free Space | 15.10% Space Free | Partition Type: NTFS
Drive E: | 1.92 Gb Total Space | 1.78 Gb Free Space | 92.42% Space Free | Partition Type: FAT

Computer Name: KEHTRON | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/15 15:11:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2008/09/16 21:14:46 | 002,065,648 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2007/04/04 18:41:28 | 000,177,672 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
PRC - [2006/12/23 19:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 19:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/06/15 00:11:40 | 000,180,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/01/05 03:27:30 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe


========== Modules (SafeList) ==========

MOD - [2011/03/15 15:11:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2008/03/17 19:59:36 | 000,099,056 | ---- | M] (Radialpoint Inc.) [On_Demand | Stopped] -- C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe -- (RPSUpdaterR)
SRV - [2007/04/04 18:41:28 | 000,177,672 | R--- | M] (Authentium, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe -- (dvpapi)
SRV - [2004/01/05 03:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/07/11 00:07:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/07/11 00:07:15 | 004,424,192 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/04 18:15:02 | 000,839,880 | ---- | M] (Authentium, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Css-Dvp.sys -- (CSS DVP)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://wapp.verizon....ol_landingpage"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: [email protected]:5.1.1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/05 22:26:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/13 18:19:06 | 000,000,000 | ---D | M]

[2008/08/29 21:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2011/03/13 20:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ftjeqcrm.default\extensions
[2010/04/27 19:19:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ftjeqcrm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 19:18:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ftjeqcrm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/17 20:11:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ftjeqcrm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/22 08:17:02 | 000,000,000 | ---D | M] (ShopAtHome Intelligent Shopping Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ftjeqcrm.default\extensions\[email protected]
[2011/03/13 20:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/16 21:37:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/12/10 11:50:19 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [MediaManager] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Fhiwanawozavuyub] File not found
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...S Installer.cab (Support.com Configuration Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinn...d/bejeweled.cab (Bejeweled Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} http://www.worldwinn...v46/sol/sol.cab (Sol Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinn...apit/swapit.cab (SwapIt Control)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/06 12:56:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0b868901-ba5c-11dc-abc5-0019d1b626f7}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{40f65cac-018a-11df-ac48-0019d1b626f7}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{5e9dbb8e-c10b-11dc-abc9-0019d1b626f7}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\OcLVneIOUmyW.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/15 17:29:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/03/15 17:27:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/03/12 17:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/03/12 17:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/11 19:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2011/03/11 19:08:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/11 19:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/11 19:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/11 19:08:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/11 19:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/10 22:08:55 | 000,000,000 | ---D | C] -- C:\PROGRAMS
[2011/03/10 21:08:31 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/03/10 20:56:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/03/10 20:53:42 | 002,232,832 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/03/10 20:52:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/09 19:09:59 | 000,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hhctrl.ocx
[2011/03/09 19:08:42 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2011/03/09 18:44:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/03/09 13:20:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2011/02/17 20:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2011/02/14 23:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/02/14 21:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\x86
[2011/02/14 21:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\resources
[2011/02/14 21:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\redist
[2011/02/14 21:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\1033_enu_lp
[2011/02/14 19:54:32 | 1407,248,152 | ---- | C] (Microsoft Corporation) -- C:\Program Files\SQLFULL_x86_ENU.exe
[2011/02/13 23:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\PCHealth
[2011/02/13 23:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Microsoft_Corporation
[2011/02/13 22:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Download Manager
[2011/02/13 22:07:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Administrative Tools
[2011/02/13 19:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Solver Foundation
[2011/02/13 19:27:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Microsoft Solver Foundation
[2008/07/10 03:38:22 | 000,018,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files\setup.rll
[1998/12/08 22:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 22:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 22:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 22:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 22:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/08 22:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL

========== Files - Modified Within 30 Days ==========

[2011/03/15 17:27:51 | 017,490,944 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/03/15 17:27:50 | 008,342,528 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/03/15 17:25:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/15 17:25:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/15 16:43:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/15 15:11:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/03/15 14:02:53 | 000,000,552 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for user.job
[2011/03/14 20:43:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/14 03:06:06 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/13 20:37:33 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\user\Desktop\gmer.zip
[2011/03/13 20:31:12 | 000,534,298 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 20:31:11 | 000,106,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/12 16:20:12 | 000,207,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/12 15:58:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/11 23:48:06 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\35250
[2011/03/11 23:36:59 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~35250r
[2011/03/11 23:36:59 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~35250
[2011/03/10 21:57:26 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/03/09 18:15:14 | 2136,616,960 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/03/08 15:09:17 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2011/03/08 15:07:17 | 000,000,318 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/03/07 22:39:19 | 000,696,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll
[2011/03/07 22:08:38 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\user\Desktop\BOB.lnk
[2011/03/07 17:08:53 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/04 04:01:23 | 000,718,954 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/03/02 14:02:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/28 14:30:42 | 002,232,832 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2011/02/22 09:33:11 | 001,767,686 | ---- | M] () -- C:\Documents and Settings\user\Desktop\cover.jpg
[2011/02/14 20:09:12 | 1407,248,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\SQLFULL_x86_ENU.exe
[2011/02/13 23:03:10 | 1581,398,808 | ---- | M] () -- C:\Documents and Settings\user\My Documents\SQLFULL_x64_ENU.exe

========== Files Created - No Company Name ==========

[2011/03/13 20:39:19 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\user\Desktop\gmer.exe
[2011/03/13 20:37:36 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\user\Desktop\gmer.zip
[2011/03/11 23:36:59 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~35250r
[2011/03/11 23:36:58 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~35250
[2011/03/11 23:36:32 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\35250
[2011/03/11 19:08:55 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/07 22:39:19 | 000,696,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll
[2011/02/22 14:31:50 | 001,767,686 | ---- | C] () -- C:\Documents and Settings\user\Desktop\cover.jpg
[2011/02/13 22:33:03 | 1581,398,808 | ---- | C] () -- C:\Documents and Settings\user\My Documents\SQLFULL_x64_ENU.exe
[2011/02/13 18:42:51 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\user\Desktop\BOB.lnk
[2011/02/13 04:17:05 | 000,267,912 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1454471165-1004336348-725345543-1004-0.dat
[2011/02/13 04:16:59 | 000,231,506 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2009/01/08 19:11:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/07/03 22:32:24 | 000,015,182 | ---- | C] () -- C:\Program Files\readme.htm
[2008/01/31 21:44:51 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2007/12/08 23:38:39 | 000,000,059 | ---- | C] () -- C:\WINDOWS\cleandrv.INI
[2007/12/08 22:16:25 | 000,000,049 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2007/12/08 21:50:13 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/08 18:33:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/08 15:16:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/12/08 01:03:51 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2007/12/08 01:03:51 | 000,029,567 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2007/12/08 00:38:20 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2007/12/08 00:38:20 | 000,029,567 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2007/12/08 00:28:22 | 000,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2007/12/08 00:02:41 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/12/08 00:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/12/07 23:06:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/07 22:06:18 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/12/07 21:45:16 | 000,000,301 | ---- | C] () -- C:\WINDOWS\ARCADE.INI
[2007/12/06 20:48:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/12/06 20:47:24 | 000,207,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/06 18:26:44 | 001,672,336 | ---- | C] () -- C:\Program Files\install_easyshare.exe
[2007/12/06 18:09:47 | 001,410,680 | ---- | C] () -- C:\Program Files\install_flash_player.exe
[2007/12/06 13:43:29 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/12/06 13:39:34 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2007/12/06 12:57:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/12/06 12:53:53 | 000,026,764 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,534,298 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,106,530 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/12/06 12:56:12 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/03/08 15:09:17 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2007/12/06 12:56:12 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/03/12 12:11:16 | 000,036,798 | ---- | M] () -- C:\Extras.Txt
[2008/12/20 22:41:57 | 000,000,112 | ---- | M] () -- C:\fiosLog.txt
[2001/09/05 23:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2007/12/06 12:56:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/12/06 13:41:19 | 000,000,197 | ---- | M] () -- C:\lan.log
[2007/12/06 12:56:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/17 21:31:13 | 000,001,142 | ---- | M] () -- C:\NTDClient.log
[2006/02/28 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/09/02 21:18:17 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/03/12 20:58:33 | 000,064,404 | ---- | M] () -- C:\OTL.Txt
[2011/02/28 14:30:42 | 002,232,832 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2011/03/15 17:25:26 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/12/06 13:43:32 | 000,000,206 | ---- | M] () -- C:\realtek.log
[2007/12/06 13:43:32 | 000,000,575 | ---- | M] () -- C:\RHDSetup.log
[2011/03/12 17:10:12 | 000,033,610 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_12.03.2011_16.08.56_log.txt

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/02/13 11:52:43 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/22 20:24:58 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[1998/12/11 20:29:52 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OLFPNT40.DLL
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/09/09 18:36:28 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2006/09/30 17:28:26 | 001,672,336 | ---- | M] () -- C:\Program Files\install_easyshare.exe
[2007/02/25 21:39:56 | 001,410,680 | ---- | M] () -- C:\Program Files\install_flash_player.exe
[2008/07/03 22:32:24 | 000,015,182 | ---- | M] () -- C:\Program Files\readme.htm
[2008/07/10 03:38:22 | 000,018,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\setup.rll
[2011/02/14 20:09:12 | 1407,248,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\SQLFULL_x86_ENU.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2011/03/08 15:09:16 | 001,835,008 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2011/03/07 22:42:16 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\sam.sav
[2011/03/07 22:42:16 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2011/03/08 15:09:16 | 052,166,656 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2011/03/08 15:09:16 | 008,126,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2006/02/28 08:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2006/02/28 08:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/02/28 08:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >


OTL Extras logfile created on: 3/15/2011 5:31:13 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 22.51 Gb Free Space | 15.10% Space Free | Partition Type: NTFS
Drive E: | 1.92 Gb Total Space | 1.78 Gb Free Space | 92.42% Space Free | Partition Type: FAT

Computer Name: KEHTRON | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Common Files\AOL\1198205656\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1198205656\ee\aolsoftware.exe:*:Enabled:AOL Services
"C:\Program Files\Verizon\Media Manager\MediaManager.exe" = C:\Program Files\Verizon\Media Manager\MediaManager.exe:*:Enabled:Verizon Media Manager -- (Verizon Data Services Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}" = Authentium AntiVirus SDK - 2
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{300EBE97-0E16-4bf4-B2DD-CEDA6CB46C9C}" = 2400_2500Help
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4FF449-09F0-4dcc-8822-3D7BB7F5FED1}" = 2400
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4CE0F4F9-2678-4D04-ADF2-3F52AF0EDD00}" = Verizon Media Manager
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5C2EBBF9-B81F-47b7-9136-EE70E6740C2A}" = 2400_2500trb
"{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68EE8FDC-50F3-48B9-B3AE-56355D3966A6}" = Verizon FiOS Connection Wizard
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9112E78D-4A03-48df-9B68-786E6479CF41}" = 23_24_2500Tour
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C869F4FF-E5FF-4FBB-9A31-33C23605E170}" = PPSDKRedistributables
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6F4C205-BD52-4E4B-8444-64F2A1A12F45}" = Fanball.com Draft Analyzer
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo & Imaging" = HP Image Zone 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSPUB5" = Microsoft Publisher 98
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"PhotoScape" = PhotoScape
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.22
"Registry Workshop" = Registry Workshop
"RP Scan and Clean {F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
"Verizon Online Help and Support" = Verizon Online Help and Support
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/9/2011 6:47:01 PM | Computer Name = KEHTRON | Source = Application Error | ID = 1000
Description = Faulting application internetexplorerupdate.exe, version 0.0.0.0,
faulting module internetexplorerupdate.exe, version 0.0.0.0, fault address 0x000010be.

Error - 3/9/2011 6:47:40 PM | Computer Name = KEHTRON | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 9332, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 3/9/2011 6:47:40 PM | Computer Name = KEHTRON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 3/9/2011 6:47:43 PM | Computer Name = KEHTRON | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 9332, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 3/11/2011 6:35:53 PM | Computer Name = KEHTRON | Source = MBAMService | ID = 131073
Description =

Error - 3/12/2011 4:54:12 PM | Computer Name = KEHTRON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 3/12/2011 4:54:12 PM | Computer Name = KEHTRON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 3/13/2011 8:29:16 PM | Computer Name = KEHTRON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MPFP

Error - 3/13/2011 8:34:50 PM | Computer Name = KEHTRON | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f1: Security Update for Jscript 5.6 for Windows XP (KB971961).

Error - 3/13/2011 11:07:16 PM | Computer Name = KEHTRON | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate1c9ee2a8adeadfa) service to connect.

Error - 3/13/2011 11:07:16 PM | Computer Name = KEHTRON | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c9ee2a8adeadfa) service failed
to start due to the following error: %%1053

Error - 3/13/2011 11:07:16 PM | Computer Name = KEHTRON | Source = Service Control Manager | ID = 7000
Description = The McAfee Services service failed to start due to the following error:
%%2

Error - 3/13/2011 11:07:16 PM | Computer Name = KEHTRON | Source = Service Control Manager | ID = 7000
Description = The McAfee Network Agent service failed to start due to the following
error: %%2

Error - 3/13/2011 11:07:16 PM | Computer Name = KEHTRON | Source = Service Control Manager | ID = 7000
Description = The McAfee Proxy Service service failed to start due to the following
error: %%2

Error - 3/13/2011 11:07:16 PM | Computer Name = KEHTRON | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%2

Error - 3/13/2011 11:07:16 PM | Computer Name = KEHTRON | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%2

Error - 3/13/2011 11:07:23 PM | Computer Name = KEHTRON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MPFP


< End of report >
  • 0

#9
Cold Titanium
Posted 17 March 2011 - 12:40 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
You may now reinstall your anti-virus McAfee and reconnect to the internet.

Run this then tell me if you still get those messages.


Step #1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O4 - HKCU..\Run: [Fhiwanawozavuyub] File not found
O4 - HKLM..\RunOnceEx: [] File not found
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\OcLVneIOUmyW.dll) - File not found
[2011/03/11 23:48:06 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\35250
[2011/03/11 23:36:59 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~35250r
[2011/03/11 23:36:59 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~35250
[2011/03/07 22:39:19 | 000,696,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll
[2011/03/07 22:08:38 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\user\Desktop\BOB.lnk

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #2

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 24 .
  • Click the "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u24-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u24-windows-i586.exe and select "Run as an Administrator.")

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #3

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like to see OTL.txt and KasReport.txt in your next reply...
  • 0

#10
HomeDog
Posted 17 March 2011 - 06:32 PM

HomeDog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
CT:
I loaded AVG antivirus (instead of McAfee). I did nto see the error pop-up previoulsy seen at reboot. The system does report new sound hardware that it needs to install - but installation software is not certified. Will try to capture and post next time. I did not install. Returning Step 1 log - others will be under separate post.

Step 1 OTL log results:
OTL logfile created on: 3/17/2011 8:16:57 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 21.98 Gb Free Space | 14.75% Space Free | Partition Type: NTFS
Drive E: | 1.92 Gb Total Space | 1.78 Gb Free Space | 92.41% Space Free | Partition Type: FAT

Computer Name: KEHTRON | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/15 15:11:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2008/09/16 21:14:46 | 002,065,648 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2007/04/04 18:41:28 | 000,177,672 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
PRC - [2006/12/23 19:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 19:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/06/15 00:11:40 | 000,180,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/01/05 03:27:30 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe


========== Modules (SafeList) ==========

MOD - [2011/03/15 15:11:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/03/17 19:59:36 | 000,099,056 | ---- | M] (Radialpoint Inc.) [On_Demand | Stopped] -- C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe -- (RPSUpdaterR)
SRV - [2007/04/04 18:41:28 | 000,177,672 | R--- | M] (Authentium, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe -- (dvpapi)
SRV - [2004/01/05 03:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/07/11 00:07:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/07/11 00:07:15 | 004,424,192 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/04 18:15:02 | 000,839,880 | ---- | M] (Authentium, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Css-Dvp.sys -- (CSS DVP)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://wapp.verizon....ol_landingpage"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.1.1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/03/17 20:00:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/05 22:26:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/13 18:19:06 | 000,000,000 | ---D | M]

[2008/08/29 21:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2011/03/17 20:07:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ftjeqcrm.default\extensions
[2010/04/27 19:19:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ftjeqcrm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 19:18:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ftjeqcrm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/17 20:11:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ftjeqcrm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/22 08:17:02 | 000,000,000 | ---D | M] (ShopAtHome Intelligent Shopping Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ftjeqcrm.default\extensions\[email protected]
[2011/03/17 20:00:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/17 20:00:59 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2009/09/16 21:37:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/12/10 11:50:19 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [MediaManager] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...S Installer.cab (Support.com Configuration Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinn...d/bejeweled.cab (Bejeweled Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} http://www.worldwinn...v46/sol/sol.cab (Sol Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinn...apit/swapit.cab (SwapIt Control)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/06 12:56:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0b868901-ba5c-11dc-abc5-0019d1b626f7}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{40f65cac-018a-11df-ac48-0019d1b626f7}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{5e9dbb8e-c10b-11dc-abc9-0019d1b626f7}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/17 20:15:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/03/17 20:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG10
[2011/03/17 20:02:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/17 20:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/03/17 20:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/17 20:00:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/03/17 20:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/03/17 19:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/17 19:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/15 17:27:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/03/12 17:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/03/12 17:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/11 19:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2011/03/11 19:08:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/11 19:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/11 19:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/11 19:08:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/11 19:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/10 22:08:55 | 000,000,000 | ---D | C] -- C:\PROGRAMS
[2011/03/10 21:08:31 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/03/10 20:56:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/03/10 20:53:42 | 002,232,832 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/03/10 20:52:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/09 19:09:59 | 000,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hhctrl.ocx
[2011/03/09 19:08:42 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2011/03/09 18:44:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/03/09 13:20:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2011/02/17 20:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2011/02/14 19:54:32 | 1407,248,152 | ---- | C] (Microsoft Corporation) -- C:\Program Files\SQLFULL_x86_ENU.exe
[2008/07/10 03:38:22 | 000,018,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files\setup.rll
[1998/12/08 22:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 22:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 22:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 22:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 22:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/08 22:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL

========== Files - Modified Within 30 Days ==========

[2011/03/17 21:43:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/17 20:43:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/17 20:14:22 | 017,490,944 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/03/17 20:14:21 | 008,342,528 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/03/17 20:13:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/17 20:12:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/17 20:05:01 | 109,010,314 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/17 20:01:52 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/03/17 14:02:10 | 000,000,552 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for user.job
[2011/03/16 13:02:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/15 15:11:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/03/14 03:06:06 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/13 20:37:33 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\user\Desktop\gmer.zip
[2011/03/13 20:31:12 | 000,534,298 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 20:31:11 | 000,106,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/12 16:20:12 | 000,207,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/12 15:58:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/10 21:57:26 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/03/09 18:15:14 | 2136,616,960 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/03/08 15:09:17 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2011/03/08 15:07:17 | 000,000,318 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/03/07 17:08:53 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/04 04:01:23 | 000,718,954 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/02/28 14:30:42 | 002,232,832 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2011/02/22 09:33:11 | 001,767,686 | ---- | M] () -- C:\Documents and Settings\user\Desktop\cover.jpg

========== Files Created - No Company Name ==========

[2011/03/17 20:05:01 | 109,010,314 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/17 20:01:52 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/03/13 20:39:19 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\user\Desktop\gmer.exe
[2011/03/13 20:37:36 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\user\Desktop\gmer.zip
[2011/03/11 19:08:55 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/22 14:31:50 | 001,767,686 | ---- | C] () -- C:\Documents and Settings\user\Desktop\cover.jpg
[2011/02/13 04:17:05 | 000,267,912 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1454471165-1004336348-725345543-1004-0.dat
[2011/02/13 04:16:59 | 000,231,506 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2009/01/08 19:11:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/07/03 22:32:24 | 000,015,182 | ---- | C] () -- C:\Program Files\readme.htm
[2008/01/31 21:44:51 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2007/12/08 23:38:39 | 000,000,059 | ---- | C] () -- C:\WINDOWS\cleandrv.INI
[2007/12/08 22:16:25 | 000,000,049 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2007/12/08 21:50:13 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/08 18:33:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/08 15:16:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/12/08 01:03:51 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2007/12/08 01:03:51 | 000,029,567 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2007/12/08 00:38:20 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2007/12/08 00:38:20 | 000,029,567 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2007/12/08 00:28:22 | 000,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2007/12/08 00:02:41 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/12/08 00:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/12/07 23:06:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/07 22:06:18 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/12/07 21:45:16 | 000,000,301 | ---- | C] () -- C:\WINDOWS\ARCADE.INI
[2007/12/06 20:48:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/12/06 20:47:24 | 000,207,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/06 18:26:44 | 001,672,336 | ---- | C] () -- C:\Program Files\install_easyshare.exe
[2007/12/06 18:09:47 | 001,410,680 | ---- | C] () -- C:\Program Files\install_flash_player.exe
[2007/12/06 13:43:29 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/12/06 13:39:34 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2007/12/06 12:57:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/12/06 12:53:53 | 000,026,764 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,534,298 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,106,530 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >

Step 2 - next post
  • 0

Advertisements

#11
HomeDog
Posted 18 March 2011 - 02:57 PM

HomeDog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
T -
The KasReport is pasted below. I have also attached (could not paste) 2 screen shots I get at start time - seems the system is looking for new hardware (there should not be any). Not sure if it is bogus.
HomeDog

Date: Today (398)
3/18/2011 12:03:50 AM Kaspersky Anti-Virus License management License expires soon
3/18/2011 12:04:15 AM Kaspersky Anti-Virus Update Task started Update
3/18/2011 12:04:34 AM Kaspersky Anti-Virus Update Task failed Update Not enough disk space
3/18/2011 12:12:30 AM AVG Cache Server File Anti-Virus Packed: Armadillo C:\Documents and Settings\user\Desktop\Pre 2008\Program Files\SpywareBlaster\spywareblaster.exe
3/18/2011 12:24:03 AM Kaspersky Anti-Virus Update Task started Update
3/18/2011 12:26:56 AM Kaspersky Anti-Virus Update Task failed Update Not enough disk space
3/18/2011 3:14:42 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\WINDOWS\$NtUninstallWMFDist11$\wpdusb.sys
3/18/2011 3:24:05 AM Kaspersky Anti-Virus Update Task started Update
3/18/2011 3:24:24 AM Kaspersky Anti-Virus Update Task failed Update Not enough disk space
3/18/2011 3:25:45 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\WINDOWS\Driver Cache\i386\bthport.sys
3/18/2011 3:30:27 AM AVG Cache Server File Anti-Virus Packed: Swf2Exe C:\WINDOWS\Help\Tours\mmTour\tour.exe
3/18/2011 3:44:03 AM Kaspersky Anti-Virus Update Task started Update
3/18/2011 3:46:45 AM Kaspersky Anti-Virus Update Task failed Update Not enough disk space
3/18/2011 3:58:25 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\WINDOWS\Installer\182a1c.msi/WinHTTP_NTQFE.6AB4B1E3_9BF2_4A9B_BC64_CE23E2B44659
3/18/2011 3:58:25 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\WINDOWS\Installer\182a1c.msi/WinHTTP_2KQFE.6AB4B1E3_9BF2_4A9B_BC64_CE23E2B44659
3/18/2011 3:58:25 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\WINDOWS\Installer\182a1c.msi/WinHTTP_XPQFE.6AB4B1E3_9BF2_4A9B_BC64_CE23E2B44659
3/18/2011 4:02:17 AM AVG Cache Server File Anti-Virus Packed: UPX C:\WINDOWS\Installer\e7440c6.msi/Callcwclosewarning
3/18/2011 4:02:22 AM AVG Cache Server File Anti-Virus Packed: UPX C:\WINDOWS\Installer\MSI650.tmp
3/18/2011 4:04:05 AM Kaspersky Anti-Virus Update Task started Update
3/18/2011 4:07:38 AM Kaspersky Anti-Virus Update Task failed Update Not enough disk space
3/18/2011 4:22:50 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\WINDOWS\OPTIONS\CABS\Rtenic.sys
3/18/2011 4:24:07 AM Kaspersky Anti-Virus Update Task started Update
3/18/2011 4:24:16 AM Kaspersky Anti-Virus Update Task failed Update Not enough disk space
3/18/2011 4:28:24 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
3/18/2011 4:32:11 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\WINDOWS\SoftwareDistribution\Download\1ece269e23f4ef02dbea7dfa6a74a7d0\SP2GDR\rmcast.sys
3/18/2011 4:32:17 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:32:19 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:32:19 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:32:23 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:33:26 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:33:32 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:34:03 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:34:05 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:34:07 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:35:56 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:37:22 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:38:13 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:38:18 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:38:24 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:38:59 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:39:12 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:39:15 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:39:15 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:39:32 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:39:33 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:39:33 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:39:33 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:39:38 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:39:55 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:40:05 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:40:42 AM AVG Cache Server File Anti-Virus Packed: UPX C:\WINDOWS\Installer\e7440c6.msi/Callcwclosewarning
3/18/2011 4:41:04 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:41:09 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:42:29 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:42:29 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:42:33 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:42:33 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:42:36 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:42:38 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:42:38 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:42:38 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:42:38 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:42:39 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:42:40 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:43:22 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:43:48 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:44:05 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:44:06 AM Kaspersky Anti-Virus Update Task started Update
3/18/2011 4:44:16 AM Kaspersky Anti-Virus Update Task failed Update Not enough disk space
3/18/2011 4:44:18 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:44:23 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:44:29 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:44:33 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:45:32 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:45:37 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:45:50 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:45:51 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:46:07 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:46:49 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:47:37 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:47:42 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:47:42 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:47:52 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:49:10 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:49:13 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:49:15 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:49:31 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:49:32 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:49:32 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:49:34 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:50:12 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:50:17 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:50:23 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:50:28 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:50:33 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:50:49 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:51:07 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:51:08 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:51:09 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:52:40 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:53:05 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:53:10 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:53:21 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:53:52 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:54:02 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:54:16 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:54:17 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:54:17 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:54:38 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:56:02 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:56:03 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:56:09 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:57:17 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:57:52 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:58:03 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:58:09 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:58:10 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:58:43 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:59:07 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:59:07 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:59:14 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:59:16 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:59:37 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:59:39 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 4:59:40 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:00:06 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:00:49 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:01:25 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:02:00 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:02:16 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:02:52 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:02:53 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:02:54 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:03:06 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:03:06 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:03:10 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:03:11 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:03:11 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:03:13 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:03:24 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:03:26 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:03:28 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:03:28 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:03:41 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:03:53 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:04:26 AM Kaspersky Anti-Virus Update Task started Update
3/18/2011 5:04:31 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:04:33 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:04:34 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:04:36 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:04:37 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:04:40 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:04:42 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:04:43 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:04:44 AM Kaspersky Anti-Virus Update Task failed Update Not enough disk space
3/18/2011 5:04:51 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:04:52 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:04:52 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:04:54 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:04:58 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:05:43 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:06:06 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:06:16 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:06:30 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:06:40 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:07:50 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:07:52 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:07:52 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:07:52 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:07:53 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:08:02 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:08:07 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:08:08 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:08:08 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:08:09 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:08:11 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:08:55 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:09:00 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:09:05 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:09:11 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:09:28 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:09:31 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:09:33 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:09:33 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:09:33 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:09:38 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:09:38 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:09:49 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:01 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:01 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:03 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:03 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:08 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:09 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:11 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:12 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:12 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:13 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:21 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:23 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:24 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:33 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:36 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:36 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:36 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:37 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:37 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:37 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:37 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:38 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:38 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:38 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:38 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:39 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:39 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:39 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:39 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:40 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:40 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:50 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:50 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:51 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:51 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:52 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:55 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:57 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:11:57 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:12:02 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:12:23 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:12:46 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:16:56 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:16:57 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:17:23 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:17:53 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:17:54 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:18:05 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:19:16 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:19:27 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:21:04 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:21:10 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:21:15 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:21:20 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:21:31 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:22:00 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:22:17 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:22:18 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:24:04 AM Kaspersky Anti-Virus Update Task started Update
3/18/2011 5:25:25 AM Kaspersky Anti-Virus Update Task failed Update Not enough disk space
3/18/2011 5:28:15 AM AVG Cache Server File Anti-Virus Packed Unknown application
3/18/2011 5:30:17 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:30:19 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:31:36 AM AVG Cache Server File Anti-Virus Packed Unknown application
3/18/2011 5:31:44 AM AVG Cache Server File Anti-Virus Packed Unknown application
3/18/2011 5:31:44 AM AVG Cache Server File Anti-Virus Packed Unknown application
3/18/2011 5:31:44 AM AVG Cache Server File Anti-Virus Packed Unknown application
3/18/2011 5:35:27 AM AVG Cache Server File Anti-Virus Packed Unknown application
3/18/2011 5:38:33 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:38:35 AM AVG Cache Server File Anti-Virus Packed Unknown application
3/18/2011 5:41:37 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:43:12 AM AVG Cache Server File Anti-Virus Packed Unknown application
3/18/2011 5:43:12 AM AVG Cache Server File Anti-Virus Packed Unknown application
3/18/2011 5:44:04 AM Kaspersky Anti-Virus Update Task started Update
3/18/2011 5:44:44 AM Kaspersky Anti-Virus Update Task failed Update Not enough disk space
3/18/2011 5:44:48 AM AVG Cache Server File Anti-Virus Packed: Swf2Exe Unknown application
3/18/2011 5:49:36 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:49:36 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:49:36 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:49:43 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:49:59 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:49:59 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:49:59 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:50:00 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:50:00 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:50:00 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:50:33 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:50:39 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:50:45 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:01 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:06 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:10 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:11 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:11 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:26 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:35 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:36 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:38 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:40 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:41 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\WINDOWS\system32\drivers\pciidex.sys
3/18/2011 5:51:42 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:42 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:46 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:47 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:47 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:48 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:52 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:53 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:53 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:54 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:55 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:56 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:57 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:58 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:51:59 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:52:00 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:52:01 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\WINDOWS\system32\drivers\tdi.sys
3/18/2011 5:52:02 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:52:04 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:52:06 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:52:06 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:52:07 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:52:09 AM AVG Cache Server File Anti-Virus Packed: PE_Patch Unknown application
3/18/2011 5:55:17 AM AVG Cache Server File Anti-Virus Packed Unknown application
3/18/2011 5:55:18 AM AVG Cache Server File Anti-Virus Packed Unknown application
3/18/2011 6:03:49 AM Kaspersky Anti-Virus Update Task started Update
3/18/2011 6:05:17 AM Kaspersky Anti-Virus Update Task failed Update Not enough disk space
3/18/2011 6:24:05 AM Kaspersky Anti-Virus Update Task started Update
3/18/2011 6:25:29 AM Kaspersky Anti-Virus Update Task failed Update Not enough disk space
3/18/2011 6:44:16 AM Kaspersky Anti-Virus Update Task started Update
3/18/2011 6:46:06 AM Kaspersky Anti-Virus Update Task failed Update Not enough disk space
3/18/2011 6:47:23 AM AVG Cache Server File Anti-Virus Packed Unknown application
3/18/2011 7:11:22 AM Kaspersky Anti-Virus License management License expires soon
3/18/2011 7:11:23 AM Kaspersky Anti-Virus Protection Center Threats have been detected
3/18/2011 7:11:24 AM Kaspersky Anti-Virus File Anti-Virus Task started File Anti-Virus
3/18/2011 7:11:24 AM Kaspersky Anti-Virus IM Anti-Virus Task started IM Anti-Virus
3/18/2011 7:11:24 AM Kaspersky Anti-Virus Mail Anti-Virus Task started Mail Anti-Virus
3/18/2011 7:11:24 AM Kaspersky Anti-Virus Proactive Defense Task started Proactive Defense
3/18/2011 7:11:24 AM Kaspersky Anti-Virus Web Anti-Virus Task started Web Anti-Virus
3/18/2011 7:11:24 AM Kaspersky Anti-Virus Protection Center Your computer is protected
3/18/2011 7:12:18 AM CTF Loader Self-Defense Denied C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
3/18/2011 7:12:18 AM Windows Explorer Self-Defense Denied C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
3/18/2011 7:14:57 AM Kaspersky Anti-Virus Custom Scan Task started Full Scan
3/18/2011 7:21:33 AM Kaspersky Anti-Virus Update Task started Update
3/18/2011 7:28:03 AM Kaspersky Anti-Virus Update Task completed Update
3/18/2011 7:28:04 AM Kaspersky Anti-Virus Protection Center Detected: UDS:DangerousObject.Multi.Generic C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe KSN service
3/18/2011 7:28:06 AM Kaspersky Anti-Virus Protection Center Detected: UDS:DangerousObject.Multi.Generic C:\System Volume Information\_restore{D7438AE8-0208-4C23-AC84-D4420F59D095}\RP4\A0066624.exe KSN service
3/18/2011 7:29:18 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\WINDOWS\Driver Cache\i386\bthport.sys
3/18/2011 7:34:33 AM AVG Cache Server File Anti-Virus Packed: Swf2Exe C:\WINDOWS\Help\Tours\mmTour\tour.exe
3/18/2011 8:25:40 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\WINDOWS\Installer\182a1c.msi/WinHTTP_NTQFE.6AB4B1E3_9BF2_4A9B_BC64_CE23E2B44659
3/18/2011 8:48:35 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\Documents and Settings\user\My Documents\Downloads\SQLFULL_X86_ENU.EXE
3/18/2011 8:48:35 AM AVG Cache Server File Anti-Virus Detected: not-a-virus:WebToolbar.Win32.Sahat.e C:\Documents and Settings\user\My Documents\Downloads\ShopAtHome_Toolbar(2).exe/data0001.res
3/18/2011 8:48:37 AM AVG Cache Server File Anti-Virus Untreated: not-a-virus:WebToolbar.Win32.Sahat.e C:\Documents and Settings\user\My Documents\Downloads\ShopAtHome_Toolbar(2).exe/data0001.res Skipped by user
3/18/2011 8:48:37 AM AVG Cache Server File Anti-Virus Detected: not-a-virus:WebToolbar.Win32.Sahat.e C:\Documents and Settings\user\My Documents\Downloads\ShopAtHome_Toolbar(2).exe/#
3/18/2011 8:48:39 AM AVG Cache Server File Anti-Virus Detected: not-a-virus:WebToolbar.Win32.Sahat.e C:\Documents and Settings\user\My Documents\Downloads\ShopAtHome_Toolbar(2).exe/data0001.res
3/18/2011 8:48:39 AM AVG Cache Server File Anti-Virus Untreated: not-a-virus:WebToolbar.Win32.Sahat.e C:\Documents and Settings\user\My Documents\Downloads\ShopAtHome_Toolbar(2).exe/data0001.res Skipped by user
3/18/2011 8:48:39 AM AVG Cache Server File Anti-Virus Detected: not-a-virus:WebToolbar.Win32.Sahat.e C:\Documents and Settings\user\My Documents\Downloads\ShopAtHome_Toolbar(2).exe/#
3/18/2011 8:48:41 AM AVG Cache Server File Anti-Virus Detected: not-a-virus:WebToolbar.Win32.Sahat.e C:\Documents and Settings\user\My Documents\Downloads\ShopAtHome_Toolbar(3).exe/data0001.res
3/18/2011 8:48:41 AM AVG Cache Server File Anti-Virus Untreated: not-a-virus:WebToolbar.Win32.Sahat.e C:\Documents and Settings\user\My Documents\Downloads\ShopAtHome_Toolbar(3).exe/data0001.res Skipped by user
3/18/2011 8:48:41 AM AVG Cache Server File Anti-Virus Detected: not-a-virus:WebToolbar.Win32.Sahat.e C:\Documents and Settings\user\My Documents\Downloads\ShopAtHome_Toolbar(3).exe/#
3/18/2011 8:48:42 AM AVG Cache Server File Anti-Virus Detected: not-a-virus:WebToolbar.Win32.Sahat.e C:\Documents and Settings\user\My Documents\Downloads\ShopAtHome_Toolbar(3).exe/data0001.res
3/18/2011 8:48:42 AM AVG Cache Server File Anti-Virus Untreated: not-a-virus:WebToolbar.Win32.Sahat.e C:\Documents and Settings\user\My Documents\Downloads\ShopAtHome_Toolbar(3).exe/data0001.res Skipped by user
3/18/2011 8:48:42 AM AVG Cache Server File Anti-Virus Detected: not-a-virus:WebToolbar.Win32.Sahat.e C:\Documents and Settings\user\My Documents\Downloads\ShopAtHome_Toolbar(3).exe/#
3/18/2011 9:24:33 AM AVG Cache Server File Anti-Virus Packed: UPX C:\WINDOWS\Installer\e7440c6.msi/Callcwclosewarning
3/18/2011 9:25:35 AM AVG Cache Server File Anti-Virus Packed: UPX C:\WINDOWS\Installer\MSI650.tmp
3/18/2011 9:27:53 AM AVG Cache Server File Anti-Virus Packed: UPX C:\WINDOWS\Installer\e7440c6.msi/Callcwclosewarning
3/18/2011 9:41:49 AM Kaspersky Anti-Virus Update Task started Update
3/18/2011 9:50:30 AM Kaspersky Anti-Virus Update Task completed Update No available updates
3/18/2011 10:52:26 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\Program Files\x86\redist\windows installer\ia64\instmsi45.exe
3/18/2011 10:57:27 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\WINDOWS\OPTIONS\CABS\Rtenic.sys
3/18/2011 10:57:28 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\WINDOWS\OPTIONS\CABS\Rtenicxp.sys
3/18/2011 11:04:26 AM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
3/18/2011 11:23:22 AM Kaspersky Anti-Virus Custom Scan Task completed Full Scan
3/18/2011 11:26:47 AM Kaspersky Anti-Virus Custom Scan Task started Startup Objects Scan
3/18/2011 11:31:50 AM Kaspersky Anti-Virus Custom Scan Task completed Startup Objects Scan
3/18/2011 12:01:50 PM Kaspersky Anti-Virus Update Task started Update
3/18/2011 12:05:24 PM Kaspersky Anti-Virus Update Task completed Update
3/18/2011 12:05:46 PM Kaspersky Anti-Virus Protection Center Detected: UDS:DangerousObject.Multi.Generic C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe KSN service
3/18/2011 12:05:46 PM Kaspersky Anti-Virus Protection Center Detected: UDS:DangerousObject.Multi.Generic C:\System Volume Information\_restore{D7438AE8-0208-4C23-AC84-D4420F59D095}\RP4\A0066624.exe KSN service
3/18/2011 12:05:46 PM Kaspersky Anti-Virus Protection Center Detected: UDS:DangerousObject.Multi.Generic C:\System Volume Information\_restore{D7438AE8-0208-4C23-AC84-D4420F59D095}\rp24\a0082513.exe KSN service
3/18/2011 12:24:37 PM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\Program Files\SQLFULL_x86_ENU.exe
3/18/2011 12:27:48 PM AVG Cache Server File Anti-Virus Packed: PE_Patch C:\Program Files\x86\redist\windows installer\ia64\instmsi45.exe
3/18/2011 2:21:33 PM Kaspersky Anti-Virus Update Task started Update
3/18/2011 2:23:33 PM Kaspersky Anti-Virus Update Task completed Update
3/18/2011 2:24:02 PM AVG Cache Server File Anti-Virus Packed: WiseSFXDropper C:\Documents and Settings\user\My Documents\Abby\HP2\Documents\Documents\FireFox\Downloads\shockwave_installer_slim.exe.kav
3/18/2011 3:01:29 PM Unknown application File Anti-Virus Detected: Virus.Win32.Murofet.a C:\Documents and Settings\user\My Documents\Abby\HP2\Documents\Documents\FireFox\Downloads\Shockwave_Installer_Slim.exe
3/18/2011 3:01:35 PM Unknown application File Anti-Virus Packed: UPX C:\_OTL\MovedFiles\03172011_201053\C_Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll
3/18/2011 3:01:41 PM Unknown application File Anti-Virus Packed: UPX C:\_OTL\MovedFiles\03132011_181902\C_Documents and Settings\All Users\Application Data\OcLVneIOUmyW.dll
3/18/2011 3:01:48 PM Unknown application File Anti-Virus Detected: Virus.Win32.Murofet.a C:\Documents and Settings\user\My Documents\Abby\HP2\Documents\Documents\FireFox\Downloads\install_flash_player.exe
3/18/2011 3:01:50 PM Unknown application File Anti-Virus Packed: UPX C:\_OTL\MovedFiles\03172011_201053\C_Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll
3/18/2011 3:01:59 PM Unknown application File Anti-Virus Packed: UPX C:\_OTL\MovedFiles\03132011_181902\C_Documents and Settings\All Users\Application Data\OcLVneIOUmyW.dll
3/18/2011 3:02:23 PM Unknown application File Anti-Virus Detected: Virus.Win32.Murofet.a C:\Documents and Settings\user\My Documents\Abby\HP2\Documents\Documents\FireFox\Downloads\DrJekill\DrJekill.exe
3/18/2011 3:02:45 PM Unknown application File Anti-Virus Detected: Virus.Win32.Murofet.a C:\Documents and Settings\user\My Documents\Abby\HP2\Documents\Desktop\WinRAR.exe
3/18/2011 3:02:54 PM Unknown application File Anti-Virus Detected: Virus.Win32.Murofet.a C:\Documents and Settings\user\My Documents\Abby\HP2\Documents\Desktop\UnRAR.exe
3/18/2011 3:02:57 PM Unknown application File Anti-Virus Detected: Virus.Win32.Murofet.a C:\Documents and Settings\user\My Documents\Abby\HP2\Documents\Desktop\Uninstall.exe
3/18/2011 3:02:59 PM Unknown application File Anti-Virus Detected: Virus.Win32.Murofet.a C:\Documents and Settings\user\My Documents\Abby\HP2\Documents\Desktop\RarExtLoader.exe
3/18/2011 3:03:01 PM Unknown application File Anti-Virus Detected: Virus.Win32.Murofet.a C:\Documents and Settings\user\My Documents\Abby\HP2\Documents\Desktop\Rar.exe
3/18/2011 3:03:26 PM Unknown application File Anti-Virus Packed: UPX C:\_OTL\MovedFiles\03132011_181902\C_Documents and Settings\All Users\Application Data\OcLVneIOUmyW.dll
3/18/2011 3:03:52 PM Unknown application File Anti-Virus Detected: Trojan-Downloader.Win32.Agent.fyme C:\_OTL\MovedFiles\03132011_181902\C_Documents and Settings\All Users\Application Data\OcLVneIOUmyW.dll/UPX
3/18/2011 3:04:04 PM Unknown application File Anti-Virus Packed: UPX C:\_OTL\MovedFiles\03172011_201053\C_Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll
3/18/2011 3:04:34 PM Unknown application File Anti-Virus Detected: Trojan-Downloader.Win32.Agent.fyme C:\_OTL\MovedFiles\03172011_201053\C_Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll/UPX
3/18/2011 3:04:44 PM Unknown application File Anti-Virus Packed: UPX C:\_OTL\MovedFiles\03132011_181902\C_Documents and Settings\All Users\Application Data\OcLVneIOUmyW.dll
3/18/2011 3:05:11 PM Unknown application File Anti-Virus Detected: Trojan-Downloader.Win32.Agent.fyme C:\_OTL\MovedFiles\03132011_181902\C_Documents and Settings\All Users\Application Data\OcLVneIOUmyW.dll/UPX
3/18/2011 3:05:22 PM Unknown application File Anti-Virus Packed: UPX C:\_OTL\MovedFiles\03172011_201053\C_Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll
3/18/2011 3:05:52 PM Unknown application File Anti-Virus Detected: Trojan-Downloader.Win32.Agent.fyme C:\_OTL\MovedFiles\03172011_201053\C_Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll/UPX
3/18/2011 4:41:48 PM Kaspersky Anti-Virus Update Task started Update
3/18/2011 4:43:39 PM Kaspersky Anti-Virus Update Task completed Update
3/18/2011 4:43:44 PM Kaspersky Anti-Virus Protection Center Detected: UDS:DangerousObject.Multi.Generic C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe KSN service
3/18/2011 4:43:44 PM Kaspersky Anti-Virus Protection Center Detected: UDS:DangerousObject.Multi.Generic C:\System Volume Information\_restore{D7438AE8-0208-4C23-AC84-D4420F59D095}\RP4\A0066624.exe KSN service
3/18/2011 4:43:44 PM Kaspersky Anti-Virus Protection Center Detected: UDS:DangerousObject.Multi.Generic C:\System Volume Information\_restore{D7438AE8-0208-4C23-AC84-D4420F59D095}\rp24\a0082513.exe KSN service

Attached Files

  • Attached File  Doc2.pdf   244.64KB   312 downloads

  • 0

#12
Cold Titanium
Posted 19 March 2011 - 10:09 AM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Let's try to get rid of that message

Step #1

This assumes you can find the installation cd

1. Go to Contol Panel
2. Double-click on System
3. Select the Hardware tab and them click on Device Manager
4. Click on the View menu item and then select Show Hidden Devices
5. Go to the Sound, Video and Game Controllers Group and locate the tagged Microsoft Kernel System Audio Device
6. Right-click and then choose Update Driver
7. When asked to connect to Windows Update, choose "No, not this time" and click Next.
8. When asked what you want the wizard to do, choose "Install from a list of specific location" and then click Next.
9. Insert the OS Installation CD on your CD drive.
10. When asked for the search and Installation options, choose "Don't search..." and click Next.
11. When asked to select the device driver that you want to install, highlight click on the Microsoft Kernel System Audio Device and then click Next.
12. After the driver is installed, let the OS restart for it to take effect.
  • 0

#13
HomeDog
Posted 19 March 2011 - 04:15 PM

HomeDog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
CT -
I updated per your instructions however still do not have audio. Messages at start-up have disappeared. Control panel indicates "no device found". The software from the original system CD said "software not digitally signed", but I replied to install anyway.
HD
  • 0

#14
Cold Titanium
Posted 19 March 2011 - 04:39 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Click Start > Run and type in the following then press Enter

devmgmt.msc

When Device Manager opens, take a look and tell me if you see any yellow exclamation marks. Tell me the names of what is marked if any.
  • 0

#15
HomeDog
Posted 19 March 2011 - 05:23 PM

HomeDog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
CT - no yellow exclamation marks.
HD
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP