Jump to content

pinkshoegirl

Honorary Members
  • Posts

    45
  • Joined

  • Last visited

Everything posted by pinkshoegirl

  1. I just manually shut down after it appears to have frozen again.
  2. The scan appears to be running again, I'll let you know if it freezes after a half hour again. I just have a question, when I reboot I have been selecting "Safe Mode". Does it make a difference that I'm not choosing "Safe Mode With Networking" or "Safe Mode With Command Prompt"?
  3. I was able to run ComboFix that way, but it still froze - I couldn't even close it, had to manually shut down.
  4. When I double click on combo fix it appears to start running, but never gets past the blue screen that says it should take 10 minutes to run. No log ever produces and I have to manually shut my computer down by hitting the power button. Please note I can still only operate in safe mode, not sure if that has anything to do with it?
  5. FYI - I did receive the following error message while OTL was running: There is no disk in the drive. Please insert a disk into drive. I hit continue a few times until it skipped over it and continued the scan.
  6. OTL Extras logfile created on: 9/12/2011 5:32:07 PM - Run 1 OTL by OldTimer - Version 3.2.28.0 Folder = I:\Documents and Settings\Owner\Desktop Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1023.36 Mb Total Physical Memory | 828.55 Mb Available Physical Memory | 80.96% Memory free 2.40 Gb Paging File | 2.34 Gb Available in Paging File | 97.25% Paging File free Paging file location(s): I:\pagefile.sys 1536 4096 [binary data] %SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files Drive I: | 232.88 Gb Total Space | 70.73 Gb Free Space | 30.37% Space Free | Partition Type: NTFS Computer Name: KENNY-577585BD9 | User Name: Owner | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Generate MD5 Signatures] -- "I:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise) Directory [Winamp.Bookmark] -- "I:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "I:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "I:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "I:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = I:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC) "I:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = I:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC) "I:\Program Files\America Online 9.0\waol.exe" = I:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.) "I:\Program Files\America Online 9.0a\waol.exe" = I:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- (America Online, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "I:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = I:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC) "I:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = I:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC) "I:\Program Files\America Online 9.0\waol.exe" = I:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.) "I:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = I:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC) "I:\Program Files\Common Files\AOL\Loader\aolload.exe" = I:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) "I:\Program Files\Common Files\AOL\1149769522\ee\aolsoftware.exe" = I:\Program Files\Common Files\AOL\1149769522\ee\aolsoftware.exe:*:Enabled:AOL Services -- (AOL LLC) "I:\Program Files\Common Files\AOL\1149769522\ee\aim6.exe" = I:\Program Files\Common Files\AOL\1149769522\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.) "I:\Program Files\America Online 9.0a\waol.exe" = I:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- (America Online, Inc.) "I:\Program Files\Full Tilt Poker\FullTiltPoker.exe" = I:\Program Files\Full Tilt Poker\FullTiltPoker.exe:*:Enabled:Full Tilt Poker -- () "I:\Program Files\America Online 9.0a\aol.exe" = I:\Program Files\America Online 9.0a\aol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.) "I:\Program Files\PokerStars.NET\PokerStarsUpdate.exe" = I:\Program Files\PokerStars.NET\PokerStarsUpdate.exe:*:Enabled:PokerStars.net -- (PokerStars) "I:\Program Files\Actiontec\DslAOL\napamon.exe" = I:\Program Files\Actiontec\DslAOL\napamon.exe:*:Enabled:Actiontec Home DSL Monitor -- () "I:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = I:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.) "I:\Program Files\AOL 9.1\waol.exe" = I:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.) "I:\Program Files\Common Files\AOL\System Information\sinf.exe" = I:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18 "{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation "{34566374-6C4D-419F-A9E0-8B21CA905FD8}" = ATI Catalyst Control Center "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{47D2D455-2C1C-4922-A520-3E3466D783E1}" = Sony Media Manager 2.0 "{48841A74-2C0D-43D4-BF6E-6B775CD87B4D}" = PGS "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0 "{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM "{576FBE17-EBF2-4CC7-87A4-A28034CBE424}" = Sony Vegas 6.0b "{5817AD6D-0A4E-4B56-A09E-9861F6D5A194}" = Sony DVD Architect 3.0a "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service "{5CB34832-06F1-4511-AFA6-DB1271C3F0EC}" = Actiontec USB/Ethernet Home DSL Monitor "{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes "{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{689404D2-1C94-44B3-9203-BEC5594FDA7A}" = Microsoft SQL Server Desktop Engine (NeatReceipts Professional) "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel "{6CCDF4E6-D2AE-4DD8-80FD-F9AFF951AEAE}" = Adobe Premiere Elements 1.0 "{6F845B05-8B76-4302-A808-7FB21E2BC5E6}" = Sony DVD Handycam USB Driver "{7106DFFD-2C84-11D7-A490-00C0DF117E72}" = SSuite Personal Office "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries "{7E545666-F420-45FD-B3DF-C0B99A1A579F}" = QuickBooks Simple Start Edition "{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec USB/Ethernet Home DSL Modem "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0 "{AE704636-ECD0-426C-952E-05B8DABD1949}" = EPSON PhotoStarter3.2 "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{FD350FC2-A972-427D-800B-A2D200ACFF41}" = ImageMixer for Sony DVD Handycam "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "AOL YGP Screensaver" = AOL You've Got Pictures Screensaver "BurnWorld.Com BurnOn CD&DVD_is1" = BurnOn CD&DVD, Version 3.1.0 ( Build 2005-10-26, Win32, ) "Carbonite Backup" = Carbonite "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner "FLAC" = FLAC Installer 1.1.2a (remove only) "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "mkwACT" = mkw Audio Compression Toolkit "mkwMFCRTL" = mkw Runtime Libraries "MWASPI" = MicroStaff WINASPI "NeatReceipts Professional" = NeatReceipts Professional v2.5.5 "nik Color Efex Pro 2.0 Promo II" = nik Color Efex Pro 2.0 Promo II "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "PKR" = PKR "PokerStars" = PokerStars "PokerStars.net" = PokerStars.net "Port Magic" = Pure Networks Port Magic "PremElem10" = Adobe Premiere Elements 1.0 "PROSet" = Intel® PRO Network Adapters and Drivers "Quicken 2001 Deluxe" = Quicken 2001 Deluxe "RealPlayer 6.0" = RealPlayer Basic "Silent Package Run-Time Sample" = EPSON SPRX620 Reference Guide "SM1FX_AT" = USB Storage Adapter FX (SM1) "StreetPlugin" = Learn2 Player (Uninstall Only) "TestPokerStars.com" = TestPokerStars.com "VLC media player" = VideoLAN VLC media player 0.8.5 "WGA" = Windows Genuine Advantage Validation Tool "Winamp" = Winamp (remove only) "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format Runtime ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 7/18/2011 7:19:40 PM | Computer Name = KENNY-577585BD9 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 7/18/2011 7:19:45 PM | Computer Name = KENNY-577585BD9 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 7.0.5730.13, faulting module flash10t.ocx, version 10.3.181.26, fault address 0x000027b2. Error - 7/18/2011 7:20:11 PM | Computer Name = KENNY-577585BD9 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 7/18/2011 7:20:11 PM | Computer Name = KENNY-577585BD9 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 7/18/2011 7:20:14 PM | Computer Name = KENNY-577585BD9 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 7/18/2011 7:20:14 PM | Computer Name = KENNY-577585BD9 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 7/18/2011 7:20:52 PM | Computer Name = KENNY-577585BD9 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 7.0.5730.13, faulting module flash10t.ocx, version 10.3.181.26, fault address 0x000027b2. Error - 8/30/2011 3:08:52 AM | Computer Name = KENNY-577585BD9 | Source = MsiInstaller | ID = 11706 Description = Product: ATI Catalyst Control Center -- Error 1706.No valid source could be found for product ATI Catalyst Control Center. The Windows Installer cannot continue. Error - 9/6/2011 6:39:16 PM | Computer Name = KENNY-577585BD9 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 9/6/2011 6:40:16 PM | Computer Name = KENNY-577585BD9 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. [ System Events ] Error - 9/12/2011 5:31:53 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error - 9/12/2011 5:31:53 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error - 9/12/2011 5:31:53 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error - 9/12/2011 5:31:53 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error - 9/12/2011 5:31:53 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error - 9/12/2011 5:31:53 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error - 9/12/2011 5:31:53 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error - 9/12/2011 5:31:53 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error - 9/12/2011 5:31:58 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 9/12/2011 5:33:15 PM | Computer Name = KENNY-577585BD9 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ASPI32 Fips intelppm < End of report >
  7. OTL logfile created on: 9/12/2011 5:32:07 PM - Run 1 OTL by OldTimer - Version 3.2.28.0 Folder = I:\Documents and Settings\Owner\Desktop Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1023.36 Mb Total Physical Memory | 828.55 Mb Available Physical Memory | 80.96% Memory free 2.40 Gb Paging File | 2.34 Gb Available in Paging File | 97.25% Paging File free Paging file location(s): I:\pagefile.sys 1536 4096 [binary data] %SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files Drive I: | 232.88 Gb Total Space | 70.73 Gb Free Space | 30.37% Space Free | Partition Type: NTFS Computer Name: KENNY-577585BD9 | User Name: Owner | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/09/12 17:27:36 | 000,581,632 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Owner\Desktop\OTL.exe PRC - [2004/08/10 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe PRC - [2004/08/10 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\userinit.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (wuauserv) SRV - [2009/01/09 17:13:28 | 001,951,376 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Stopped] -- I:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService) SRV - [2007/11/07 23:48:20 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- I:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2006/11/09 15:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- I:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- I:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS) SRV - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- I:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW) SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- I:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR) SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR) ========== Driver Services (SafeList) ========== DRV - [2010/06/21 18:07:39 | 000,091,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2006/05/13 08:03:24 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- I:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM) DRV - [2004/08/10 03:47:50 | 000,046,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\IrBus.sys -- (IrBus) DRV - [2004/08/05 22:20:34 | 000,788,736 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\smrt.sys -- (smrt) DRV - [2004/04/13 15:57:00 | 000,160,640 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2004/04/13 15:56:00 | 000,682,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004/04/13 15:54:00 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2004/04/08 11:04:56 | 000,635,017 | ---- | M] (Sony Corporation) [File_System | System | Running] -- I:\WINDOWS\System32\drivers\sonypvf2.sys -- (sonypvf2) DRV - [2004/03/17 15:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2003/08/20 10:44:26 | 000,431,236 | ---- | M] (Sony Corporation) [File_System | System | Running] -- I:\WINDOWS\System32\drivers\sonypvt2.sys -- (sonypvt2) DRV - [2003/07/25 15:02:40 | 000,019,478 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- I:\WINDOWS\System32\drivers\sonypvl2.sys -- (sonypvl2) DRV - [2003/06/24 10:29:34 | 000,064,093 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- I:\WINDOWS\system32\drivers\sonypvd2.sys -- (sonypvd2) DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- I:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32) DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Stopped] -- I:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com/?src=customie7'>http://www.aol.com/?src=customie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://my.aol.com/?ncid=aolmas00050000000002 [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://my.aol.com/?ncid=aolmas00050000000002 [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=customie7'>http://www.aol.com/?src=customie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = AOL search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/ IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55α=%s&S=1 IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () O1 HOSTS File: ([2010/02/27 11:26:50 | 000,000,027 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Photo Downloader] I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AOLDialer] I:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC) O4 - HKLM..\Run: [ATICCC] "I:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay File not found O4 - HKLM..\Run: [Carbonite Backup] I:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) O4 - HKLM..\Run: [EPSON Stylus Photo RX620 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] I:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider) O4 - HKLM..\Run: [HostManager] I:\Program Files\Common Files\AOL\1149769522\ee\aolsoftware.exe (AOL LLC) O4 - HKLM..\Run: [NapsterShell] I:\Program Files\Napster\napster.exe (Napster) O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Pure Networks Port Magic] I:\Program Files\Pure Networks\Port Magic\PortAOL.exe (Pure Networks, Inc.) O4 - HKLM..\Run: [WinampAgent] I:\Program Files\Winamp\winampa.exe () O4 - HKCU..\RunOnce: [FlashPlayerUpdate] I:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.) O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = I:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = I:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = I:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O20 - HKLM Winlogon: Shell - (Explorer.exe) -I:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) -I:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: fastabel - (I:\WINDOWS\system32\cmdl2bin.dll) - File not found O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011/09/12 17:27:35 | 000,581,632 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\Owner\Desktop\OTL.exe [2011/09/06 18:44:08 | 000,607,260 | R--- | C] (Swearware) -- I:\Documents and Settings\Owner\Desktop\dds1.scr [2011/09/06 18:38:57 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Owner\My Documents\tdsskiller [2011/08/30 06:06:49 | 000,607,260 | R--- | C] (Swearware) -- I:\Documents and Settings\Owner\Desktop\dds.scr [2011/08/30 05:59:52 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- I:\Documents and Settings\Owner\Desktop\mbam-setup.exe [2011/08/30 05:33:50 | 000,000,000 | ---D | C] -- I:\Program Files\ATI Technologies [2011/08/30 04:38:04 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Carbonite [2011/08/30 04:37:48 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/08/30 04:37:40 | 000,000,000 | ---D | C] -- I:\Program Files\Malwarebytes' Anti-Malware [2011/08/30 04:37:40 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Owner\Application Data\Malwarebytes [2011/08/30 04:37:40 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/08/30 03:15:40 | 000,000,000 | -HSD | C] -- I:\Config.Msi [2006/05/19 08:17:50 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- I:\Program Files\Common Files\SM1updtr.dll [4 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ] [1 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/09/12 17:31:41 | 000,013,646 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl [2011/09/12 17:31:29 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat [2011/09/12 17:27:36 | 000,581,632 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Owner\Desktop\OTL.exe [2011/09/06 18:44:19 | 000,607,260 | R--- | M] (Swearware) -- I:\Documents and Settings\Owner\Desktop\dds1.scr [2011/09/06 18:38:10 | 001,386,462 | ---- | M] () -- I:\Documents and Settings\Owner\My Documents\tdsskiller.zip [2011/08/30 06:29:42 | 000,302,592 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\ho9bi5w2.exe [2011/08/30 06:06:50 | 000,607,260 | R--- | M] (Swearware) -- I:\Documents and Settings\Owner\Desktop\dds.scr [2011/08/30 06:05:35 | 000,050,477 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\Defogger.exe [2011/08/30 05:59:52 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- I:\Documents and Settings\Owner\Desktop\mbam-setup.exe [2011/08/30 05:04:04 | 000,126,912 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT [4 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ] [1 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/09/06 18:38:05 | 001,386,462 | ---- | C] () -- I:\Documents and Settings\Owner\My Documents\tdsskiller.zip [2011/08/30 06:29:39 | 000,302,592 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\ho9bi5w2.exe [2011/08/30 06:05:34 | 000,050,477 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\Defogger.exe [2011/06/29 20:26:59 | 000,079,448 | ---- | C] () -- I:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/04/17 10:47:52 | 000,232,968 | ---- | C] () -- I:\WINDOWS\System32\nvdrsdb0.bin [2011/04/17 10:47:50 | 000,232,968 | ---- | C] () -- I:\WINDOWS\System32\nvdrsdb1.bin [2011/04/17 10:47:50 | 000,000,001 | ---- | C] () -- I:\WINDOWS\System32\nvdrssel.bin [2011/04/17 10:15:36 | 000,000,010 | ---- | C] () -- I:\WINDOWS\WININIT.INI [2010/07/09 18:38:00 | 002,195,030 | ---- | C] () -- I:\WINDOWS\System32\nvdata.bin [2010/03/05 18:54:07 | 000,261,632 | ---- | C] () -- I:\WINDOWS\PEV.exe [2010/03/05 18:54:07 | 000,098,816 | ---- | C] () -- I:\WINDOWS\sed.exe [2010/03/05 18:54:07 | 000,080,412 | ---- | C] () -- I:\WINDOWS\grep.exe [2010/03/05 18:54:07 | 000,077,312 | ---- | C] () -- I:\WINDOWS\MBR.exe [2010/03/05 18:54:07 | 000,068,096 | ---- | C] () -- I:\WINDOWS\zip.exe [2010/03/04 21:15:55 | 000,013,836 | -HS- | C] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\04lB [2010/02/25 20:39:50 | 000,014,142 | -HS- | C] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\7EgpN4 [2007/02/24 14:40:48 | 000,000,067 | ---- | C] () -- I:\WINDOWS\AoADVDRipper.INI [2007/02/24 14:39:08 | 000,003,082 | ---- | C] () -- I:\WINDOWS\System32\affv9553p6now.sys [2006/12/27 21:45:18 | 000,108,134 | ---- | C] () -- I:\Documents and Settings\Owner\Application Data\fontlst2.opf [2006/10/07 15:41:05 | 000,000,754 | ---- | C] () -- I:\WINDOWS\WORDPAD.INI [2006/08/08 18:17:33 | 000,000,101 | ---- | C] () -- I:\WINDOWS\QHI.INI [2006/08/08 18:13:43 | 000,000,028 | ---- | C] () -- I:\WINDOWS\ICOA.INI [2006/08/08 18:13:33 | 000,000,000 | ---- | C] () -- I:\WINDOWS\QFN.ini [2006/08/08 18:13:33 | 000,000,000 | ---- | C] () -- I:\WINDOWS\QDQICK.ini [2006/08/08 17:51:52 | 000,000,185 | ---- | C] () -- I:\WINDOWS\intuprof.ini [2006/08/08 17:51:51 | 000,007,102 | ---- | C] () -- I:\WINDOWS\ICOADB32.DAT [2006/08/08 17:51:27 | 000,000,856 | ---- | C] () -- I:\WINDOWS\QUICKEN.INI [2006/06/11 21:10:56 | 000,031,744 | ---- | C] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/06/11 15:05:47 | 000,000,291 | ---- | C] () -- I:\WINDOWS\msfsetup.ini [2006/06/08 08:13:34 | 000,000,029 | ---- | C] () -- I:\WINDOWS\atid.ini [2006/06/01 16:44:38 | 000,000,022 | ---- | C] () -- I:\WINDOWS\kodakpcd.Owner.ini [2006/05/27 22:23:37 | 000,528,384 | ---- | C] () -- I:\WINDOWS\System32\BladeEnc.dll [2006/05/27 22:23:37 | 000,120,832 | ---- | C] () -- I:\WINDOWS\System32\ShnDll32.dll [2006/05/23 21:04:32 | 000,000,029 | ---- | C] () -- I:\WINDOWS\DEBUGSM.INI [2006/05/18 14:57:55 | 000,000,021 | ---- | C] () -- I:\WINDOWS\PI_setup.ini [2006/05/18 14:57:45 | 000,033,797 | ---- | C] () -- I:\WINDOWS\System32\EPPICPrinterDB.dat [2006/05/18 14:57:45 | 000,020,910 | ---- | C] () -- I:\WINDOWS\System32\EPPICPattern2.dat [2006/05/18 14:57:45 | 000,020,869 | ---- | C] () -- I:\WINDOWS\System32\EPPICPattern1.dat [2006/05/18 14:57:45 | 000,000,022 | ---- | C] () -- I:\WINDOWS\System32\PICSDK.ini [2006/05/18 14:56:29 | 000,096,768 | ---- | C] () -- I:\WINDOWS\SlantAdj.dll [2006/05/18 14:56:29 | 000,003,136 | ---- | C] () -- I:\WINDOWS\Ade001.bin [2006/05/18 14:56:29 | 000,000,072 | ---- | C] () -- I:\WINDOWS\System32\epDPE.ini [2006/05/18 14:47:22 | 000,000,227 | ---- | C] () -- I:\WINDOWS\EPSON RX620 Installer.ini [2006/05/13 11:07:36 | 000,053,248 | ---- | C] () -- I:\WINDOWS\System32\pxhpinst.exe [2006/05/13 08:04:26 | 000,000,715 | ---- | C] () -- I:\WINDOWS\aolback.exe.lnk [2006/05/13 08:02:13 | 000,000,335 | ---- | C] () -- I:\WINDOWS\nsreg.dat [2006/05/12 23:43:42 | 000,086,016 | ---- | C] () -- I:\WINDOWS\aeirem.exe [2006/05/12 23:43:42 | 000,000,196 | ---- | C] () -- I:\WINDOWS\aeirem.ini [2006/05/09 21:27:04 | 000,000,128 | ---- | C] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat [2006/05/09 18:46:14 | 000,131,072 | ---- | C] () -- I:\WINDOWS\System32\e1000msg.dll [2006/05/09 17:44:00 | 000,002,048 | --S- | C] () -- I:\WINDOWS\bootstat.dat [2006/05/09 17:37:47 | 000,021,640 | ---- | C] () -- I:\WINDOWS\System32\emptyregdb.dat [2006/05/09 13:30:04 | 000,004,161 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI [2006/05/09 13:29:04 | 000,126,912 | ---- | C] () -- I:\WINDOWS\System32\FNTCACHE.DAT [2005/02/03 23:59:48 | 000,118,784 | ---- | C] () -- I:\WINDOWS\System32\metaflac.exe [2005/02/03 23:59:44 | 000,217,088 | ---- | C] () -- I:\WINDOWS\System32\flac.exe [2004/08/10 08:00:00 | 000,673,088 | ---- | C] () -- I:\WINDOWS\System32\mlang.dat [2004/08/10 08:00:00 | 000,546,034 | ---- | C] () -- I:\WINDOWS\System32\perfh009.dat [2004/08/10 08:00:00 | 000,272,128 | ---- | C] () -- I:\WINDOWS\System32\perfi009.dat [2004/08/10 08:00:00 | 000,218,003 | ---- | C] () -- I:\WINDOWS\System32\dssec.dat [2004/08/10 08:00:00 | 000,106,864 | ---- | C] () -- I:\WINDOWS\System32\perfc009.dat [2004/08/10 08:00:00 | 000,046,258 | ---- | C] () -- I:\WINDOWS\System32\mib.bin [2004/08/10 08:00:00 | 000,028,626 | ---- | C] () -- I:\WINDOWS\System32\perfd009.dat [2004/08/10 08:00:00 | 000,027,440 | ---- | C] () -- I:\WINDOWS\System32\drivers\secdrv.sys [2004/08/10 08:00:00 | 000,004,569 | ---- | C] () -- I:\WINDOWS\System32\secupd.dat [2004/08/10 08:00:00 | 000,001,788 | ---- | C] () -- I:\WINDOWS\System32\Dcache.bin [2004/08/10 08:00:00 | 000,000,741 | ---- | C] () -- I:\WINDOWS\System32\noise.dat [2002/05/28 14:55:42 | 013,107,200 | ---- | C] () -- I:\WINDOWS\System32\oembios.bin [2002/05/28 14:54:40 | 000,004,605 | ---- | C] () -- I:\WINDOWS\System32\oembios.dat < End of report >
  8. I tried to run the DDS again, it appears to freeze and no logs ever pop up.
  9. 2011/09/06 18:41:18.0203 0688 TDSS rootkit removing tool 2.5.19.0 Sep 6 2011 19:23:56 2011/09/06 18:41:20.0203 0688 ================================================================================ 2011/09/06 18:41:20.0203 0688 SystemInfo: 2011/09/06 18:41:20.0203 0688 2011/09/06 18:41:20.0203 0688 OS Version: 5.1.2600 ServicePack: 2.0 2011/09/06 18:41:20.0203 0688 Product type: Workstation 2011/09/06 18:41:20.0203 0688 ComputerName: KENNY-577585BD9 2011/09/06 18:41:20.0203 0688 UserName: Owner 2011/09/06 18:41:20.0203 0688 Windows directory: I:\WINDOWS 2011/09/06 18:41:20.0203 0688 System windows directory: I:\WINDOWS 2011/09/06 18:41:20.0203 0688 Processor architecture: Intel x86 2011/09/06 18:41:20.0203 0688 Number of processors: 2 2011/09/06 18:41:20.0203 0688 Page size: 0x1000 2011/09/06 18:41:20.0203 0688 Boot type: Safe boot with network 2011/09/06 18:41:20.0203 0688 ================================================================================ 2011/09/06 18:41:21.0218 0688 Initialize success 2011/09/06 18:42:06.0234 1692 ================================================================================ 2011/09/06 18:42:06.0234 1692 Scan started 2011/09/06 18:42:06.0234 1692 Mode: Manual; 2011/09/06 18:42:06.0234 1692 ================================================================================ 2011/09/06 18:42:07.0343 1692 ACPI (a10c7534f7223f4a73a948967d00e69b) I:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/09/06 18:42:07.0406 1692 ACPIEC (9859c0f6936e723e4892d7141b1327d5) I:\WINDOWS\system32\drivers\ACPIEC.sys 2011/09/06 18:42:07.0546 1692 aec (1ee7b434ba961ef845de136224c30fec) I:\WINDOWS\system32\drivers\aec.sys 2011/09/06 18:42:07.0609 1692 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) I:\WINDOWS\System32\drivers\afd.sys 2011/09/06 18:42:08.0093 1692 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) I:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/09/06 18:42:08.0375 1692 ASCTRM (d880831279ed91f9a4190a2db9539ea9) I:\WINDOWS\system32\drivers\ASCTRM.sys 2011/09/06 18:42:08.0500 1692 ASPI32 (5b01af89d16d562825c4db4530f20cbb) I:\WINDOWS\system32\drivers\ASPI32.sys 2011/09/06 18:42:08.0578 1692 AsyncMac (02000abf34af4c218c35d257024807d6) I:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/09/06 18:42:08.0640 1692 atapi (cdfe4411a69c224bd1d11b2da92dac51) I:\WINDOWS\system32\DRIVERS\atapi.sys 2011/09/06 18:42:08.0812 1692 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) I:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/09/06 18:42:08.0890 1692 audstub (d9f724aa26c010a217c97606b160ed68) I:\WINDOWS\system32\DRIVERS\audstub.sys 2011/09/06 18:42:08.0984 1692 Beep (da1f27d85e0d1525f6621372e7b685e9) I:\WINDOWS\system32\drivers\Beep.sys 2011/09/06 18:42:09.0234 1692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) I:\WINDOWS\system32\drivers\cbidf2k.sys 2011/09/06 18:42:09.0296 1692 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) I:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/09/06 18:42:09.0421 1692 Cdaudio (c1b486a7658353d33a10cc15211a873b) I:\WINDOWS\system32\drivers\Cdaudio.sys 2011/09/06 18:42:09.0484 1692 Cdfs (cd7d5152df32b47f4e36f710b35aae02) I:\WINDOWS\system32\drivers\Cdfs.sys 2011/09/06 18:42:09.0562 1692 Cdrom (af9c19b3100fe010496b1a27181fbf72) I:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/09/06 18:42:10.0140 1692 Disk (00ca44e4534865f8a3b64f7c0984bff0) I:\WINDOWS\system32\DRIVERS\disk.sys 2011/09/06 18:42:10.0265 1692 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) I:\WINDOWS\system32\drivers\dmboot.sys 2011/09/06 18:42:10.0343 1692 dmio (f5e7b358a732d09f4bcf2824b88b9e28) I:\WINDOWS\system32\drivers\dmio.sys 2011/09/06 18:42:10.0406 1692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) I:\WINDOWS\system32\drivers\dmload.sys 2011/09/06 18:42:10.0515 1692 DMusic (a6f881284ac1150e37d9ae47ff601267) I:\WINDOWS\system32\drivers\DMusic.sys 2011/09/06 18:42:10.0640 1692 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) I:\WINDOWS\system32\drivers\drmkaud.sys 2011/09/06 18:42:10.0703 1692 E1000 (1dc189cd47ad4c8ca214b234b84ca228) I:\WINDOWS\system32\DRIVERS\e1000325.sys 2011/09/06 18:42:10.0890 1692 Fastfat (3117f595e9615e04f05a54fc15a03b20) I:\WINDOWS\system32\drivers\Fastfat.sys 2011/09/06 18:42:10.0968 1692 Fdc (ced2e8396a8838e59d8fd529c680e02c) I:\WINDOWS\system32\DRIVERS\fdc.sys 2011/09/06 18:42:11.0031 1692 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) I:\WINDOWS\system32\drivers\Fips.sys 2011/09/06 18:42:11.0109 1692 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) I:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/09/06 18:42:11.0171 1692 FltMgr (157754f0df355a9e0a6f54721914f9c6) I:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/09/06 18:42:11.0234 1692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) I:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/09/06 18:42:11.0296 1692 Ftdisk (6ac26732762483366c3969c9e4d2259d) I:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/09/06 18:42:11.0390 1692 GEARAspiWDM (f2f431d1573ee632975c524418655b84) I:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/09/06 18:42:11.0453 1692 Gpc (c0f1d4a21de5a415df8170616703debf) I:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/09/06 18:42:11.0531 1692 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) I:\WINDOWS\system32\drivers\HdAudio.sys 2011/09/06 18:42:11.0593 1692 HDAudBus (4f11912e3b579013be7b1628791ebbcd) I:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/09/06 18:42:11.0687 1692 HidIr (cc6b00739ed83a64cd817dc93d26a667) I:\WINDOWS\system32\DRIVERS\hidir.sys 2011/09/06 18:42:11.0781 1692 HidUsb (1de6783b918f540149aa69943bdfeba8) I:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/09/06 18:42:11.0906 1692 HSFHWAZL (dfadd76b2efdf49b81e5ebfa691d5131) I:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2011/09/06 18:42:12.0000 1692 HSF_DP (a5997c70a8df5f4e5c60fff7429823e9) I:\WINDOWS\system32\DRIVERS\HSF_DP.sys 2011/09/06 18:42:12.0109 1692 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) I:\WINDOWS\system32\Drivers\HTTP.sys 2011/09/06 18:42:12.0312 1692 i8042prt (5502b58eef7486ee6f93f3f164dcb808) I:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/09/06 18:42:12.0375 1692 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) I:\WINDOWS\system32\DRIVERS\imapi.sys 2011/09/06 18:42:12.0578 1692 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) I:\WINDOWS\system32\DRIVERS\intelide.sys 2011/09/06 18:42:12.0656 1692 intelppm (279fb78702454dff2bb445f238c048d2) I:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/09/06 18:42:12.0703 1692 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) I:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/09/06 18:42:12.0781 1692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) I:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/09/06 18:42:12.0859 1692 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) I:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/09/06 18:42:12.0968 1692 IpNat (e2168cbc7098ffe963c6f23f472a3593) I:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/09/06 18:42:13.0062 1692 IPSec (64537aa5c003a6afeee1df819062d0d1) I:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/09/06 18:42:13.0125 1692 IrBus (7381237118fdc710e7ff698baa5a2e67) I:\WINDOWS\system32\DRIVERS\IrBus.sys 2011/09/06 18:42:13.0187 1692 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) I:\WINDOWS\system32\DRIVERS\irenum.sys 2011/09/06 18:42:13.0281 1692 isapnp (e504f706ccb699c2596e9a3da1596e87) I:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/09/06 18:42:13.0359 1692 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) I:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/09/06 18:42:13.0437 1692 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) I:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/09/06 18:42:13.0500 1692 kmixer (d93cad07c5683db066b0b2d2d3790ead) I:\WINDOWS\system32\drivers\kmixer.sys 2011/09/06 18:42:13.0562 1692 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) I:\WINDOWS\system32\drivers\KSecDD.sys 2011/09/06 18:42:13.0812 1692 MASPINT (a2ae666cee860babe7fa6f1662b71737) I:\WINDOWS\system32\drivers\MASPINT.sys 2011/09/06 18:42:13.0875 1692 mdmxsdk (3c318b9cd391371bed62126581ee9961) I:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/09/06 18:42:13.0984 1692 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) I:\WINDOWS\system32\DRIVERS\mhndrv.sys 2011/09/06 18:42:14.0046 1692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) I:\WINDOWS\system32\drivers\mnmdd.sys 2011/09/06 18:42:14.0125 1692 Modem (6fc6f9d7acc36dca9b914565a3aeda05) I:\WINDOWS\system32\drivers\Modem.sys 2011/09/06 18:42:14.0203 1692 Mouclass (34e1f0031153e491910e12551400192c) I:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/09/06 18:42:14.0265 1692 mouhid (b1c303e17fb9d46e87a98e4ba6769685) I:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/09/06 18:42:14.0328 1692 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) I:\WINDOWS\system32\drivers\MountMgr.sys 2011/09/06 18:42:14.0468 1692 MRxDAV (46edcc8f2db2f322c24f48785cb46366) I:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/09/06 18:42:14.0562 1692 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) I:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/09/06 18:42:14.0640 1692 Msfs (561b3a4333ca2dbdba28b5b956822519) I:\WINDOWS\system32\drivers\Msfs.sys 2011/09/06 18:42:14.0718 1692 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) I:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/09/06 18:42:14.0796 1692 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) I:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/09/06 18:42:14.0859 1692 MSPQM (1988a33ff19242576c3d0ef9ce785da7) I:\WINDOWS\system32\drivers\MSPQM.sys 2011/09/06 18:42:14.0921 1692 mssmbios (469541f8bfd2b32659d5d463a6714bce) I:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/09/06 18:42:15.0046 1692 MSTEE (bf13612142995096ab084f2db7f40f77) I:\WINDOWS\system32\drivers\MSTEE.sys 2011/09/06 18:42:15.0109 1692 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) I:\WINDOWS\system32\drivers\Mup.sys 2011/09/06 18:42:15.0187 1692 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) I:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/09/06 18:42:15.0250 1692 NDIS (558635d3af1c7546d26067d5d9b6959e) I:\WINDOWS\system32\drivers\NDIS.sys 2011/09/06 18:42:15.0312 1692 NdisIP (520ce427a8b298f54112857bcf6bde15) I:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/09/06 18:42:15.0390 1692 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) I:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/09/06 18:42:15.0453 1692 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) I:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/09/06 18:42:15.0515 1692 NdisWan (0b90e255a9490166ab368cd55a529893) I:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/09/06 18:42:15.0578 1692 NDProxy (59fc3fb44d2669bc144fd87826bb571f) I:\WINDOWS\system32\drivers\NDProxy.sys 2011/09/06 18:42:15.0656 1692 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) I:\WINDOWS\system32\DRIVERS\netbios.sys 2011/09/06 18:42:15.0718 1692 NetBT (0c80e410cd2f47134407ee7dd19cc86b) I:\WINDOWS\system32\DRIVERS\netbt.sys 2011/09/06 18:42:15.0875 1692 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) I:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/09/06 18:42:15.0953 1692 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) I:\WINDOWS\system32\drivers\Npfs.sys 2011/09/06 18:42:16.0046 1692 Ntfs (b78be402c3f63dd55521f73876951cdd) I:\WINDOWS\system32\drivers\Ntfs.sys 2011/09/06 18:42:16.0156 1692 Null (73c1e1f395918bc2c6dd67af7591a3ad) I:\WINDOWS\system32\drivers\Null.sys 2011/09/06 18:42:16.0546 1692 nv (ed9816dbaf6689542ea7d022631906a1) I:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/09/06 18:42:16.0890 1692 NVHDA (049aa7021e5406e77f3535be66635b74) I:\WINDOWS\system32\drivers\nvhda32.sys 2011/09/06 18:42:16.0968 1692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) I:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/09/06 18:42:17.0031 1692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) I:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/09/06 18:42:17.0093 1692 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) I:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/09/06 18:42:17.0187 1692 Parport (29744eb4ce659dfe3b4122deb45bc478) I:\WINDOWS\system32\DRIVERS\parport.sys 2011/09/06 18:42:17.0250 1692 PartMgr (3334430c29dc338092f79c38ef7b4cd0) I:\WINDOWS\system32\drivers\PartMgr.sys 2011/09/06 18:42:17.0312 1692 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) I:\WINDOWS\system32\drivers\ParVdm.sys 2011/09/06 18:42:17.0359 1692 PCI (8086d9979234b603ad5bc2f5d890b234) I:\WINDOWS\system32\DRIVERS\pci.sys 2011/09/06 18:42:17.0500 1692 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) I:\WINDOWS\system32\DRIVERS\pciide.sys 2011/09/06 18:42:17.0578 1692 Pcmcia (82a087207decec8456fbe8537947d579) I:\WINDOWS\system32\drivers\Pcmcia.sys 2011/09/06 18:42:18.0140 1692 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) I:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/09/06 18:42:18.0234 1692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) I:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/09/06 18:42:18.0296 1692 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) I:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/09/06 18:42:18.0734 1692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) I:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/09/06 18:42:18.0843 1692 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) I:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/09/06 18:42:18.0906 1692 RasPppoe (7306eeed8895454cbed4669be9f79faa) I:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/09/06 18:42:18.0984 1692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) I:\WINDOWS\system32\DRIVERS\raspti.sys 2011/09/06 18:42:19.0046 1692 Rdbss (809ca45caa9072b3176ad44579d7f688) I:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/09/06 18:42:19.0109 1692 RDPCDD (4912d5b403614ce99c28420f75353332) I:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/09/06 18:42:19.0218 1692 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) I:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/09/06 18:42:19.0312 1692 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) I:\WINDOWS\system32\drivers\RDPWD.sys 2011/09/06 18:42:19.0375 1692 redbook (b31b4588e4086d8d84adbf9845c2402b) I:\WINDOWS\system32\DRIVERS\redbook.sys 2011/09/06 18:42:19.0640 1692 Secdrv (d26e26ea516450af9d072635c60387f4) I:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/09/06 18:42:19.0718 1692 Serial (cd9404d115a00d249f70a371b46d5a26) I:\WINDOWS\system32\drivers\Serial.sys 2011/09/06 18:42:19.0812 1692 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) I:\WINDOWS\system32\drivers\Sfloppy.sys 2011/09/06 18:42:19.0968 1692 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) I:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/09/06 18:42:20.0062 1692 smrt (27d6be8e961ab9df26ec5ce823b68b7f) I:\WINDOWS\system32\DRIVERS\smrt.sys 2011/09/06 18:42:20.0187 1692 sonypvd2 (4101a5a53d93a7c6d059e630992b9149) I:\WINDOWS\system32\DRIVERS\sonypvd2.sys 2011/09/06 18:42:20.0281 1692 sonypvf2 (810caa0bf9325cd10c87127aed3f9ff2) I:\WINDOWS\system32\drivers\sonypvf2.sys 2011/09/06 18:42:20.0359 1692 sonypvl2 (4efce4ce7813b8c4d7c526ad3b821fe9) I:\WINDOWS\system32\drivers\sonypvl2.sys 2011/09/06 18:42:20.0437 1692 sonypvt2 (04be0be6b50bac71de235c0cb766268c) I:\WINDOWS\system32\drivers\sonypvt2.sys 2011/09/06 18:42:20.0578 1692 splitter (8e186b8f23295d1e42c573b82b80d548) I:\WINDOWS\system32\drivers\splitter.sys 2011/09/06 18:42:20.0687 1692 sr (e41b6d037d6cd08461470af04500dc24) I:\WINDOWS\system32\DRIVERS\sr.sys 2011/09/06 18:42:20.0781 1692 Srv (553007ecce7f6565bbe645beb66d3b69) I:\WINDOWS\system32\DRIVERS\srv.sys 2011/09/06 18:42:20.0890 1692 streamip (284c57df5dc7abca656bc2b96a667afb) I:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/09/06 18:42:20.0953 1692 swenum (03c1bae4766e2450219d20b993d6e046) I:\WINDOWS\system32\DRIVERS\swenum.sys 2011/09/06 18:42:21.0031 1692 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) I:\WINDOWS\system32\drivers\swmidi.sys 2011/09/06 18:42:21.0375 1692 sysaudio (650ad082d46bac0e64c9c0e0928492fd) I:\WINDOWS\system32\drivers\sysaudio.sys 2011/09/06 18:42:21.0500 1692 Tcpip (583e063fdc888ca30d05c2724b0d7ef4) I:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/09/06 18:42:21.0562 1692 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) I:\WINDOWS\system32\drivers\TDPIPE.sys 2011/09/06 18:42:21.0609 1692 TDTCP (ed0580af02502d00ad8c4c066b156be9) I:\WINDOWS\system32\drivers\TDTCP.sys 2011/09/06 18:42:21.0671 1692 TermDD (a540a99c281d933f3d69d55e48727f47) I:\WINDOWS\system32\DRIVERS\termdd.sys 2011/09/06 18:42:21.0906 1692 Udfs (12f70256f140cd7d52c58c7048fde657) I:\WINDOWS\system32\drivers\Udfs.sys 2011/09/06 18:42:22.0078 1692 Update (aff2e5045961bbc0a602bb6f95eb1345) I:\WINDOWS\system32\DRIVERS\update.sys 2011/09/06 18:42:22.0203 1692 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) I:\WINDOWS\system32\Drivers\usbaapl.sys 2011/09/06 18:42:22.0281 1692 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) I:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/09/06 18:42:22.0343 1692 usbehci (15e993ba2f6946b2bfbbfcd30398621e) I:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/09/06 18:42:22.0421 1692 usbhub (c72f40947f92cea56a8fb532edf025f1) I:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/09/06 18:42:22.0484 1692 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) I:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/09/06 18:42:22.0546 1692 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) I:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/09/06 18:42:22.0609 1692 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/09/06 18:42:22.0671 1692 usbuhci (f8fd1400092e23c8f2f31406ef06167b) I:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/09/06 18:42:22.0750 1692 VgaSave (8a60edd72b4ea5aea8202daf0e427925) I:\WINDOWS\System32\drivers\vga.sys 2011/09/06 18:42:22.0890 1692 VolSnap (ee4660083deba849ff6c485d944b379b) I:\WINDOWS\system32\drivers\VolSnap.sys 2011/09/06 18:42:23.0031 1692 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) I:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/09/06 18:42:23.0109 1692 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) I:\WINDOWS\system32\DRIVERS\wanatw4.sys 2011/09/06 18:42:23.0250 1692 wdmaud (2797f33ebf50466020c430ee4f037933) I:\WINDOWS\system32\drivers\wdmaud.sys 2011/09/06 18:42:23.0343 1692 winachsf (cdc87dc4d727a1c0c7cfaf82e58b0e7c) I:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/09/06 18:42:23.0656 1692 WSTCODEC (d5842484f05e12121c511aa93f6439ec) I:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/09/06 18:42:23.0859 1692 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 2011/09/06 18:42:24.0031 1692 Boot (0x1200) (ea056d6c64c2bb57784622f0eedb9feb) \Device\Harddisk0\DR0\Partition0 2011/09/06 18:42:24.0062 1692 ================================================================================ 2011/09/06 18:42:24.0062 1692 Scan finished 2011/09/06 18:42:24.0062 1692 ================================================================================ 2011/09/06 18:42:24.0125 0640 Detected object count: 0 2011/09/06 18:42:24.0125 0640 Actual detected object count: 0
  10. I had a previous thread that was closed because I was away for a little while. I apologize for that. Basically, when I boot my Windows xp PC, I hear all the normal sounds and see all the normal boot screens, however once it gets to the desktop all I can see is my background image and mouse cursor. There are no icons, no taskbar and CTRL-ALT-DEL does nothing. When I right click the mouse, the normal options are there, but I can't do anything with them. For example, when I click "Properties" the box simply closes. Sometimes when I boot I can't even get the right click menu to appear. I was able to boot the machine in Safe Mode and everything is there. However Malwarebytes won't run. I tried to download Malwarebytes again and it seems to have updated but nothing happens when I double click or right-click Open. I was able to complete the Defogger step. I was able to RUN (not save and run) DDS but it seemingly froze and never displayed any logs even after being open a few hours. I was able to complete the GMER step and that is the only log I have to attach. Please help, you guys are amazing! ~Kim 641 - http://www.gmer.net Rootkit scan 2011-08-30 13:18:28 Windows 5.1.2600 Service Pack 2 Running: ho9bi5w2.exe; Driver: I:\DOCUME~1\Owner\LOCALS~1\Temp\kfpcyfog.sys ---- User code sections - GMER 1.0.15 ---- .text I:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 7E38C510 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 7E38C491 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 7E38C4D5 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 7E38C3D9 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 7E38C413 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 7E38C54B I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 7E38C44D I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk1\DR2 sector 00: rootkit-like behavior ---- EOF - GMER 1.0.15 ----
  11. I'm not sure if this thread is closed or not. But yes my monitor is on. As I stated previously, the computer does boot. But the desktop is black with only a mouse cursor. When I boot in safe mode I can then see my desktop image and icons which are larger than normal, however I can only access programs through the start menu. May be something not related to a virus though, sorry for wasting your time!
  12. I can't download anything to my desktop it's completely black. Could this be a monitor setting issue?
  13. Followed above steps, was able to download and install malwarebytes. I see the folder in the start menu, but nothing happens when I click it. Desktop is still black. Can only operate in Safe Mode...
  14. I was unable to save DDS to my desktop as it's black with no icons, but I was able to save it there and run it instead of double clicking it. It's been over 3 minutes and no logs have popped up. I know everything is substantially slower in safe mode so I'll leave it up until I hear back in hopes it will finish?
  15. I was unable to update Malware Bytes possibly because I had to start Windows in Safe Mode to see my programs (still no desktop and all my icons are enormous) - received the following Error Code: 732(12007,0) then 732(0,0) I ran a quick scan with the old version I have and here is the log, I'm proceeding to step 2 with DDS now: Malwarebytes' Anti-Malware 1.44 Database version: 3828 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 7.0.5730.13 7/5/2011 8:15:31 PM mbam-log-2011-07-05 (20-15-31).txt Scan type: Quick Scan Objects scanned: 117479 Time elapsed: 7 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  16. Hi I came here for help with a virus a while back and you all were so knowledgeable I figured I'd try here first. Our PC was recently in for service to replace the power supply and when we got it back I noticed my anti-virus software was missing. I couldn't remember the name or find any related emails so I shut the computer down once I verified it was working properly and thought nothing of it. When I powered it back up today to try to reinstall the anti-virus all I see is my background image and a mouse cursor. My icons are not there and ctrl-alt-del does not bring up the task manager. I'm not sure if this can be a virus as I was only online briefly to search the names of anti-virus programs. Any help of what to do next would be greatly appreciated since I can't find or run malwarebytes. Thanks! ~Kim
  17. great! thanks again everything is up and seems to be running fine except when i run new programs that is taking longer than usual - thanks so much for the links.
  18. It's been fine since I ran the combo fix. Just a few questions: You had be delete my McAfee antivirus and install Avira. Is this better than McAfee and does it have a firewall as that was deleted with McAfee also? Or do I need to unistall it and reinstall McAfee? Last week when you were working with me I did something with a Defogger that said I may need to re-enable after we were done? And lastly, I deleted Java, is this safe to reinstall? Thanks as always for your help
  19. I'm sorry I just realized I was suppose to clear them only... But I turn it back on correct?
  20. I already created a new one because the link you posted said I should: All system restore points are deleted. Now you should manually create a restore point. 1. Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore. 2. Click Create a Restore Point, and then click Next. 3. Name your restore point. (I use the date as well as a descriptive term such as "After Restore Point Deletion.")
  21. okay i had to turn system restore back on though in order to create a new restore point after deleting the old ones. now i leave it on correct?
  22. I don't have this option: 2. Click to add a check mark beside Turn off System Restore on all Drives, and click Apply.
  23. Avira AntiVir Personal Report file date: Saturday, March 06, 2010 15:30 Scanning for 1820270 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 2) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : KENNY-577585BD9 Version information: BUILD.DAT : 9.0.0.418 21723 Bytes 12/2/2009 16:28:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 16:26:33 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 12:35:52 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 20:28:31 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 20:28:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 20:28:46 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 20:28:52 VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 20:28:52 VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 20:28:52 VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 20:28:52 VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 20:28:52 VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 20:28:52 VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 20:28:52 VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 20:28:53 VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 20:28:53 VBASE013.VDF : 7.10.4.212 2048 Bytes 3/5/2010 20:28:53 VBASE014.VDF : 7.10.4.213 2048 Bytes 3/5/2010 20:28:53 VBASE015.VDF : 7.10.4.214 2048 Bytes 3/5/2010 20:28:53 VBASE016.VDF : 7.10.4.215 2048 Bytes 3/5/2010 20:28:53 VBASE017.VDF : 7.10.4.216 2048 Bytes 3/5/2010 20:28:53 VBASE018.VDF : 7.10.4.217 2048 Bytes 3/5/2010 20:28:53 VBASE019.VDF : 7.10.4.218 2048 Bytes 3/5/2010 20:28:53 VBASE020.VDF : 7.10.4.219 2048 Bytes 3/5/2010 20:28:54 VBASE021.VDF : 7.10.4.220 2048 Bytes 3/5/2010 20:28:54 VBASE022.VDF : 7.10.4.221 2048 Bytes 3/5/2010 20:28:54 VBASE023.VDF : 7.10.4.222 2048 Bytes 3/5/2010 20:28:54 VBASE024.VDF : 7.10.4.223 2048 Bytes 3/5/2010 20:28:54 VBASE025.VDF : 7.10.4.224 2048 Bytes 3/5/2010 20:28:54 VBASE026.VDF : 7.10.4.225 2048 Bytes 3/5/2010 20:28:54 VBASE027.VDF : 7.10.4.226 2048 Bytes 3/5/2010 20:28:54 VBASE028.VDF : 7.10.4.227 2048 Bytes 3/5/2010 20:28:54 VBASE029.VDF : 7.10.4.228 2048 Bytes 3/5/2010 20:28:55 VBASE030.VDF : 7.10.4.229 2048 Bytes 3/5/2010 20:28:55 VBASE031.VDF : 7.10.4.233 25088 Bytes 3/5/2010 20:28:55 Engineversion : 8.2.1.180 AEVDF.DLL : 8.1.1.3 106868 Bytes 3/6/2010 20:29:08 AESCRIPT.DLL : 8.1.3.17 1032570 Bytes 3/6/2010 20:29:08 AESCN.DLL : 8.1.5.0 127347 Bytes 3/6/2010 20:29:06 AESBX.DLL : 8.1.2.0 254323 Bytes 3/6/2010 20:29:09 AERDL.DLL : 8.1.4.2 479602 Bytes 3/6/2010 20:29:05 AEPACK.DLL : 8.2.1.0 426356 Bytes 3/6/2010 20:29:04 AEOFFICE.DLL : 8.1.0.39 196987 Bytes 3/6/2010 20:29:03 AEHEUR.DLL : 8.1.1.7 2326902 Bytes 3/6/2010 20:29:02 AEHELP.DLL : 8.1.10.1 237942 Bytes 3/6/2010 20:28:58 AEGEN.DLL : 8.1.2.0 373107 Bytes 3/6/2010 20:28:57 AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 12:38:26 AECORE.DLL : 8.1.12.2 188790 Bytes 3/6/2010 20:28:56 AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 12:38:20 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59 AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 20:14:02 AVREP.DLL : 8.0.0.7 159784 Bytes 3/6/2010 20:29:10 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58 RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 17:25:47 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: i:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: I:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Start of the scan: Saturday, March 06, 2010 15:30 Starting search for hidden objects. '107452' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'aoltpsd3.exe' - '1' Module(s) have been scanned Scan process 'shellmon.exe' - '1' Module(s) have been scanned Scan process 'waol.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'msdtc.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'qbupdate.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'E_FATI9HA.EXE' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'QTTask.exe' - '1' Module(s) have been scanned Scan process 'napster.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'CarboniteUI.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'SM1bg.exe' - '1' Module(s) have been scanned Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sqlservr.exe' - '1' Module(s) have been scanned Scan process 'ehSched.exe' - '1' Module(s) have been scanned Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned Scan process 'CarboniteService.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 50 processes with 50 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Master boot sector HD3 [iNFO] No virus was found! Master boot sector HD4 [iNFO] No virus was found! Master boot sector HD5 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'I:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '62' files ). Starting the file scan: Begin scan in 'I:\' I:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. I:\Program Files\Common Files\AOL\1149769522\ee\services\imApp\ver1_2_80\uninst.exe [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware I:\Program Files\Common Files\AOL\Backup\ACS\Rollback\Suite\comps\acsrollb.exe [0] Archive type: NSIS --> [PluginsDir]/utility.dll [DETECTION] Is the TR/StartPage.HMI Trojan I:\System Volume Information\_restore{492C6F41-ED66-4374-AF45-B68863E1AECF}\RP1065\A0105118.dll [DETECTION] Is the TR/Trash.Gen Trojan I:\System Volume Information\_restore{492C6F41-ED66-4374-AF45-B68863E1AECF}\RP1067\A0105217.exe [DETECTION] Is the TR/Dldr.FraudLo.sxm Trojan I:\System Volume Information\_restore{492C6F41-ED66-4374-AF45-B68863E1AECF}\RP1067\A0105218.exe [DETECTION] Is the TR/Drop.Agent.wzh Trojan I:\System Volume Information\_restore{492C6F41-ED66-4374-AF45-B68863E1AECF}\RP1075\A0105572.dll [DETECTION] Is the TR/Agent.35328 Trojan I:\System Volume Information\_restore{492C6F41-ED66-4374-AF45-B68863E1AECF}\RP1075\A0105712.exe [DETECTION] Is the TR/FakeRean.A.134 Trojan Beginning disinfection: I:\Program Files\Common Files\AOL\1149769522\ee\services\imApp\ver1_2_80\uninst.exe [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware [NOTE] The file was moved to '4bfbd1fb.qua'! I:\Program Files\Common Files\AOL\Backup\ACS\Rollback\Suite\comps\acsrollb.exe [NOTE] The file was moved to '4c05d1f0.qua'! I:\System Volume Information\_restore{492C6F41-ED66-4374-AF45-B68863E1AECF}\RP1065\A0105118.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4bc3d1bd.qua'! I:\System Volume Information\_restore{492C6F41-ED66-4374-AF45-B68863E1AECF}\RP1067\A0105217.exe [DETECTION] Is the TR/Dldr.FraudLo.sxm Trojan [NOTE] The file was moved to '4aa66cfe.qua'! I:\System Volume Information\_restore{492C6F41-ED66-4374-AF45-B68863E1AECF}\RP1067\A0105218.exe [DETECTION] Is the TR/Drop.Agent.wzh Trojan [NOTE] The file was moved to '4aa17456.qua'! I:\System Volume Information\_restore{492C6F41-ED66-4374-AF45-B68863E1AECF}\RP1075\A0105572.dll [DETECTION] Is the TR/Agent.35328 Trojan [NOTE] The file was moved to '4aa514b6.qua'! I:\System Volume Information\_restore{492C6F41-ED66-4374-AF45-B68863E1AECF}\RP1075\A0105712.exe [DETECTION] Is the TR/FakeRean.A.134 Trojan [NOTE] The file was moved to '4ff8c676.qua'! End of the scan: Saturday, March 06, 2010 17:05 Used time: 1:06:01 Hour(s) The scan has been done completely. 9936 Scanned directories 478410 Files were scanned 7 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 7 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 478402 Files not concerned 2395 Archives were scanned 1 Warnings 8 Notes 107452 Objects were scanned with rootkit scan 0 Hidden objects were found Attach.zip DDS.txt
  24. Malwarebytes' Anti-Malware 1.44 Database version: 3828 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 3/6/2010 10:05:24 AM mbam-log-2010-03-06 (10-05-24).txt Scan type: Quick Scan Objects scanned: 116016 Time elapsed: 3 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.