Jump to content

Anti-Malware wont start - Antivirus 2009


Recommended Posts

The short version is anti-malware wont run anymore. I think its because Antivirus 2009 got smarter.

Back story....I was working on a computer that had been infected with Antivirus 2009. Hijack this wouldnt install, I couldnt load the command prompt, I wasnt able to install msi files (or maybe just specific ones), and other various things were disabled to prevent me from cleaning the system. After finally discovering anti-malware I ran it and the computer was mostly fixed...for a few minutes. (Although it didnt specially find antivirus2009) I was able to run hijack this and clean up some other misc BHOs, but when I tried to update anti-malware and adware I got connection errors. I thought that was odd because I knew the internet was working so I decided to run a free online virus scanner. When I got re-directed to antivirus2009 I knew that I had not actually gotten rid of it.

Since I couldnt update anti-malware automatically I downloaded the update on another computer to load in. Unfortunately anti-malware would no longer load. I do see the processes running, so is it possible antivirus 2009 is hiding the windows? I uninstalled and reinstalled and still nothing.

Any ideas?

Link to post
Share on other sites

I am in the same situation. MBAM will not run. Spybot will not run. HJT will not run. I cannot update McAfee through AOL. My web browser redirects almost everything to their spam pages and all of my google search results go to a "trick" page. I can't run the detection programs in safe mode neither.

Link to post
Share on other sites

Interesting! I had a friend who is puter illiterate call last night and say that MS anti virus 2009 had popped up on her screen and would not close.

They have two laptops, the older one had this problem several months ago and i downloaded MBAM which cleaned it up pronto. This new laptop did not have MBAM on it yet cause they often don't listen until they are in trouble :huh:

I instructed her by phone to use task manager to shut down the pop up, then google MBAM. The pages she described that came up sounded all wrong so i had her Cnet downloads and download MBAM from there. A scan showed nothing found but the pop ups are gone, i'm suspicious and think i will need to go do a "hands on", it is out in the boonies and a bit of a drive ...sigh.

Any ideas folks?

Link to post
Share on other sites

Not of much help to you - but I ran into something similar.

I had someone call me and tell me that one of our PC's was getting a message that "windows reported...."

By the second word, I knew what happened.

By the time I strolled down to that location 6 blocks away, they had installed AV 2009, Spy Hunter, and all their little friends.

Spybot was dead, MSI was dead, F-Prot (which may be fired soon) was dead.

The ONLY thing (or at least the first thing) that would install was MBAM.

Good thing, as it was able to clear out 95% of the infection via the quick scan, the rest on the reboot, and the subsequent detailed scans all came out clean.

I normally require nothing more than a command prompt and my experienced nose to cure most malware, so this one threw me a bit.

I'm wondering why S&D was affected whereas MBAM wasn't.

Is it perhaps the same thing I've run into with AV - where most of the big players rely on (potentially infected) windows api's for file access?

That was why I went with Kaspersky originally - though it's reliance on msi meant it was useless in this situation.

Link to post
Share on other sites

I would definately recommend all those having these issues post in the Malwarebytes HijackThis (HJT) forum for assistance in getting rid of your bugs. The experts here are pretty much unrivaled and have years of experience with dealing with extremely nasty malware infections. Good luck to you all and I hope you come out clean. If you can't run HijackThis, no worries, the experts here will instruct you on what to do. If you choose to go the DIY route and use a tool to clean your PC without knowing exactly what it does could do more harm than good so be careful if you don't seek help from the pro's.

Link to post
Share on other sites

Hi All.

For those affected, It's not antivirus pro 2009 blocking us from installing/loading. It's a new bot that we don't have updated defs for.. Yet.. I really need those affected to follow my instructions below in a fresh thread, so we can go from there.

We'll get you all cleaned up, and keep this from happening again in the future.

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.
I need you to follow the instructions provided here
first.
I also need for you to download this program
http://oldtimer.geekstogo.com/OTListIt.exe' rel="external nofollow">
to your desktop.
  • Close all applications and windows so that you have nothing open and are at your Desktop

  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.

  • Place a checkmark in the
    "Scan All Users"
    checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)

  • Click the Run Scan button

  • NOTE:
    Please be patient and let the scan run without using the computer

  • When the scan is complete, a text file (
    OTListIt.Txt
    ) will open in Notepad (if not, it can be found on your Desktop)

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.

  • Submit your reply and close the Notepad window with
    OTList.txt

  • Also OTListIt's
    Extras.txt
    log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.

  • NOTE:
    If the files (
    OTListIt.txt, Extras.txt
    ) do not appear in your taskbar, just open the files in notepad from your desktop.


Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.
Link to post
Share on other sites

Hi All.

For those affected, It's not antivirus pro 2009 blocking us from installing/loading. It's a new bot that we don't have updated defs for.. Yet.. I really need those affected to follow my instructions below in a fresh thread, so we can go from there.

We'll get you all cleaned up, and keep this from happening again in the future.

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.
I need you to follow the instructions provided here
first.
I also need for you to download this program
to your desktop.
  • Close all applications and windows so that you have nothing open and are at your Desktop

  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.

  • Place a checkmark in the
    "Scan All Users"
    checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)

  • Click the Run Scan button

  • NOTE:
    Please be patient and let the scan run without using the computer

  • When the scan is complete, a text file (
    OTListIt.Txt
    ) will open in Notepad (if not, it can be found on your Desktop)

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.

  • Submit your reply and close the Notepad window with
    OTList.txt

  • Also OTListIt's
    Extras.txt
    log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.

  • NOTE:
    If the files (
    OTListIt.txt, Extras.txt
    ) do not appear in your taskbar, just open the files in notepad from your desktop.

Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.

Having trouble fixing my hijacked firefox browser after Antivirus pro 2009 debacle. Can't install your tools. Here are the text files. Thank you for your help.

OTListIt logfile created on: 11/12/2008 5:29:49 AM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 632.45 Mb Available Physical Memory | 61.80% Memory free

2.40 Gb Paging File | 2.04 Gb Available in Paging File | 85.09% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 186.31 Gb Total Space | 33.93 Gb Free Space | 18.21% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: STUARTS3

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2008/07/19 09:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

[2008/07/19 09:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

[2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2007/05/27 09:16:16 | 00,122,512 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe

[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

[2007/01/04 18:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

[2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2008/08/14 16:53:35 | 00,258,048 | ---- | M] (Phantombility, Inc) -- C:\Program Files\Phantombility\Phantom Burner\pbservice.exe

[2006/11/02 08:40:12 | 00,174,656 | R--- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

[2008/07/22 11:59:42 | 00,794,624 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe

[2006/06/14 10:58:00 | 00,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[2005/06/02 15:54:34 | 00,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe

[2008/07/19 09:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

[2008/07/23 09:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

[2008/07/19 09:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

[2006/05/18 01:27:06 | 16,207,872 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe

[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2008/06/02 10:13:26 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

[2007/08/07 16:01:42 | 01,282,048 | ---- | M] (Corel Copyright © 2007) -- C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe

[2006/10/18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe

[2008/06/02 10:13:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

[2008/11/12 05:27:47 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt.exe

========== (O23) Win32 Services ==========

[2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2005/09/23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008/07/19 09:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

[2008/07/19 09:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

[2008/07/19 09:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

[2008/07/23 09:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

[2007/05/27 09:16:16 | 00,122,512 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen [Auto | Running])

[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2005/06/02 15:54:34 | 00,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])

[2005/09/23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008/09/03 09:01:31 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])

[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2008/06/02 10:13:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

[2007/01/04 18:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running])

[2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2008/08/14 16:53:35 | 00,258,048 | ---- | M] (Phantombility, Inc) -- C:\Program Files\Phantombility\Phantom Burner\pbservice.exe -- (pbservice [Auto | Running])

[2006/11/02 08:40:12 | 00,174,656 | R--- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing [Auto | Running])

[2008/07/22 11:59:42 | 00,794,624 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer [Auto | Running])

[2006/06/14 10:58:00 | 00,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])

[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2008/04/13 13:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])

[2008/07/19 09:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running])

[2005/03/09 01:53:00 | 00,036,352 | R--- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [system | Running])

[2008/07/19 09:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

[2008/07/19 09:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

[2008/07/19 09:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

[2008/07/19 09:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running])

[2008/07/19 09:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])

[2008/04/13 13:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])

[2007/05/27 09:16:16 | 00,033,408 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [system | Running])

[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2006/05/16 04:32:58 | 04,275,712 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])

[2001/08/17 08:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir [On_Demand | Running])

[2008/04/20 18:53:12 | 00,010,368 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])

[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Running])

[2005/09/23 22:18:32 | 00,171,520 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus [On_Demand | Running])

[2008/04/13 13:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])

[2006/10/22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2006/04/24 04:52:28 | 00,100,736 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [boot | Running])

[2006/03/22 01:24:00 | 00,052,736 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])

[2006/03/22 01:24:02 | 00,018,944 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])

[2002/03/08 13:40:10 | 00,013,780 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [boot | Running])

[2008/08/14 18:18:46 | 00,041,472 | ---- | M] (Phantombility, Inc) -- C:\WINDOWS\system32\drivers\phmburnr.sys -- (phmburnr [boot | Running])

[2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007/10/19 19:56:10 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2006/11/23 10:36:48 | 00,073,216 | ---- | M] () -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel [Auto | Running])

[2008/02/18 10:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

[2004/08/04 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [system | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-1343024091-1214440339-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKU\S-1-5-21-1343024091-1214440339-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =

HKU\S-1-5-21-1343024091-1214440339-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKU\S-1-5-21-1343024091-1214440339-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

HKU\S-1-5-21-1343024091-1214440339-682003330-1003\S-1-5-21-1343024091-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-1343024091-1214440339-682003330-1003\S-1-5-21-1343024091-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)

O4 - HKLM..\Run: [GuideMenu] C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe -hide (Corel Copyright © 2007)

O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [skyTel] SkyTel.EXE (Realtek Semiconductor Corp.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1343024091-1214440339-682003330-1003..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1343024091-1214440339-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1343024091-1214440339-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2006/11/11 10:21:03 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[8 C:\WINDOWS\*.tmp files]

[2008/11/12 05:29:34 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt.exe

[2008/11/12 05:29:14 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Copy of OTListIt.exe

[2008/11/12 05:27:47 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTListIt.exe

[2008/11/12 04:58:27 | 07,508,608 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 3.0.3.exe

[2008/11/12 04:13:32 | 00,002,878 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg

[2008/11/12 04:13:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SmitfraudFix

[2008/11/12 04:03:00 | 03,044,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[2008/11/12 03:54:31 | 01,580,076 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SmitfraudFixtest.exe

[2008/11/12 03:01:48 | 00,233,472 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe

[2008/11/12 03:01:48 | 00,001,820 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

[2008/11/12 03:01:48 | 00,000,936 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

[2008/11/11 22:39:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2008/11/11 22:37:23 | 02,373,088 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup.exe

[2008/11/11 22:09:11 | 00,019,211 | ---- | C] () -- C:\WINDOWS\awerafexev.reg

[2008/11/11 22:09:11 | 00,018,511 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tadip._dl

[2008/11/11 22:09:11 | 00,018,134 | ---- | C] () -- C:\Program Files\Common Files\ohojyg.sys

[2008/11/11 22:09:11 | 00,017,855 | ---- | C] () -- C:\Program Files\Common Files\wojyjadu.bin

[2008/11/11 22:09:11 | 00,017,776 | ---- | C] () -- C:\WINDOWS\yfuk.bin

[2008/11/11 22:09:11 | 00,017,209 | ---- | C] () -- C:\WINDOWS\evicyqina.ban

[2008/11/11 22:09:11 | 00,016,540 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\yhovisajav._dl

[2008/11/11 22:09:11 | 00,016,482 | ---- | C] () -- C:\WINDOWS\emikuwiv.com

[2008/11/11 22:09:11 | 00,015,793 | ---- | C] () -- C:\WINDOWS\exev._dl

[2008/11/11 22:09:11 | 00,015,788 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ocixalazu.dat

[2008/11/11 22:09:11 | 00,014,835 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ysiwehat._dl

[2008/11/11 22:09:11 | 00,014,810 | ---- | C] () -- C:\WINDOWS\ivexyxof.com

[2008/11/11 22:09:11 | 00,014,744 | ---- | C] () -- C:\WINDOWS\qogajycos.db

[2008/11/11 22:09:11 | 00,014,444 | ---- | C] () -- C:\Program Files\Common Files\dynagu.dat

[2008/11/11 22:09:11 | 00,013,956 | ---- | C] () -- C:\Program Files\Common Files\etoda.dl

[2008/11/11 22:09:11 | 00,013,285 | ---- | C] () -- C:\WINDOWS\System32\jesuj._dl

[2008/11/11 22:09:11 | 00,013,264 | ---- | C] () -- C:\WINDOWS\tityzy.dat

[2008/11/11 22:09:11 | 00,012,859 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\qezuxisy.exe

[2008/11/11 22:09:11 | 00,012,756 | ---- | C] () -- C:\Program Files\Common Files\yhyzewuxez.bin

[2008/11/11 22:09:11 | 00,011,778 | ---- | C] () -- C:\Program Files\Common Files\uzagyw.bat

[2008/11/11 22:09:11 | 00,011,730 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ifyluzor.db

[2008/11/11 22:09:11 | 00,011,210 | ---- | C] () -- C:\WINDOWS\System32\modyco._dl

[2008/11/11 22:06:20 | 00,125,883 | ---- | C] () -- C:\WINDOWS\System32\wini10802.exe

[2008/11/11 22:05:08 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\beep.sys

[2008/11/11 22:05:08 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys

[2008/11/10 21:23:33 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\delself.bat

[2008/10/23 20:55:47 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008/10/14 14:21:26 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys

[2008/10/14 14:20:58 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys

[2008/10/14 14:20:20 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe

[2008/10/14 14:20:19 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

[2008/10/14 14:20:19 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe

[2008/10/14 14:20:18 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]

[8 C:\WINDOWS\*.tmp files]

[2008/11/12 05:27:47 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTListIt.exe

[2008/11/12 05:27:47 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Copy of OTListIt.exe

[2008/11/12 05:27:47 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt.exe

[2008/11/12 05:17:59 | 00,483,518 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008/11/12 05:17:59 | 00,411,422 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008/11/12 05:17:59 | 00,064,236 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008/11/12 05:14:04 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2008/11/12 05:13:59 | 00,000,691 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies

[2008/11/12 05:13:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008/11/12 05:13:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008/11/12 05:12:48 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini

[2008/11/12 05:12:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2008/11/12 05:12:48 | 00,000,211 | -HS- | M] () -- C:\boot.ini

[2008/11/12 04:58:34 | 07,508,608 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 3.0.3.exe

[2008/11/12 04:18:16 | 00,002,878 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg

[2008/11/12 04:03:02 | 03,044,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[2008/11/12 03:54:35 | 01,580,076 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SmitfraudFixtest.exe

[2008/11/12 03:02:45 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008/11/11 22:37:23 | 02,373,088 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup.exe

[2008/11/11 22:09:11 | 00,019,211 | ---- | M] () -- C:\WINDOWS\awerafexev.reg

[2008/11/11 22:09:11 | 00,018,511 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\tadip._dl

[2008/11/11 22:09:11 | 00,018,134 | ---- | M] () -- C:\Program Files\Common Files\ohojyg.sys

[2008/11/11 22:09:11 | 00,017,855 | ---- | M] () -- C:\Program Files\Common Files\wojyjadu.bin

[2008/11/11 22:09:11 | 00,017,776 | ---- | M] () -- C:\WINDOWS\yfuk.bin

[2008/11/11 22:09:11 | 00,017,209 | ---- | M] () -- C:\WINDOWS\evicyqina.ban

[2008/11/11 22:09:11 | 00,016,540 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\yhovisajav._dl

[2008/11/11 22:09:11 | 00,016,482 | ---- | M] () -- C:\WINDOWS\emikuwiv.com

[2008/11/11 22:09:11 | 00,015,793 | ---- | M] () -- C:\WINDOWS\exev._dl

[2008/11/11 22:09:11 | 00,015,788 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\ocixalazu.dat

[2008/11/11 22:09:11 | 00,014,835 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\ysiwehat._dl

[2008/11/11 22:09:11 | 00,014,810 | ---- | M] () -- C:\WINDOWS\ivexyxof.com

[2008/11/11 22:09:11 | 00,014,744 | ---- | M] () -- C:\WINDOWS\qogajycos.db

[2008/11/11 22:09:11 | 00,014,444 | ---- | M] () -- C:\Program Files\Common Files\dynagu.dat

[2008/11/11 22:09:11 | 00,013,956 | ---- | M] () -- C:\Program Files\Common Files\etoda.dl

[2008/11/11 22:09:11 | 00,013,285 | ---- | M] () -- C:\WINDOWS\System32\jesuj._dl

[2008/11/11 22:09:11 | 00,013,264 | ---- | M] () -- C:\WINDOWS\tityzy.dat

[2008/11/11 22:09:11 | 00,012,859 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\qezuxisy.exe

[2008/11/11 22:09:11 | 00,012,756 | ---- | M] () -- C:\Program Files\Common Files\yhyzewuxez.bin

[2008/11/11 22:09:11 | 00,011,778 | ---- | M] () -- C:\Program Files\Common Files\uzagyw.bat

[2008/11/11 22:09:11 | 00,011,730 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ifyluzor.db

[2008/11/11 22:09:11 | 00,011,210 | ---- | M] () -- C:\WINDOWS\System32\modyco._dl

[2008/11/11 22:06:22 | 00,125,883 | ---- | M] () -- C:\WINDOWS\System32\wini10802.exe

[2008/11/11 22:05:08 | 00,023,040 | ---- | M] () -- C:\WINDOWS\System32\dllcache\beep.sys

[2008/11/11 22:05:08 | 00,000,114 | ---- | M] () -- C:\WINDOWS\System32\delself.bat

[2008/11/10 22:14:22 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2008/11/10 22:01:07 | 00,178,176 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/10 20:51:51 | 00,000,452 | ---- | M] () -- C:\WINDOWS\I_VIEW32.INI

[2008/10/16 12:11:43 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI

[2008/10/15 11:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll

[2008/10/15 11:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008/10/15 02:07:42 | 00,238,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/10/15 02:01:57 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

< End of report >

OTListIt Extras logfile created on: 11/12/2008 5:29:49 AM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 632.45 Mb Available Physical Memory | 61.80% Memory free

2.40 Gb Paging File | 2.04 Gb Available in Paging File | 85.09% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 186.31 Gb Total Space | 33.93 Gb Free Space | 18.21% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: STUARTS3

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008/04/13 12:42:44 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus

[2005/10/19 12:38:04 | 03,661,824 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime

File not found -- C:\Program Files\TVersity\Media Server\TVersity.exe:*:Disabled:TVersity Media Server

[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2008/06/02 10:13:18 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

File not found -- D:\Setup.exe:*:Enabled:Setup

[2008/07/22 11:59:42 | 00,794,624 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server

[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2008/05/13 11:42:40 | 00,079,120 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager

[2008/05/13 11:26:04 | 06,034,704 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio

[2008/05/13 11:42:42 | 00,087,312 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime

"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1C5ECD40-9E38-11D4-8BC4-00D0B7BD9717}" = SpruceUp

"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti

"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10

"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support

"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour

"{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task

"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC

"{5C9440EC-5BAD-435F-8DE4-2B7A11C7B43E}" = TMPGEnc MPEG Editor

"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD

"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver

"{634281F2-7383-11D4-981D-005004B3CC15}" = MyDVD

"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC

"{6D299DC3-31E2-45C6-8E36-263A2AB1CE8C}" = InterVideo WinDVD SE

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{83104339-BF03-4ECA-910F-7B5344717EB5}" = GuideMenu

"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library

"{9CD89DD7-234A-4801-9D87-3DE352E146A0}" = TMPGEnc DVD Author 1.6

"{9F70BF98-003C-491D-81FC-FF9792206AF0}" = iTunes

"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library

"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC

"{AB9D7A69-9617-451B-AAE9-9FDAD06FB75C}" = TMPGEnc DVD Author 3 with DivX Authoring Trial Version

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update

"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2

"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord

"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)

"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12

"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{D48EAA77-E526-41EB-894C-BD6A17EABD95}" = TMPGEnc 3.0 XPress

"{DFF56DFF-F703-467C-AF1D-B8FAA99C7416}" = Ulead DVD MovieFactory SE

"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.2.1060)

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop 6.0" = Adobe Photoshop 6.0

"Adobe Premiere 6.0" = Adobe Premiere 6.0

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"avast!" = avast! Antivirus

"Azureus Vuze" = Azureus Vuze

"Cleaner 5 EZ" = Cleaner 5 EZ

"FLVplayer" = FLV Player

"Google Desktop" = Google Desktop

"GSpot" = GSpot Codec Information Appliance

"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX

"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5

"InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX

"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX

"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX

"InstallShield_{6D299DC3-31E2-45C6-8E36-263A2AB1CE8C}" = InterVideo WinDVD SE

"InstallShield_{83104339-BF03-4ECA-910F-7B5344717EB5}" = Corel GuideMenu

"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1

"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library

"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library

"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX

"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"Magic Bullet Looks Studio" = Magic Bullet Looks Studio

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NeroVision!UninstallKey" = Nero Digital

"NMPUninstallKey" = Nero Media Player

"NVIDIA Drivers" = NVIDIA Drivers

"Phantom Burner" = Phantom Burner

"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0

"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

"TVersity Codec Pack" = TVersity Codec Pack 1.2

"TVersity Media Server " = TVersity Media Server 1.0.0.3 RC2

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]

Error - 8/9/2008 9:52:30 PM | Computer Name = STUARTS3 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Owner\My Documents\Family Photos\2008\2008_05_24\IMG_2185.jpg

failed, 00000005.

Error - 8/9/2008 9:52:34 PM | Computer Name = STUARTS3 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Owner\My Documents\Family Photos\2008\2008_05_24\IMG_2202.jpg

failed, 00000005.

Error - 8/9/2008 9:52:34 PM | Computer Name = STUARTS3 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Owner\My Documents\Family Photos\2008\2008_05_24\IMG_2202.jpg

failed, 00000005.

Error - 8/9/2008 9:52:35 PM | Computer Name = STUARTS3 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Owner\My Documents\Family Photos\2008\2008_05_24\IMG_2213.jpg

failed, 00000005.

Error - 8/9/2008 9:52:35 PM | Computer Name = STUARTS3 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Owner\My Documents\Family Photos\2008\2008_05_24\IMG_2213.jpg

failed, 00000005.

Error - 8/9/2008 9:52:37 PM | Computer Name = STUARTS3 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Owner\My Documents\Family Photos\2008\2008_05_24\IMG_2220.jpg

failed, 00000005.

Error - 8/9/2008 9:52:37 PM | Computer Name = STUARTS3 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Owner\My Documents\Family Photos\2008\2008_05_24\IMG_2220.jpg

failed, 00000005.

Error - 10/20/2008 8:49:07 PM | Computer Name = STUARTS3 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Owner\My Documents\Family Photos\2008\2008_05_24\IMG_2168.JPG

failed, 00000005.

Error - 11/10/2008 10:47:59 PM | Computer Name = STUARTS3 | Source = avast! | ID = 33554522

Description = Internal error has occurred in module aswar scan function failed!,

function A0000111.

Error - 11/10/2008 10:58:19 PM | Computer Name = STUARTS3 | Source = avast! | ID = 33554522

Description = Internal error has occurred in module aswar scan function failed!,

function A0000111.

[ Application Events ]

Error - 10/5/2008 7:49:22 PM | Computer Name = STUARTS3 | Source = Application Error | ID = 1000

Description = Faulting application pdr.exe, version 7.0.0.1628, faulting module

pdr.exe, version 7.0.0.1628, fault address 0x00050c26.

Error - 10/5/2008 7:49:52 PM | Computer Name = STUARTS3 | Source = Application Error | ID = 1000

Description = Faulting application pdr.exe, version 7.0.0.1628, faulting module

pdr.exe, version 7.0.0.1628, fault address 0x00050c26.

Error - 10/5/2008 7:54:05 PM | Computer Name = STUARTS3 | Source = Application Error | ID = 1000

Description = Faulting application pdr.exe, version 7.0.0.1628, faulting module

pdr.exe, version 7.0.0.1628, fault address 0x00050c26.

Error - 10/5/2008 9:02:09 PM | Computer Name = STUARTS3 | Source = Application Hang | ID = 1002

Description = Hanging application Studio.exe, version 12.0.0.6163, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 11/11/2008 11:36:01 PM | Computer Name = STUARTS3 | Source = Application Error | ID = 1000

Description = Faulting application mbam-setup.exe, version 1.30.0.0, faulting module

mbam-setup.exe, version 1.30.0.0, fault address 0x00009a58.

Error - 11/11/2008 11:38:22 PM | Computer Name = STUARTS3 | Source = Application Error | ID = 1000

Description = Faulting application mbam-setup.exe, version 1.30.0.0, faulting module

mbam-setup.exe, version 1.30.0.0, fault address 0x00009a58.

Error - 11/12/2008 4:08:21 AM | Computer Name = STUARTS3 | Source = Application Error | ID = 1000

Description = Faulting application antiviruspro2009.exe, version 0.0.0.0, faulting

module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/12/2008 5:06:42 AM | Computer Name = STUARTS3 | Source = Application Error | ID = 1000

Description = Faulting application smitfraudfix.exe, version 0.0.0.0, faulting module

smitfraudfix.exe, version 0.0.0.0, fault address 0x00001000.

Error - 11/12/2008 5:07:11 AM | Computer Name = STUARTS3 | Source = Application Error | ID = 1000

Description = Faulting application smitfraudfixtest.exe, version 0.0.0.0, faulting

module smitfraudfixtest.exe, version 0.0.0.0, fault address 0x00001000.

Error - 11/12/2008 5:08:31 AM | Computer Name = STUARTS3 | Source = Application Error | ID = 1000

Description = Faulting application smitfraudfixtest.exe, version 0.0.0.0, faulting

module smitfraudfixtest.exe, version 0.0.0.0, fault address 0x00001000.

[ System Events ]

Error - 11/12/2008 5:25:52 AM | Computer Name = STUARTS3 | Source = WMPNetworkSvc | ID = 866312

Description = A new media server was not initialized because WMCreateDeviceRegistration()

encountered error '0xc00d2711'. The Windows Media DRM components on your computer

might be corrupted. Verify that protected files play correctly in Windows Media

Player, and then restart the WMPNetworkSvc service.

Error - 11/12/2008 5:25:53 AM | Computer Name = STUARTS3 | Source = WMPNetworkSvc | ID = 866312

Description = A new media server was not initialized because WMCreateDeviceRegistration()

encountered error '0xc00d2711'. The Windows Media DRM components on your computer

might be corrupted. Verify that protected files play correctly in Windows Media

Player, and then restart the WMPNetworkSvc service.

Error - 11/12/2008 6:11:24 AM | Computer Name = STUARTS3 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 11/12/2008 6:11:31 AM | Computer Name = STUARTS3 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/12/2008 6:11:31 AM | Computer Name = STUARTS3 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/12/2008 6:11:37 AM | Computer Name = STUARTS3 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/12/2008 6:12:52 AM | Computer Name = STUARTS3 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/12/2008 6:13:59 AM | Computer Name = STUARTS3 | Source = Service Control Manager | ID = 7000

Description = The Sntnlusb service failed to start due to the following error: %%2

Error - 11/12/2008 6:13:59 AM | Computer Name = STUARTS3 | Source = WMPNetworkSvc | ID = 866312

Description = A new media server was not initialized because WMCreateDeviceRegistration()

encountered error '0xc00d2711'. The Windows Media DRM components on your computer

might be corrupted. Verify that protected files play correctly in Windows Media

Player, and then restart the WMPNetworkSvc service.

Error - 11/12/2008 6:14:00 AM | Computer Name = STUARTS3 | Source = WMPNetworkSvc | ID = 866312

Description = A new media server was not initialized because WMCreateDeviceRegistration()

encountered error '0xc00d2711'. The Windows Media DRM components on your computer

might be corrupted. Verify that protected files play correctly in Windows Media

Player, and then restart the WMPNetworkSvc service.

< End of report >

Link to post
Share on other sites

I got caught with this as well, I went to look at a non porn video on the net and the next thing I get is a blue screen telling me ive had a critical problem and need to reboot. The blue screen is similar to the one used by xp antivirus 2008, but instead dumping the physical memory on reboot it is altering windows in a very bad way.

When I went back into safe mode it would not let me run mbam. I did a search in the registry for av09 and removed some enteries, then did a system recovery, this allowed me to run mbam and remove some of the infection.

blue screen Picture -

b28b83386085282894430da37ecddd9f.JPG

The one thing that distrubs me about this infection is, when i went to the windows update site it said I could not download any updates because the "back ground intelligent transfer service is not running, please start it and come back"

I did this and downloaded the security update from the site. Only one of two things could have happened the infection altered the settings and everything is ok now or the site conned me into starting the services and what I actually installed was not an official microsoft security update although i was ont the update site.

Someone really need to get a hold of these people what there doing is simply illegal.

Malware bytes did pick up alot of it but im not convinced it has removed it all ( I am a lover of your software)

I think i have saved some of my system but when I boot up the windows firewall icon that usually appears in the system tray is not there and this I havent found out how to start it yet.

Link to post
Share on other sites

Sorry, I already fixed the computer. The bootable anti-virus cd cleaned up the computer enough for me to run mbaum and everything looks clear now. Thanks for all your help!

Hi Frank,

Apologies for the low-tech question, but was this one of the fixes suggested in the thread? I think I'm having the same problem: http://www.malwarebytes.org/forums/index.php?showtopic=7447

Thanks, and glad to hear your system is back!

Link to post
Share on other sites

Had this on my laptop yesterday. The fix that worked for me was downloading the Avira Rescue cd @ http://www.free-av.de/en/tools/12/avira_an...cue_system.html

You burn it onto a cd, which boots up when you restart (instead of windows booting up)

Follow the instructions on the cd. It didn't clear up all my issues but it allowed me to at least get malwarebytes running again, which then found (hopefully) all the rest of my problems.

Good luck everybody. Hopefully this works for you too

Link to post
Share on other sites

Hi Frank,

Apologies for the low-tech question, but was this one of the fixes suggested in the thread? I think I'm having the same problem: http://www.malwarebytes.org/forums/index.php?showtopic=7447

Thanks, and glad to hear your system is back!

I used http://www.free-av.de/en/tools/12/avira_an...cue_system.html which was suggested before. I then was able to install the malware tool and update it to the latest version.

Link to post
Share on other sites

This is what I had to do to get it to work:

Renamed installer

after renaming the installer it installed fine.

Installed the offline database installer.

I renamed this just to be safe.

Renamed the executable in the Malwarebytes directory.

It executed, and ran fine.

-Midnight-

Whatever I had before, renaming the installer didnt help. I think it disabled the running of .msi files.

Link to post
Share on other sites

Very strange... We are looking into the malware which is blocking us from being loaded. If any of you have it in the future, please try doing this and post back your results:

Please download the following scanning tool. GMER

  • Open the zip file and copy the file
    gmer.exe
    to your Desktop.
  • Double click on
    gmer.exe
    and run it.

  • It may take a minute to load and become available.

  • Do not make any changes. Click on the
    SCAN
    button and DO NOT use the computer while it's scanning.

  • Once the scan is done click on the
    SAVE
    button and browse to your Desktop and save the file as
    GMER.LOG

  • Zip up the
    GMER.LOG
    file and save it as
    gmerlog.zip
    and attach it to your reply post.

  • DO NOT
    directly post this log into a reply. You
    MUST
    attach it as a
    .ZIP
    file.

  • Click OK and quit the GMER program.

http://windowshelp.microsoft.com/windows/en-us/help/7050d809-c761-43d4-aae7-587550cd341a1033.mspx' rel="external nofollow">
Link to post
Share on other sites

I used http://www.free-av.de/en/tools/12/avira_an...cue_system.html which was suggested before. I then was able to install the malware tool and update it to the latest version.

Sheesh, I must be an idiot. I burned and footed from a cd but can't get off German onto English. I scanned but got lost from there. How do I get the "X" from deutsch to english?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.