Inactive reboot loop

kjvinson · 2010/10/20

[Inactive] reboot loop

I was told by Broni to post my two logs here.
Ref: http://www.windowsbbs.com/windows-xp/95728-reboot-loop.html#post535682

DDS (Ver_10-10-10.03) - NTFSx86
Run by Owner at 17:36:08.61 on Wed 10/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.172 [GMT -7:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\CA\eTrust Internet Security Suite\casc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-7.0.0.517\QOELoader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CA\eTrust Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner.YOUR-BBD3C46115\Local Settings\Temporary Internet Files\Content.IE5\XGIGW13W\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60001
uSearch Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer provided by CenturyTel
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer provided by CenturyTel
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60001
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60001
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - No File
BHO: : {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - c:\program files\starware316\bin\Starware316.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\etrust internet security suite\ca website inspector\toolbar\CallingIDIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: Starware Screensavers Toolbar: {1962c5bc-e475-465b-823b-133e711bceb9} - c:\program files\starware316\bin\Starware316.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\etrust internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: ShopperReports: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program files\shoppingreport\bin\2.0.21\ShoppingReport.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe "
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [CHotkey] zHotkey.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe "
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe "
mRun: [cctray] c:\program files\ca\etrust internet security suite\casc.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [CAVRID] "c:\program files\ca\etrust internet security suite\ca anti-virus\CAVRID.exe "
mRun: [cafw] c:\program files\ca\etrust internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\etrust internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\etrust internet security suite\ca personal firewall\capfupgrade.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [CAPPActiveProtection] "c:\program files\ca\etrust internet security suite\etrust pestpatrol anti-spyware\CAPPActiveProtection.exe "
mRun: [QOELOADER] "c:\program files\ca\etrust internet security suite\etrust anti-spam\qsp-7.0.0.517\QOELoader.exe "
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} -
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} -
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: adobe.com\kb
Trusted Zone: bigfishgames.com\www
Trusted Zone: digg.com\www
Trusted Zone: facebook.com\login
Trusted Zone: gamehouse.com\www
Trusted Zone: hgtv.com\www
Trusted Zone: yahoo.com\login
Trusted Zone: yahoo.com\us.mg4.mail
Trusted Zone: yahoo.com\www
Trusted Zone: yahoo.com\www.us.mg4.mail
Trusted Zone: yahoo.com\www.us.my4.mail
Trusted Zone: yahoomail.com\www
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Jewel%20Quest%203/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://cdn.ll.neoedge.com/webgames/MysteryOfSharkIsland/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155069897656
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155092612015
DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - hxxp://www.bigfishgames.com/online/mysterysolitairese/SpinTopGamesLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} - hxxp://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Christmasville/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://spinpalace.microgaming.com/spinpalace/FlashAX.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.gamesville.com/online/online2/zuma/popcaploader_v5.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PFW - UmxWnp.Dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\etrust internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-6-8 108024]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-4-1 73720]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2009-4-28 55288]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2009-6-8 115704]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2010-8-7 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2010-8-7 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2010-8-7 739696]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2010-8-7 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2010-8-7 161008]
R2 CAISafe;CAISafe;c:\program files\ca\etrust internet security suite\ca anti-virus\isafe.exe [2008-7-22 144696]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\etrust internet security suite\ccschedulersvc.exe [2010-8-7 128240]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2009-6-8 145912]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2009-3-27 58872]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-4-1 875000]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-6-15 760664]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-4-1 207352]
R2 VETMSGNT;VET Message Service;c:\program files\ca\etrust internet security suite\ca anti-virus\vetmsg.exe [2008-7-22 288080]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-4-1 205304]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\etrust internet security suite\etrust pestpatrol anti-spyware\PPCtlPriv.exe [2007-5-8 222544]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2010-8-7 133520]
S2 gupdate1c98e60d75cb278;Google Update Service (gupdate1c98e60d75cb278);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]
S3 MMIndexer;Media Manager Indexer;c:\program files\common files\microsoft shared\media manager\AIRSVCU.EXE [1997-8-4 136704]

=============== Created Last 30 ================

2010-10-13 02:49:14 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-10-13 02:49:14 -------- d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2010-09-15 11:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-08 01:48:09 111952 ----a-w- c:\windows\system32\isafprod.dll
2008-02-16 07:05:13 774144 ----a-w- c:\program files\RngInterstitial.dll

============= FINISH: 17:37:50.03 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/3/2006 8:15:40 PM
System Uptime: 10/16/2010 12:56:49 PM (101 hours ago)

Motherboard: MICRO-STAR | | MS-7184
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2188/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 182 GiB total, 155.84 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.41 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP590: 8/1/2010 12:20:18 PM - System Checkpoint
RP591: 8/7/2010 4:33:45 PM - Software Distribution Service 3.0
RP592: 8/7/2010 6:14:31 PM - Installed CA Parental Controls
RP593: 8/8/2010 4:39:19 PM - Removed HPSU306Stub
RP594: 8/8/2010 6:00:23 PM - Software Distribution Service 3.0
RP595: 8/8/2010 6:25:13 PM - Installed Windows XP -- Software Updates KB952011.
RP596: 8/10/2010 7:08:51 PM - System Checkpoint
RP597: 8/14/2010 3:32:33 PM - System Checkpoint
RP598: 8/14/2010 4:53:11 PM - Installed Java(TM) 6 Update 21
RP599: 8/14/2010 4:54:58 PM - Software Distribution Service 3.0
RP600: 8/15/2010 8:44:15 PM - Removed CA Parental Controls
RP601: 8/20/2010 2:11:16 PM - System Checkpoint
RP602: 8/28/2010 11:27:04 AM - System Checkpoint
RP603: 9/3/2010 10:12:31 AM - System Checkpoint
RP604: 9/11/2010 2:25:18 PM - Installed Connect Service
RP605: 9/11/2010 4:26:31 PM - Software Distribution Service 3.0
RP606: 9/20/2010 5:25:13 PM - Software Distribution Service 3.0
RP607: 10/10/2010 2:29:47 PM - Software Distribution Service 3.0
RP608: 10/11/2010 12:39:47 PM - Software Distribution Service 3.0
RP609: 10/11/2010 5:34:39 PM - Restore Operation
RP610: 10/12/2010 6:43:58 PM - Software Distribution Service 3.0
RP611: 10/12/2010 7:12:01 PM - Restore Operation
RP612: 10/12/2010 7:59:00 PM - Software Distribution Service 3.0
RP613: 10/12/2010 8:06:08 PM - Software Distribution Service 3.0
RP614: 10/15/2010 12:35:23 PM - Software Distribution Service 3.0
RP615: 10/16/2010 2:17:37 PM - System Checkpoint
RP616: 10/16/2010 3:50:55 PM - Installed Java(TM) 6 Update 22
RP617: 10/17/2010 4:01:17 PM - System Checkpoint
RP618: 10/18/2010 5:01:19 PM - System Checkpoint
RP619: 10/19/2010 6:02:26 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe® Photoshop® Album Starter Edition 3.2
Alchemy Deluxe 1.6
Amazing Adventures: Around the World
Amazing Adventures: The Lost Tomb (remove only)
Ancient Tri-Jong (remove only)
Ancient Tripeaks (remove only)
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avery® Wizard 2.1 for Microsoft® Office Word 2003
Azada
B209a-m
Bejeweled 2 Deluxe 1.0
Big Fish Games Client
Blood Ties
Bonjour
BufferChm
Business Cards
Business Legal Forms
Butterfly Escape
CA Anti-Spam
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Personal Firewall
CA Pest Patrol Realtime Protection
CA Website Inspector
Call of Atlantis
CardRd81
Casino Island To Go (remove only)
CCleaner (remove only)
CCScore
ChristmasTheme
Coupon Printer for Windows
CR2
CursorFX
CustomerResearchQFolder
DataBase
Destinations
DeviceDiscovery
DeviceManagementQFolder
Digital Media Reader
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Dream Vacation Solitaire (remove only)
Enchanted Cavern
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
eSupportQFolder
EULAlyzer v1.0
Fishdom
Fractal In Bloom Screen Saver
Fractal Taffeta Screen Saver
G.H.O.S.T. Hunters: The Haunting of Majesty Manor (remove only)
Google Earth
Google Update Helper
GPBaseService2
Great Secrets - Da Vinci
Greeting Cards
Haunted Hotel
Hidden Expedition Titanic (remove only)
Hidden Expedition: Everest (remove only)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 14.0
HP Document Viewer 7.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
HPSSupply
InstantShareDevicesMFC
J2SE Runtime Environment 5.0 Update 11
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Jewel Quest 3
Kodak EasyShare software
Laura Jones and the Gates of Good and Evil
Liong: The Lost Amulets
Lost Fractal Screen Saver
Lottso! Deluxe
Luxor Mahjong (remove only)
MarketResearch
MeggieSoft Games Plus Pack
MeggieSoft Games Rummy 500
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft IntelliPoint 5.3
Microsoft IntelliType Pro 5.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Media Manager 1.5
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office Sounds
Microsoft Plus! Digital Media Edition
Microsoft Plus! for Windows XP
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mirage Driver 1.1
Mortimer Beckett
MSN Toolbar
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Keyboard Driver
Mystery Case Files - Huntsville (remove only)
Mystery Case Files - Prime Suspects (remove only)
Mystery Case Files - Ravenhearst (remove only)
Mystery Case Files®: Dire Groveâ„¢
Mystery Case Files: Madame Fate (remove only)
Mystery Chronicles: Murder Among Friends
Mystery P.I.: The New York Fortune
Napster Burn Engine
Nero BurnRights
Nero OEM
netbrdg
Network
Newsflash
OCR Software by I.R.I.S 7.0
OfotoXMI
PanoStandAlone
Picasa 3
PowerDVD
Pretty Good Solitaire - Additional Card Sets 10.3
Pretty Good Solitaire - Large Suit Card Set 1.0
Pretty Good Solitaire - Medieval Card Set
Pretty Good Solitaire version 12.0.0
PS_AIO_06_B209a-m_SW_Min
QuickTime
QuickTransfer
RealArcade
Realtek AC'97 Audio
Recovery Software Suite eMachines
Sandlot Games Client Services 1.2.2
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SFR
SHASTA
Shop for HP Supplies
skin0001
SKINXSDK
Slingo Supreme
SmartWebPrinting
SoftV92 Data Fax Modem with SmartCP
SolutionCenter
staticcr
Stationery
Status
StumbleUpon IE Toolbar
Sunset Studio
The Rise of Atlantis (remove only)
The Serpent of Isis â„¢
The Sultan's Labyrinth
Toolbox
Totem Treasure 2 Dreamcatcher Dollars
Travelogue 360 Paris (remove only)
TrayApp
Treasures of the Ancient Cavern
Type Stylist
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
ViewSonic Monitor Drivers
VPRINTOL
Weather Services
WebFldrs XP
WebReg
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPatrol 2007
WinPatrol 2007 Restore/Remove First
WinPatrol 2007 Step 2
WIRELESS
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

10/16/2010 12:59:59 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CaCCProvSP service to connect.
10/16/2010 12:59:59 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service CaCCProvSP with arguments " " in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}
10/16/2010 1:03:52 PM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 00000043, parameter3 ebf54b8c, parameter4 ebf54888.
10/16/2010 1:00:00 PM, error: Service Control Manager [7000] - The CaCCProvSP service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/15/2010 12:59:32 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Silverlight (KB2416427).
10/15/2010 12:37:26 PM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 00000404, parameter3 ba7dfc7c, parameter4 ba7df978.
10/15/2010 12:36:20 PM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 82eba008, parameter3 eb11dc7c, parameter4 eb11d978.
10/15/2010 12:30:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PPCtlPriv service to connect.
10/15/2010 12:30:51 PM, error: Service Control Manager [7000] - The PPCtlPriv service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/15/2010 12:30:50 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service PPCtlPriv with arguments " " in order to run the server: {F974178A-A284-440A-BEFC-5B0D11BCDB68}
10/15/2010 12:27:06 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
10/14/2010 7:41:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
10/14/2010 7:41:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/14/2010 7:34:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments " " in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
10/14/2010 7:32:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec KmxAgent KmxFile KmxFw KmxStart NetBT Processor RasAcd ssmdrv Tcpip VET-FILT VET-REC VETEFILE VETMONNT
10/14/2010 7:32:24 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/14/2010 7:32:24 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/14/2010 7:32:24 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/14/2010 7:32:24 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/14/2010 7:32:24 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/14/2010 7:32:24 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================

broni · 2010/10/21

Welcome aboard

I was told, that your computer is in constant loop, so I need to know, how you're able to run DDS.

kjvinson · 2010/10/21

Complete history is here:http://www.windowsbbs.com/windows-xp/95728-reboot-loop.html
somehow the system recovered from a serious error, I haven't shut the computer off since,
that was Monday.

broni · 2010/10/21

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

kjvinson · 2010/10/21

broni,
This is the mbam log, step 1 completed!
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4907

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/21/2010 7:14:48 PM
mbam-log-2010-10-21 (19-14-48).txt

Scan type: Quick scan
Objects scanned: 146685
Time elapsed: 17 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 52
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 89

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a84e835e-1b9c-4fc0-980f-4b2da3c6a2a7} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ab3dfa03-f743-4302-81dd-c370bffeca23} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a84e835e-1b9c-4fc0-980f-4b2da3c6a2a7} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spam Blocker (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\FunWebProducts\Shared\0056D416.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Config\6to4nt.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\explore.exe (Backdoor.SpyNet) -> Delete on reboot.
C:\WINDOWS\system32\Config\firewall.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\Config\htco.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\Config\messenger.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\mswinsck.ocx (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\Config\RealtekAC.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\sam10.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Services.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\svchost.exe (Trojan.StartPage) -> Delete on reboot.
C:\WINDOWS\system32\Config\sys\IExplorerr.exe (Trojan.Banker) -> Delete on reboot.
C:\WINDOWS\system32\Config\sys\mediaplayer.exe (Trojan.Banker) -> Delete on reboot.
C:\WINDOWS\system32\Config\sysrun.exe (Password.Stealer) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Application Data\apiqfw.dat (Malware.Trace) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\application data\mcrupdate.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\application data\pcant.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\application data\pkz.ini (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\application data\printer.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\cftmon.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\ftpdll.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\ntload.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\kufwin32.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\wuaucldt.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\updater.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\Config\Win.exe (IM.Worm) -> Delete on reboot.
C:\WINDOWS\system32\Config\Windows.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\repair\1sass.exe (Backdoor.Agent) -> Delete on reboot.
C:\WINDOWS\repair\IExp1orer.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\repair\kasutio (Rootkit.Rustock) -> Delete on reboot.
C:\WINDOWS\repair\loprt.cmd (Worm.AutoRun) -> Delete on reboot.
C:\WINDOWS\repair\Mirror.exe (Worm.AutoRun) -> Delete on reboot.
C:\WINDOWS\repair\sql.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\repair\whw.exe (Misussed.Legit) -> Delete on reboot.
C:\WINDOWS\system32\Config\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

broni · 2010/10/21

Go on....

kjvinson · 2010/10/25

broni,
I downloaded and ran GMER, it ran for about 15 minutes then a warning sign came up saying "unable to save data file" and the screen went black and began to reboot. The reboot loop began so on the next loop I got it into safe mode and ran the GMER program. It froze on my screen and a sign came up and said "non-responsive ". I shut it down, I had to do a hard shut down. Next day I turned computer back on, it began to load got as far as the black screen with the XP Logo and stopped loading. I finally did a hard shut down and haven't turned it back on since.

broni · 2010/10/25

Try to boot again.
If successful, skip GMER, run MBRCheck.

If not successful, try Safe Mode and MBRCheck.

If you can't boot in any mode...

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.

kjvinson · 2010/10/26

I rebooted in safe mode and restored back to last Sunday. It worked kind of. When it started loading I got two error messages:
winlogon.exe unable to locate and
The application failed to start because CA HOOK.dll was not found. Re-installing the application may fix the problem.
Everything loaded okay anyway.
I ran the MBRCheck:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000007fd

Kernel Drivers (total 192):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7AFA000 \WINDOWS\system32\KDCOM.DLL
0xF7A0A000 \WINDOWS\system32\BOOTVID.dll
0xF74CB000 ACPI.sys
0xF7AFC000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74BA000 pci.sys
0xF75FA000 isapnp.sys
0xF7BC2000 pciide.sys
0xF787A000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7AFE000 aliide.sys
0xF7B00000 cmdide.sys
0xF7B02000 toside.sys
0xF7B04000 viaide.sys
0xF7B06000 intelide.sys
0xF760A000 MountMgr.sys
0xF749B000 ftdisk.sys
0xF7B08000 dmload.sys
0xF7475000 dmio.sys
0xF7882000 PartMgr.sys
0xF761A000 VolSnap.sys
0xF7A0E000 cpqarray.sys
0xF745D000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7445000 atapi.sys
0xF7A12000 aha154x.sys
0xF788A000 sparrow.sys
0xF7A16000 symc810.sys
0xF762A000 aic78xx.sys
0xF7A1A000 dac960nt.sys
0xF763A000 ql10wnt.sys
0xF7A1E000 amsint.sys
0xF7892000 asc.sys
0xF7A22000 asc3550.sys
0xF789A000 mraid35x.sys
0xF78A2000 i2omp.sys
0xF7A26000 ini910u.sys
0xF764A000 ql1240.sys
0xF765A000 aic78u2.sys
0xF78AA000 symc8xx.sys
0xF78B2000 sym_hi.sys
0xF78BA000 sym_u3.sys
0xF78C2000 ABP480N5.SYS
0xF78CA000 asc3350p.sys
0xF7B0A000 cd20xrnt.sys
0xF766A000 ultra.sys
0xF742C000 adpu160m.sys
0xF78D2000 dpti2o.sys
0xF767A000 ql1080.sys
0xF768A000 ql1280.sys
0xF769A000 ql12160.sys
0xF78DA000 perc2.sys
0xF7B0C000 perc2hib.sys
0xF78E2000 hpn.sys
0xF7A2A000 cbidf2k.sys
0xF7400000 dac2w2k.sys
0xF76AA000 disk.sys
0xF76BA000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73E0000 fltmgr.sys
0xF73CE000 sr.sys
0xF76CA000 PxHelp20.sys
0xF73B7000 KSecDD.sys
0xF732A000 Ntfs.sys
0xF72FD000 NDIS.sys
0xF76DA000 sisagp.sys
0xF76EA000 viaagp.sys
0xF76FA000 ohci1394.sys
0xF770A000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF72E3000 Mup.sys
0xF72C2000 kmxstart.sys
0xF771A000 agp440.sys
0xF772A000 alim1541.sys
0xF773A000 amdagp.sys
0xF774A000 agpCPQ.sys
0xF782A000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7252000 \SystemRoot\system32\DRIVERS\processr.sys
0xF6AEC000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6AD8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF79F2000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6AB4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79FA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7242000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7232000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7222000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6A91000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6A5B000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF695C000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF68B4000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7A02000 \SystemRoot\System32\Drivers\Modem.SYS
0xF68A2000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xF666C000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6648000 \SystemRoot\system32\drivers\portcls.sys
0xF777A000 \SystemRoot\system32\drivers\drmk.sys
0xF791A000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6634000 \SystemRoot\system32\DRIVERS\parport.sys
0xF6CFA000 \SystemRoot\system32\DRIVERS\dfmirage.sys
0xF7D2F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6CEA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AEA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF661D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6CDA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6CCA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7922000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF660C000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6CBA000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF792A000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7932000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF65DC000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF6CAA000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF793A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7942000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B30000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF657E000 \SystemRoot\system32\DRIVERS\update.sys
0xF71F2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6C6A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF778A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B32000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF6FBE000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xEE481000 \SystemRoot\System32\DRIVERS\kmxagent.sys
0xF6FB2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF77CA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF794A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xEE422000 \SystemRoot\System32\DRIVERS\kmxcfg.sys
0xEE411000 \SystemRoot\System32\DRIVERS\KmxFile.sys
0xF7CBE000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7CBF000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xEE3A1000 \SystemRoot\System32\DRIVERS\kmxfw.sys
0xF6FAA000 \SystemRoot\System32\Drivers\VETFDDNT.SYS
0xF7B38000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xEE2ED000 \SystemRoot\System32\Drivers\VETEFILE.SYS
0xF7AAA000 \SystemRoot\System32\Drivers\VET-REC.SYS
0xF797A000 \SystemRoot\System32\Drivers\VET-FILT.SYS
0xEE2C7000 \SystemRoot\System32\Drivers\VETMONNT.SYS
0xEE2A7000 \SystemRoot\System32\Drivers\VETEBOOT.SYS
0xF7CAC000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B4E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7962000 \SystemRoot\System32\drivers\vga.sys
0xF7B5E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B6A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7972000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7982000 \SystemRoot\System32\Drivers\Npfs.SYS
0xEE556000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE274000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE1F3000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE1CB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE1A5000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEE183000 \SystemRoot\System32\drivers\afd.sys
0xF780A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7992000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF781A000 \SystemRoot\System32\Drivers\Fips.SYS
0xF783A000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF799A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF79A2000 \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys
0xEE15F000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF79B2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF79BA000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xF786A000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xEE0E4000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xEE471000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF79C2000 \SystemRoot\system32\DRIVERS\point32.sys
0xEE46D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xEE469000 \SystemRoot\system32\DRIVERS\sfloppy.sys
0xEE465000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF79CA000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF79D2000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF72B2000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xEE461000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xEE07C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BAA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7ACE000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79DA000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CFD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF093000 \SystemRoot\System32\atikvmag.dll
0xBF0C9000 \SystemRoot\System32\ati3duag.dll
0xBF34D000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEBE2A000 \SystemRoot\System32\DRIVERS\KmxSbx.sys
0xEBE3C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEBA3D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B5C000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEB5DE000 \SystemRoot\System32\DRIVERS\KmxCF.sys
0xEB587000 \SystemRoot\system32\DRIVERS\srv.sys
0xEB625000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEB0EA000 \SystemRoot\system32\drivers\wdmaud.sys
0xEB1FF000 \SystemRoot\system32\drivers\sysaudio.sys
0xEB89D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7199000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA27C000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
564 C:\WINDOWS\system32\smss.exe
988 csrss.exe
1208 C:\WINDOWS\system32\winlogon.exe
1460 C:\WINDOWS\system32\services.exe
1520 C:\WINDOWS\system32\lsass.exe
1052 C:\WINDOWS\system32\ati2evxx.exe
1088 C:\WINDOWS\system32\svchost.exe
1572 svchost.exe
1900 C:\WINDOWS\system32\svchost.exe
508 svchost.exe
872 svchost.exe
1596 C:\WINDOWS\system32\spoolsv.exe
1752 C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
1796 C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
528 C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
628 C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
776 svchost.exe
1624 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1808 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1972 C:\Program Files\Bonjour\mDNSResponder.exe
392 C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\isafe.exe
724 C:\Program Files\CA\eTrust Internet Security Suite\ccschedulersvc.exe
1616 C:\WINDOWS\ehome\ehRecvr.exe
1988 C:\WINDOWS\ehome\ehSched.exe
800 C:\WINDOWS\system32\svchost.exe
1412 C:\WINDOWS\system32\svchost.exe
644 C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
900 C:\Program Files\Java\jre6\bin\jqs.exe
340 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1976 C:\WINDOWS\system32\svchost.exe
560 C:\WINDOWS\system32\svchost.exe
2328 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
2480 C:\WINDOWS\system32\svchost.exe
2896 C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\vetmsg.exe
2564 C:\WINDOWS\system32\dllhost.exe
2980 C:\WINDOWS\system32\ati2evxx.exe
2360 alg.exe
3692 C:\WINDOWS\explorer.exe
2772 C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
4052 C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
2800 C:\WINDOWS\system32\wuauclt.exe
3584 C:\WINDOWS\ehome\ehtray.exe
2500 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
2936 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
1968 C:\WINDOWS\ehome\ehmsas.exe
2488 C:\WINDOWS\zHotkey.exe
996 C:\WINDOWS\SOUNDMAN.EXE
2068 C:\Program Files\Microsoft IntelliPoint\point32.exe
848 C:\Program Files\Microsoft IntelliType Pro\type32.exe
1000 C:\Program Files\CA\eTrust Internet Security Suite\casc.exe
3324 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
3968 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
2204 C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\cavrid.exe
2728 C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
3424 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
1356 C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
3812 C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-7.0.0.517\QOELoader.exe
4004 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3860 C:\WINDOWS\system32\ctfmon.exe
2144 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
4088 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
1176 C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe
1152 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3292 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
3504 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
2300 C:\Documents and Settings\Owner.YOUR-BBD3C46115\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`09b93c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD2000BB-22GUC0, Rev: 08.02D08

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Gateway MBR code detected
SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD

Done!
I am going to create a bootable CD for a backup and I won't be turning my computer off.
That's all for now, Thank You!

broni · 2010/10/26

Using system restore was a bad idea, at least without asking me first.
In one of my previous posts, I clearly said:

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Click to expand...

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Under the Custom Scan box paste this in:

/md5start
winlogon.exe
/md5stop

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.

broni · 2010/10/31

Are you still out there?

kjvinson · 2010/10/31

Yes I am still here. Life was demanding my attention.
I plan on proceeding to the OTLPE step this evening.
Sorry about the restore, I have not made any changes since.

kjvinson · 2010/10/31

broni,
I just created the boot CD then I rebooted.
Computer began to reboot, I did an F10 went into Bios Boot set first boot as CD-Rom.
Computer completely booted up, but to regular desktop not the REATOGO-X-PE desktop.
What did I do wrong?
kjvinson

broni · 2010/10/31

Possibly bad download, or bad burn.
If you have another computer, see if the CD you just made will boot there.

kjvinson · 2010/10/31

My OTL.txt file
OTL logfile created on: 10/31/2010 7:25:12 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 648.00 Mb Available Physical Memory | 72.00% Memory free
806.00 Mb Paging File | 690.00 Mb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.15 Gb Total Space | 155.47 Gb Free Space | 85.36% Space Free | Partition Type: NTFS
Drive I: | 4.14 Gb Total Space | 2.41 Gb Free Space | 58.16% Space Free | Partition Type: FAT32
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2010/08/07 21:48:10 | 000,259,312 | ---- | M] (CA, Inc.) [On_Demand] -- C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2010/08/07 21:48:09 | 000,128,240 | ---- | M] (Computer Associates International, Inc.) [Auto] -- C:\Program Files\CA\eTrust Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2010/08/07 21:48:08 | 000,288,080 | ---- | M] (CA, Inc.) [Auto] -- C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)
SRV - [2010/08/07 21:48:07 | 000,222,544 | ---- | M] (CA, Inc.) [On_Demand] -- C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)
SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/29 16:49:14 | 000,283,888 | ---- | M] (CA, Inc.) [Auto] -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2009/06/15 14:32:26 | 000,760,664 | ---- | M] (CA) [Auto] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2009/06/08 14:02:02 | 000,154,104 | ---- | M] (CA) [Auto] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2009/04/01 13:45:52 | 000,875,000 | ---- | M] (CA) [Auto] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2009/04/01 13:45:52 | 000,207,352 | ---- | M] (CA) [Auto] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2007/12/04 14:47:38 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) [Auto] -- C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)
SRV - [2006/02/08 21:34:51 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)

========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/08/07 21:48:09 | 000,739,696 | ---- | M] (Computer Associates International, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE)
DRV - [2010/08/07 21:48:09 | 000,161,008 | ---- | M] (Computer Associates International, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2010/08/07 21:48:09 | 000,133,520 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT)
DRV - [2010/08/07 21:48:09 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2010/08/07 21:48:09 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2010/08/07 21:48:09 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC)
DRV - [2009/06/08 14:02:04 | 000,145,912 | ---- | M] (CA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2009/06/08 14:02:04 | 000,115,704 | ---- | M] (CA) [Kernel | System] -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw)
DRV - [2009/06/08 14:02:02 | 000,108,024 | ---- | M] (CA) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\KmxStart.sys -- (KmxStart)
DRV - [2009/04/28 13:52:46 | 000,055,288 | ---- | M] (CA) [File_System | System] -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2009/04/01 13:45:50 | 000,205,304 | ---- | M] (CA) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2009/04/01 13:45:50 | 000,073,720 | ---- | M] (CA) [File_System | System] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2009/03/27 19:27:04 | 000,058,872 | ---- | M] (CA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2007/03/01 13:34:36 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/02/02 06:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 06:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/02/21 23:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/25 21:43:48 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2005/04/19 14:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/15 21:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/08/04 01:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 18:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 18:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/04/14 02:14:12 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2001/08/17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2001/08/17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2001/08/17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2001/08/17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2001/08/17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2001/08/17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2001/08/17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/08/17 23:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60001
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60001

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner.YOUR-BBD3C46115_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Owner.YOUR-BBD3C46115_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Owner.YOUR-BBD3C46115_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Owner.YOUR-BBD3C46115_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
IE - HKU\Owner.YOUR-BBD3C46115_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Owner.YOUR-BBD3C46115_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\Owner.YOUR-BBD3C46115_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner.YOUR-BBD3C46115_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\FireFox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CA\eTrust Internet Security Suite\CA Website Inspector\Toolbar\Firefox [2010/08/07 21:16:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\FireFox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\eTrust Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox [2010/08/07 21:16:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\FireFox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/08 19:38:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\eTrust Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox [2010/08/07 21:16:13 | 000,000,000 | ---D | M]

[2009/02/10 00:58:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/16 03:05:15 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: ([2004/08/10 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (no name) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - No CLSID value found.
O2 - BHO: () - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware316\bin\Starware316.dll File not found
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\eTrust Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\eTrust Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (Starware Screensavers Toolbar) - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware316\bin\Starware316.dll File not found
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\Owner.YOUR-BBD3C46115_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Owner.YOUR-BBD3C46115_ON_C\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\eTrust Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKU\Owner.YOUR-BBD3C46115_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [cafw] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [CAPPActiveProtection] C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\eTrust Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [QOELOADER] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-7.0.0.517\QOELoader.exe (CA)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKU\Owner.YOUR-BBD3C46115_ON_C..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner.YOUR-BBD3C46115_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - Reg Error: Key error. File not found
O9 - Extra Button: - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - Reg Error: Key error. File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jewel%20Quest%203/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} http://cdn.ll.neoedge.com/webgames/MysteryOfSharkIsland/MysteryOfSharkIslandWeb.1.0.0.8.cab (CPlayFirstmsiControl Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155069897656 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155092612015 (MUWebControl Class)
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} http://www.bigfishgames.com/online/mysterysolitairese/SpinTopGamesLauncher.cab (SpinTop Games Launcher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10 (AstoundLauncher Control)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Christmasville/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://spinpalace.microgaming.com/spinpalace/FlashAX.cab (FlashXControl Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://download.gamesville.com/online/online2/zuma/popcaploader_v5.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CA\eTrust Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/13 13:20:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - I:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{be61a211-990a-11da-a582-806d6172696f}\Shell - " " = AutoRun
O33 - MountPoints2\{be61a211-990a-11da-a582-806d6172696f}\Shell\AutoRun - " " = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/27 01:13:35 | 127,353,979 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Desktop\OTLPENet.exe
[2010/10/26 15:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\Gamevance
[2010/10/26 15:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\FunWebProducts
[2010/10/21 21:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Malwarebytes
[2010/10/21 21:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/16 18:51:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/16 18:51:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/16 18:51:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/11 21:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2008/02/16 03:05:22 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/31 20:50:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/31 20:12:43 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2151DB9F-0392-490D-B4BD-7F259D729D36}.job
[2010/10/31 18:26:37 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/31 18:26:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/31 18:25:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/31 18:23:02 | 000,735,108 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/10/31 18:23:02 | 000,000,156 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/10/31 18:23:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/10/31 18:23:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/10/31 18:23:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/10/31 18:23:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/10/31 18:23:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/10/31 18:23:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/10/31 18:23:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/10/31 18:23:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/10/31 18:23:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/10/31 18:23:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/10/31 18:23:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/10/31 18:23:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/10/31 18:23:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/10/31 18:23:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/10/31 17:37:40 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Desktop\Microsoft Office Outlook 2003.lnk
[2010/10/27 01:13:42 | 127,353,979 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Desktop\OTLPENet.exe
[2010/10/26 16:17:51 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Desktop\MBRCheck.exe
[2010/10/18 23:18:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/16 15:32:51 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/11 15:56:14 | 000,445,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/11 15:56:14 | 000,021,438 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/10 17:32:24 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/26 16:17:51 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Desktop\MBRCheck.exe
[2008/07/22 23:08:43 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2008/03/08 00:19:39 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/02/22 00:14:28 | 000,000,081 | ---- | C] () -- C:\WINDOWS\WB.ini
[2007/10/20 04:59:38 | 000,000,063 | ---- | C] () -- C:\WINDOWS\DeskTopBird_K.ini
[2007/09/03 17:33:19 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll
[2007/09/03 17:33:19 | 000,115,712 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll
[2007/09/03 17:33:19 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[2006/08/16 20:45:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/08/09 19:03:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/09 00:08:44 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\vbmgsext.ini
[2006/08/09 00:08:44 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\vbmgsent.ini
[2006/08/08 17:41:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2006/08/08 16:38:33 | 000,000,086 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2006/08/06 18:44:34 | 000,000,039 | ---- | C] () -- C:\WINDOWS\mylabels32.INI
[2006/08/06 18:39:21 | 000,000,039 | ---- | C] () -- C:\WINDOWS\bizpub32.INI
[2006/08/06 15:42:21 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\LuResult.txt
[2006/08/06 15:37:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/04 00:50:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\wklnhst.dat
[2006/08/04 00:33:50 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Local Settings\Application Data\fusioncache.dat
[2006/08/03 23:15:54 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/23 20:25:56 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/02/08 21:52:02 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/02/08 21:51:22 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/02/08 21:51:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/02/08 21:48:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/13 15:02:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/13 13:49:24 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/04/13 12:57:05 | 000,001,386 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/04/13 12:57:05 | 000,000,465 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/04/13 06:08:04 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 06:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2006/02/08 21:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2008/09/08 23:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\CallingID
[2007/09/30 23:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\7Wonders
[2007/10/16 22:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Abra Academy2
[2007/10/04 22:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Adesso Systems
[2007/09/08 02:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\AlwaysNeat
[2008/06/27 01:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Ancient Quest of Saqqarah__bfg
[2009/03/30 21:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Big Fish
[2009/12/12 22:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Big Fish Games
[2008/04/01 00:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\BloodTies
[2010/10/31 20:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\CallingID
[2008/03/31 22:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\cerasus.media
[2006/09/04 16:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\EA
[2008/07/16 21:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\EnchantedCavern
[2008/11/22 00:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Flood Light Games
[2007/04/17 21:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\FloodLightGames
[2007/09/18 23:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\ForgottenRiddles
[2008/10/02 22:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\funkitron
[2007/09/08 02:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\GameHouse
[2009/02/28 00:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Genimo
[2009/02/10 00:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\GetRightToGo
[2007/01/27 16:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Goodsol
[2009/02/10 03:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\IOMediaSupport6SZZ001s
[2009/02/12 02:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\iWin
[2008/08/15 22:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\JewelMatch2
[2006/08/08 16:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Leadertech
[2007/03/24 02:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Magic Academy
[2008/07/01 21:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Meridian93
[2006/08/08 18:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\MSNInstaller
[2007/09/27 01:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\OfficeUpdate12
[2007/09/12 23:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Participatory Culture Foundation
[2007/09/13 20:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\PCF-VLC
[2008/06/21 21:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Playrix Entertainment
[2008/02/24 01:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Pogo Games
[2008/05/07 23:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Restorer
[2006/02/08 21:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\SampleView
[2009/03/30 22:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\SerpentOfIsis
[2009/07/27 21:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Skinux
[2009/02/10 03:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Spinapse
[2007/11/29 02:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\SpinTop
[2008/12/30 00:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\SpinTop Games
[2008/03/08 23:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\SprillBermudeEng
[2008/07/23 02:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\StumbleUpon
[2008/05/31 01:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\SultansLabyrinth
[2009/02/10 03:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Suspects and Clues Players
[2009/02/10 03:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Suspects and Clues Prefs
[2006/08/04 00:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\Template
[2006/08/12 20:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\The Labyrinth Plus! Edition
[2008/09/01 19:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\TMInc
[2007/10/31 01:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\URSE Games
[2007/04/04 23:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BBD3C46115\Application Data\WinPatrol
[2009/07/27 21:00:40 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2010/10/31 20:12:43 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2151DB9F-0392-490D-B4BD-7F259D729D36}.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: WINLOGON.EXE >
[2004/08/10 15:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< End of report >
Now how do I get out of this desktop or do I want to?

broni · 2010/10/31

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL
O2 - BHO: (no name) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - No CLSID value found.
O2 - BHO: () - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware316\bin\Starware316.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\Owner.YOUR-BBD3C46115_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O9 - Extra Button: - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - Reg Error: Key error. File not found
O9 - Extra Button: - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - Reg Error: Key error. File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O33 - MountPoints2\{be61a211-990a-11da-a582-806d6172696f}\Shell - " " = AutoRun
O33 - MountPoints2\{be61a211-990a-11da-a582-806d6172696f}\Shell\AutoRun - " " = Auto&Play
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010/10/31 18:23:02 | 000,735,108 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/10/31 18:23:02 | 000,000,156 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/10/31 18:23:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/10/31 18:23:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/10/31 18:23:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/10/31 18:23:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/10/31 18:23:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/10/31 18:23:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/10/31 18:23:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/10/31 18:23:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/10/31 18:23:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/10/31 18:23:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/10/31 18:23:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/10/31 18:23:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/10/31 18:23:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/10/31 18:23:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2008/07/22 23:08:43 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Attempt to reboot normally into windows.

Let me know how is computer bootup and any current issues.

kjvinson · 2010/10/31

this is the infected computer I'm working on .
I set up the wrong CD-Rom for the Bios Boot when I first to set up the OTLPE
boot. Do I need to copy to the usb anyway?

broni · 2010/10/31

If the infected computer is booting fine, then no.

kjvinson · 2010/10/31

New log:
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\Owner.YOUR-BBD3C46115_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Owner.YOUR-BBD3C46115_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Owner.YOUR-BBD3C46115_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Owner.YOUR-BBD3C46115_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Owner.YOUR-BBD3C46115_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Owner.YOUR-BBD3C46115_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be61a211-990a-11da-a582-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be61a211-990a-11da-a582-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be61a211-990a-11da-a582-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be61a211-990a-11da-a582-806d6172696f}\ not found.
C:\WINDOWS\002991_.tmp deleted successfully.
C:\WINDOWS\DUMPe82e.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\drivers\kmxcfg.u2k0 moved successfully.
C:\WINDOWS\system32\drivers\kmxzone.u2k0 moved successfully.
C:\WINDOWS\system32\drivers\kmxcfg.u2k7 moved successfully.
C:\WINDOWS\system32\drivers\kmxcfg.u2k6 moved successfully.
C:\WINDOWS\system32\drivers\kmxcfg.u2k5 moved successfully.
C:\WINDOWS\system32\drivers\kmxcfg.u2k4 moved successfully.
C:\WINDOWS\system32\drivers\kmxcfg.u2k3 moved successfully.
C:\WINDOWS\system32\drivers\kmxcfg.u2k2 moved successfully.
C:\WINDOWS\system32\drivers\kmxcfg.u2k1 moved successfully.
C:\WINDOWS\system32\drivers\kmxzone.u2k7 moved successfully.
C:\WINDOWS\system32\drivers\kmxzone.u2k6 moved successfully.
C:\WINDOWS\system32\drivers\kmxzone.u2k5 moved successfully.
C:\WINDOWS\system32\drivers\kmxzone.u2k4 moved successfully.
C:\WINDOWS\system32\drivers\kmxzone.u2k3 moved successfully.
C:\WINDOWS\system32\drivers\kmxzone.u2k2 moved successfully.
C:\WINDOWS\system32\drivers\kmxzone.u2k1 moved successfully.
C:\WINDOWS\system32\mkghj.dll moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.43.0 log created on 10312010_201137

broni · 2010/10/31

OK, now I need some update from you.
What are the current issues, especially regarding booting in any mode?

Log in or Sign up

Inactive reboot loop

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

kjvinson Inactive Thread Starter

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive reboot loop

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

kjvinson Inactive Thread Starter

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

kjvinson Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches