bankerfox.A

View previous topic View next topic Go down

bankerfox.A

Post by mikeincali on 2nd June 2010, 6:26 pm

Help yesterday I began getting a bankerfox.A virus it has now suceeded in infecting my entire computer. I cannot go online nor can I even open any programs, such a "Avenger" if I transfer it to a flash drive. I'm on a laptop now. This is how I'm getting onlineto chat.


Last edited by mikeincali on 2nd June 2010, 7:14 pm; edited 1 time in total (Reason for editing : update)

mikeincali
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-06-02
OS OS : windowsxp
Points Points : 23888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bankerfox.A

Post by Belahzur on 2nd June 2010, 8:36 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: bankerfox.A

Post by mikeincali on 2nd June 2010, 8:38 pm

can i do this in safe mode? when i'm in regular mode I can't seem to run any programs as I get the .exe file is infected as soon as I do. The reason why I ask that, is that I have used 3 flash drives now going from laptop to desktop. Once I am on the desk top and unsuccessful I am afraid to put that flash drive back into my lap top, as I will surely be up a creek if my laptop also gets infected. I'm on my last clean flash drive

mikeincali
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-06-02
OS OS : windowsxp
Points Points : 23888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bankerfox.A

Post by mikeincali on 2nd June 2010, 8:59 pm

OTL logfile created on: 6/2/2010 1:48:47 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 516.00 Mb Available Physical Memory | 67.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 183.91 Gb Total Space | 121.28 Gb Free Space | 65.94% Space Free | Partition Type: NTFS
Drive D: | 649.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 3.74 Gb Total Space | 3.73 Gb Free Space | 99.82% Space Free | Partition Type: FAT32

Computer Name: VAIO
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/02 04:36:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/02 04:36:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2008/04/14 08:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (lvprcsrv)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/15 17:38:32 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2006/09/28 17:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/07/10 09:28:14 | 001,826,816 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/07/09 13:27:20 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2004/07/09 13:26:54 | 000,118,877 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -- (VAIO Entertainment File Import Service)
SRV - [2004/07/09 13:19:04 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/07/09 13:17:54 | 000,278,528 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -- (VAIO Entertainment UPnP Client Adapter)
SRV - [2004/06/23 03:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/06/23 03:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/06/16 19:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2004/06/16 19:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/06/16 19:41:06 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2004/03/12 15:18:06 | 000,169,192 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/03/12 15:17:46 | 001,221,864 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/03/12 15:17:10 | 000,029,928 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/03/11 14:58:32 | 000,193,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/02/29 16:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/02/29 16:44:52 | 000,087,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/02/29 16:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2003/10/31 04:48:10 | 001,286,144 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)


========== Driver Services (SafeList) ==========

DRV - [2010/05/28 16:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100528.002\navex15.sys -- (NAVEX15)
DRV - [2010/05/28 16:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100528.002\naveng.sys -- (NAVENG)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/11 20:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/02/18 01:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/12/23 02:46:40 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/12/17 14:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 14:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/17 13:53:44 | 002,686,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/12/17 13:53:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/14 02:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 02:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 02:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2007/02/16 08:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/12/06 11:30:19 | 000,916,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/09/20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2005/09/02 17:49:46 | 000,028,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb2vcom.sys -- (usb2vcom)
DRV - [2005/03/14 13:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2005/02/03 14:45:58 | 000,091,776 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_SYS.sys -- (KMW_SYS)
DRV - [2005/02/03 14:44:54 | 000,005,760 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_KBD.sys -- (KMW_KBD)
DRV - [2005/02/03 14:44:38 | 000,010,496 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2004/11/23 18:13:32 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2004/07/30 09:55:48 | 000,091,830 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0630Vid.sys -- (P0630VID)
DRV - [2004/07/15 11:42:00 | 002,459,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/03 07:47:58 | 000,768,512 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2004/03/12 22:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d346prt.sys -- (d346prt)
DRV - [2004/03/12 22:41:28 | 000,156,800 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d346bus.sys -- (d346bus)
DRV - [2004/03/11 14:58:10 | 000,263,616 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/03/11 14:58:08 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/03/04 23:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/09 15:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 15:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2003/05/24 02:44:00 | 001,171,648 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/03/06 14:23:00 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slz1unic.sys -- (slz1unic) SL Series (WDM)
DRV - [2002/11/18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002/04/09 17:44:22 | 000,039,552 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (ser2pl)
DRV - [2001/08/17 12:49:42 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
DRV - [2001/04/13 15:55:04 | 000,021,510 | ---- | M] ( ) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SCI1PL.SYS -- (USBAtapi2000)
DRV - [2001/04/09 18:34:24 | 000,008,615 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCI0PL.SYS -- (PLSCSI)
DRV - [2000/12/06 07:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


[2010/06/01 08:29:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/01 08:29:03 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: ([2010/06/01 22:40:14 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [asam] C:\Documents and Settings\Mike\Local Settings\Application Data\asam.exe (eSXi)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. ([You must be registered and logged in to see this link.]
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [xkovnvub] C:\Documents and Settings\Mike\Local Settings\Application Data\yeltmfifu\bygtlmptssd.exe (Unhmy)
O4 - HKCU..\Run: [asam] C:\Documents and Settings\Mike\Local Settings\Application Data\asam.exe (eSXi)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Mike\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [xkovnvub] C:\Documents and Settings\Mike\Local Settings\Application Data\yeltmfifu\bygtlmptssd.exe (Unhmy)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-3ER1V.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: RTHDBPL = C:\Documents and Settings\Mikey\Application Data\SystemProc\lsass.exe (Mevwgu)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O16 - DPF: {0cca191d-13a6-4e29-b746-314dee697d83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} [You must be registered and logged in to see this link.] (QDiagHUpdateObj Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [You must be registered and logged in to see this link.] (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/html {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x1024.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x1024.bmp
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/17 01:46:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c25fab1a-4152-11dd-8fa4-0011675ee79c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c25fab1a-4152-11dd-8fa4-0011675ee79c}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{c25fab1a-4152-11dd-8fa4-0011675ee79c}\Shell\phone\command - "" = H:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/02 01:48:27 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/06/01 20:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Malwarebytes
[2010/06/01 01:46:16 | 000,099,584 | ---- | C] (eSXi) -- C:\Documents and Settings\Mike\Local Settings\Application Data\asam.exe
[2010/06/01 01:45:06 | 000,099,584 | ---- | C] (eSXi) -- C:\Documents and Settings\Mike\Local Settings\Application Data\syssvc.exe
[2010/06/01 01:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\yeltmfifu
[2010/05/30 23:32:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\Application Data\SystemProc
[2010/05/30 23:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/28 00:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Fire Pics
[2010/05/26 23:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\May_26_2010
[2010/05/20 01:40:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/20 01:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/20 01:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Apple
[2010/05/20 01:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/20 01:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/17 02:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Nikon
[2010/05/17 02:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/05/17 02:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/05/16 06:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2010/05/16 06:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2010/05/16 06:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/05/16 06:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/12/23 02:58:31 | 000,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys
[2008/12/23 02:58:31 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys
[2007/07/29 04:10:07 | 000,021,510 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI1PL.SYS
[2007/07/29 04:10:07 | 000,008,615 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI0PL.SYS
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\Documents and Settings\Mike\Desktop\*.tmp files -> C:\Documents and Settings\Mike\Desktop\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/02 04:36:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/06/02 01:42:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/02 01:41:10 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/02 01:38:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/02 01:29:57 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mike\ntuser.ini
[2010/06/02 01:29:56 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Mike\NTUSER.DAT
[2010/06/02 01:29:42 | 000,711,168 | ---- | M] () -- C:\WINDOWS\is-3ER1V.exe
[2010/06/02 01:29:42 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-3ER1V.msg
[2010/06/02 01:29:42 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/02 01:29:42 | 000,000,309 | ---- | M] () -- C:\WINDOWS\is-3ER1V.lst
[2010/06/02 01:25:24 | 021,827,584 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\PledgeKeeper 1.14.8.mdb
[2010/06/01 23:17:50 | 000,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/01 23:16:19 | 000,001,127 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/01 22:40:21 | 000,002,244 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/06/01 11:23:33 | 000,002,565 | ---- | M] () -- C:\confin.sys
[2010/06/01 01:45:09 | 000,099,584 | ---- | M] (eSXi) -- C:\Documents and Settings\Mike\Local Settings\Application Data\syssvc.exe
[2010/06/01 01:45:09 | 000,099,584 | ---- | M] (eSXi) -- C:\Documents and Settings\Mike\Local Settings\Application Data\asam.exe
[2010/05/27 11:01:39 | 041,725,952 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Nightroom PledgeKeeper.mdb
[2010/05/27 04:25:26 | 001,963,873 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\yaya 004.jpg
[2010/05/26 01:19:05 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FIRE_Thank you 2010.doc
[2010/05/25 01:03:34 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Generic ads_1.doc
[2010/05/25 00:14:30 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\AG's complaint about Foundation.doc
[2010/05/24 01:15:29 | 018,632,704 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Fred.mdb
[2010/05/21 01:31:48 | 018,632,704 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FIRE Reports.mdb
[2010/05/20 01:05:09 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/20 01:05:09 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/05/19 02:34:21 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\thank you letter FIRE 2010.doc
[2010/05/18 01:18:30 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/18 01:17:50 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/05/18 01:12:21 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nikon Transfer.lnk
[2010/05/18 01:09:19 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL71.DLL
[2010/05/17 23:48:41 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\ad for sheriff's foundation may 2010.doc
[2010/05/17 23:16:10 | 000,467,835 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\invo six pts fire tech 5 10.pdf
[2010/05/17 23:14:51 | 000,356,970 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\LENNAR.pdf
[2010/05/17 03:41:14 | 002,688,224 | -H-- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\IconCache.db
[2010/05/17 01:00:16 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\insurance for show.doc
[2010/05/16 06:26:14 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2010/05/16 06:26:14 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Mike\Application Data\Strings
[2010/05/16 06:26:14 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\SystemConfiguration
[2010/05/11 19:52:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/04 02:07:31 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\FOOSTER FREEZE.doc
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\Documents and Settings\Mike\Desktop\*.tmp files -> C:\Documents and Settings\Mike\Desktop\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/02 01:29:42 | 000,711,168 | ---- | C] () -- C:\WINDOWS\is-3ER1V.exe
[2010/06/02 01:29:42 | 000,010,562 | ---- | C] () -- C:\WINDOWS\is-3ER1V.msg
[2010/06/02 01:29:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/02 01:29:42 | 000,000,309 | ---- | C] () -- C:\WINDOWS\is-3ER1V.lst
[2010/06/01 21:31:17 | 000,002,244 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/05/30 23:34:18 | 000,002,565 | ---- | C] () -- C:\confin.sys
[2010/05/27 04:24:22 | 001,963,873 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\yaya 004.jpg
[2010/05/26 01:16:57 | 000,117,760 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FIRE_Thank you 2010.doc
[2010/05/25 01:03:34 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Generic ads_1.doc
[2010/05/25 00:14:30 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\AG's complaint about Foundation.doc
[2010/05/20 01:05:09 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/05/20 01:05:09 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/19 02:34:20 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\thank you letter FIRE 2010.doc
[2010/05/17 23:48:41 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\ad for sheriff's foundation may 2010.doc
[2010/05/17 23:16:10 | 000,467,835 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\invo six pts fire tech 5 10.pdf
[2010/05/17 23:14:27 | 000,356,970 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\LENNAR.pdf
[2010/05/17 02:32:53 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nikon Transfer.lnk
[2010/05/17 01:00:16 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\insurance for show.doc
[2010/05/16 06:26:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2010/05/16 06:26:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Mike\Application Data\Strings
[2010/05/16 06:26:14 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/05/16 06:26:14 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\SystemConfiguration
[2010/05/16 03:59:45 | 000,777,728 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FACA Brochure.pub
[2010/05/04 02:07:30 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\FOOSTER FREEZE.doc
[2010/05/01 07:14:41 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2010/04/28 02:08:40 | 000,000,016 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2010/03/11 05:38:24 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010/03/11 05:38:24 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010/03/10 11:53:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/11/23 11:28:06 | 000,000,498 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2009/11/23 11:04:26 | 000,000,099 | ---- | C] () -- C:\WINDOWS\PolkaDot.ini
[2009/11/23 09:09:56 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2009/11/23 09:09:55 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2009/11/14 08:24:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2009/11/14 08:16:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2009/11/14 08:16:16 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2009/11/14 08:16:14 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2008/12/23 02:46:40 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd8781.sys
[2008/12/18 07:07:13 | 000,028,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\usb2vcom.sys
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/11/29 02:44:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/05/03 09:43:33 | 000,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/12/13 05:59:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ZDrive.INI
[2007/12/06 04:13:16 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PdSACKey.sys
[2007/11/05 22:42:21 | 000,000,316 | ---- | C] () -- C:\WINDOWS\bcards.INI
[2007/05/22 19:14:58 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/04/06 01:28:14 | 000,000,078 | ---- | C] () -- C:\WINDOWS\BW.ini
[2007/01/06 10:57:19 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/29 10:17:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/11/10 06:05:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Webspace.INI
[2006/08/30 15:37:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/05/07 01:02:38 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2006/04/10 03:50:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/05/31 06:20:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/04/25 12:05:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI5_SETUP.ini
[2005/04/25 12:04:18 | 000,000,021 | ---- | C] () -- C:\WINDOWS\ME_setup.ini
[2005/04/25 10:52:15 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2005/04/25 08:51:55 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005/02/19 03:16:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/19 03:09:41 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/02/19 03:07:13 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/19 03:07:13 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/19 03:07:13 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/19 03:07:13 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/19 03:07:13 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/19 03:07:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/12/14 19:04:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/14 19:02:49 | 001,175,552 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/09/16 04:58:02 | 000,000,217 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2004/08/17 02:55:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/17 02:05:52 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/17 01:33:01 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/08/17 01:32:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2004/08/17 01:32:58 | 000,000,724 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/04 06:59:44 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/06/25 05:28:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/15 19:28:50 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003/01/08 07:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/23 11:13:58 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2002/03/13 16:46:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2001/11/28 09:42:56 | 000,000,039 | ---- | C] () -- C:\WINDOWS\pperfect7.ini
[2001/10/25 07:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[1999/12/03 10:01:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[1999/01/28 04:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/23 02:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 22:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مهندسة
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:40482594E8AE31C5
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:825D5945
< End of report >

mikeincali
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-06-02
OS OS : windowsxp
Points Points : 23888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bankerfox.A

Post by mikeincali on 2nd June 2010, 9:00 pm

OTL Extras logfile created on: 6/2/2010 1:48:47 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 516.00 Mb Available Physical Memory | 67.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 183.91 Gb Total Space | 121.28 Gb Free Space | 65.94% Space Free | Partition Type: NTFS
Drive D: | 649.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 3.74 Gb Total Space | 3.73 Gb Free Space | 99.82% Space Free | Partition Type: FAT32

Computer Name: VAIO
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Avant Browser\avant.exe (Avant Force)
.url [@ = InternetShortcut] -- C:\Program Files\Avant Browser\avant.exe (Avant Force)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
htmlfile [opennew] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
https [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
InternetShortcut [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:*:Enabled:Beyond TV Registration Service -- (SnapStream Media)
"C:\Program Files\SnapStream Media\Beyond TV\BTVWebServiceProxy.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVWebServiceProxy.exe:*:Enabled:Beyond TV Web Service Proxy -- (SnapStream Media)
"C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:*:Enabled:Beyond TV Library Service -- (SnapStream Media)
"C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:*:Enabled:Beyond TV Network Service -- (SnapStream Media)
"C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:*:Enabled:Beyond TV Recording Engine -- (SnapStream Media)
"C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:*:Enabled:Beyond TV Guide Data Loader -- (SnapStream Media)
"C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:*:Enabled:Beyond TV Settings Service -- (SnapStream Media)
"C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:*:Enabled:Beyond TV Task Manager Service -- (SnapStream Media)
"C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:*:Enabled:Beyond TV ViewScape -- (SnapStream Media, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Avant Browser\avant.exe" = C:\Program Files\Avant Browser\avant.exe:*:Enabled:Avant Browser -- (Avant Force)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module -- File not found
"C:\Program Files\Yahoo!\browser\ycommon.exe" = C:\Program Files\Yahoo!\browser\ycommon.exe:*:Enabled:YCommon Exe Module -- (Yahoo!, Inc.)
"C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe" = C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe:*:Enabled:Camera Control Interface -- ()
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" = C:\Program Files\Logitech\QuickCam10\QuickCam10.exe:*:Enabled:Camera Software -- File not found
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe:*:Enabled:hpgs2wnf Module -- ()
"C:\WINDOWS\system32\wiaacmgr.exe" = C:\WINDOWS\system32\wiaacmgr.exe:*:Enabled:Windows Picture Acquisition Wizard -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:AT&T Yahoo! Music Jukebox -- (Yahoo!)
"C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe" = C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:*:Enabled:TV Setup Wizard -- (SnapStream Media, Inc.)
"C:\Program Files\Joost\xulrunner\tvprunner.exe" = C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner -- File not found
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Kazaa\kazaa.exe" = C:\Program Files\Kazaa\kazaa.exe:*:Disabled:Kazaa -- File not found
"C:\Program Files\MP3 Rocket\MP3Rocket.exe" = C:\Program Files\MP3 Rocket\MP3Rocket.exe:*:Disabled:MP3 Rocket 5.0.3 -- ()
"C:\Documents and Settings\Michael Campbell\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Michael Campbell\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Documents and Settings\Mike\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Mike\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Documents and Settings\Mike\Local Settings\Temp\{AB62E636-A632-48B7-B5A0-E622D50F519A}\{4C78937F-0C8E-11D9-A3EB-0001025FA304}\k_update.exe" = C:\Documents and Settings\Mike\Local Settings\Temp\{AB62E636-A632-48B7-B5A0-E622D50F519A}\{4C78937F-0C8E-11D9-A3EB-0001025FA304}\k_update.exe:*:Enabled:Kensington Digital Update of installed software via the Web. -- File not found
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"c:\documents and settings\mike\local settings\application data\asam.exe" = c:\documents and settings\mike\local settings\application data\asam.exe:*:Enabled:enable -- (eSXi)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{0D490016-5D01-4CB3-A037-55814AC63D2E}" = Giga Pocket Hardware Library 5.5
"{0E4DBFE2-EEA4-11D3-96D0-00A0CC3F8931}" = Business Legal Forms
"{1805BD6D-C441-4A1C-802D-AFF0232DAACD}" = A-Men Technologies USB-to-Serial
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 3.1
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2EBA5473-558B-462C-AEE4-FE50FA799F2A}" = Mouse Driver
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34E63198-8AE2-4D0D-ACFA-2651A46B3C42}" = Digital Camera Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3818E081-EAA2-012B-AD94-000000000000}" = TurboTax 2009 WinBizFedFormset
"{3830D551-EAA2-012B-AD9A-000000000000}" = TurboTax 2009 WinBizReleaseEngine
"{383CBC31-EAA2-012B-AD9D-000000000000}" = TurboTax 2009 WinBizTaxSupport
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C5A81D1-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10.0.3
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41EBA469-1E70-4ACE-AD30-1186F06D8BC5}" = Microsoft DirectX SDK (August 2006)
"{48820099-ED7D-424B-890C-9A82EF00656C}" = VAIO Update 2
"{4C75086F-7753-41B9-8B4C-F38DE6CC8C20}" = VAIO Remote Commander Utility 6.2
"{4C78937F-0C8E-11D9-A3EB-0001025FA304}" = Kensington MouseWorks
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}" =
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6C08753F-2A90-494A-BD09-E3F222B2BDCA}" = USB-IDE Bridge Driver
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 3.1
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.1.00
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 3.1
"{7C2F71B2-6C73-11D6-B659-00C04F790F76}" = Click to DVD 2.1.10
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7FD50E0C-B39F-49B4-99EA-95AD328A6255}" = Send to SmugMug
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{84909249-924A-11D5-A7DD-9F5B71005E4C}" = Print Perfect Platinum
"{872E22D1-0DF3-4EE2-8ABF-CC8450AB74F1}" = OOo-dev 3.1
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.15
"{8DBF971D-A2C8-11D5-9C48-00105AE19B66}" = Gordi and the Math Invaders
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90150409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{915A6279-B4CA-11D4-9766-00508BC086E6}" = Party Fun Adventure
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{937b232d-9776-471e-92bd-d424e514ef14}" = Logitech QuickCam
"{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{979F6A6B-4CB0-424E-8E70-AA2ED38B4CCC}" = Giga Pocket Demo Movie
"{98A3A654-3AEF-42D9-BA91-DE5815EA5897}" = Click to DVD 2.0 Menu Data
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A1C8D94A-4303-4489-B585-4B6E6CD408CB}" = OpenOffice.org 2.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AF363EA8-CB9F-40EC-90E0-A46AD9C78EB0}" = Laugh, Smile & Learn™
"{B39C475A-77A7-446D-B423-8051E976D910}" = USB to UART Bridge Controller
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1008475-75B2-4475-B98C-51FAE8B62960}" = Concord WinFax Plugin v3.0
"{C29B13CC-F0C5-4973-8980-2BCDC7C44E39}" = Beyond TV DVD Burning Foundation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D8C2C5B1-1A88-4B87-9116-59D082B1CE30}" = Visual Studio 2005 Redist Package
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{DD54CF66-090B-43E7-97C1-110EF526474D}" = ArcSoft Multimedia Email
"{E1ACEF2E-C3C0-43F5-A815-5F0BB968DA70}" = GSM SIM Utility 9.0
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EAFCD3D7-52C9-438C-84A5-EE66E4A03724}" = ProVenture Business Cards
"{F06FCDEC-5AB3-4927-A3E7-36AF98A8E05C}" = Huge Pine USB to UART Driver
"{F8722041-B63A-47FB-82A8-5F0977E1CF45}" = TWC Customer Controls
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FC888095-A35E-4993-A9E0-366BF6F0CCE0}" = ArcSoft PhotoImpression 5
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AI RoboForm" = AI RoboForm (All Users)
"AltnetDM" = Peer Points Manager
"AT&T Yahoo! Browser Configuration" = AT&T Yahoo! Browser Configuration
"AvantBrowser" = Avant Browser (remove only)
"Beyond TV" = SnapStream Beyond TV 4.8.2
"BroadJump Client Foundation" = BroadJump Client Foundation
"Cebuano_Language_Software_4.2" = Cebuano Language Software 4.2
"CloneCD" = CloneCD
"Creative PD0630" = Creative WebCam Live! Driver (1.01.01.0730)
"Creative WebCam Center" = Creative WebCam Center
"Duplicate Finder" = Duplicate Finder
"Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 1.3
"HP Photo Printing Software" = HP Photo Printing Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"IrfanView" = IrfanView (remove only)
"legacyqcam_10.40" = Logitech Legacy USB Camera Driver Package
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Logitech Print Service" = Logitech Print Service
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miro" = Miro
"MP3 Rocket" = MP3 Rocket
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Muppet Babies Toyland Train" = Muppet Babies Toyland Train
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.0-04-06-21-01" = OpenMG Limited Patch 4.0-04-07-14-01
"PCI Audio Driver" = PCI Audio Driver
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SBC.MCCInstall" = AT&T Self Support Tool
"SHARP SL Series" = SHARP SL Series Software
"SnapZip2004_is1" = SnapZip 2004
"ST6UNST #1" = ExcelDialerHenry
"ST6UNST #2" = ExcelDialerHenry (C:\Program Files\ExcelDialer\)
"ST6UNST #3" = ExcelDialerHenry (C:\Program Files\ExcelDialer\) #3
"Tagalog_Tutot_4.1" = Tagalog Tutor 4.1
"The Cat in the Hat" = The Cat in the Hat
"TurboTax 2009" = TurboTax 2009
"TurboTax Business 2009" = TurboTax Business 2009
"UnityWebPlayer" = Unity Web Player
"Visual Labels" = Visual Labels
"WhiteCap" = WhiteCap
"Wiggle and Giggle" = Wiggle and Giggle
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFax" = Symantec WinFax PRO
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD" = XviD MPEG-4 Codec
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/31/2010 11:23:30 PM | Computer Name = VAIO | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\Program Files\Mozilla
Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 5/31/2010 11:23:35 PM | Computer Name = VAIO | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Trojan in File: C:\Documents and Settings\Mikey\Local
Settings\Temporary Internet Files\Content.IE5\0LQFO1AJ\omni[1].gif by: Auto-Protect
scan. Action: Clean failed : Quarantine failed : Access denied. Action Description:
The file was left unchanged.

Error - 5/31/2010 11:23:39 PM | Computer Name = VAIO | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Trojan in File: C:\Documents and Settings\Mikey\Local
Settings\Temporary Internet Files\Content.IE5\W163GTER\omni[1].gif by: Auto-Protect
scan. Action: Clean failed : Quarantine failed : Access denied. Action Description:
The file was left unchanged.

Error - 5/31/2010 11:27:14 PM | Computer Name = VAIO | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\Program Files\Mozilla
Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 6/1/2010 9:26:14 AM | Computer Name = VAIO | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\Program Files\Mozilla
Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 6/1/2010 10:01:01 AM | Computer Name = VAIO | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\Program Files\Mozilla
Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 6/1/2010 10:08:33 AM | Computer Name = VAIO | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\Program Files\Mozilla
Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 6/1/2010 10:52:35 AM | Computer Name = VAIO | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\Program Files\Mozilla
Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 6/1/2010 11:07:34 AM | Computer Name = VAIO | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\Program Files\Mozilla
Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 6/1/2010 11:17:47 AM | Computer Name = VAIO | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\Program Files\Mozilla
Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

[ System Events ]
Error - 6/1/2010 12:02:29 PM | Computer Name = VAIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DMICall ElbyCDIO Fips intelppm SAVRT SYMTDI

Error - 6/1/2010 12:04:13 PM | Computer Name = VAIO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/1/2010 12:54:47 PM | Computer Name = VAIO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/1/2010 1:20:57 PM | Computer Name = VAIO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 6/1/2010 1:29:12 PM | Computer Name = VAIO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/1/2010 1:29:55 PM | Computer Name = VAIO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/1/2010 1:42:00 PM | Computer Name = VAIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DMICall ElbyCDIO Fips intelppm SAVRT SYMTDI

Error - 6/1/2010 1:42:00 PM | Computer Name = VAIO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/1/2010 1:42:18 PM | Computer Name = VAIO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/1/2010 1:47:45 PM | Computer Name = VAIO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

mikeincali
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-06-02
OS OS : windowsxp
Points Points : 23888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bankerfox.A

Post by Belahzur on 3rd June 2010, 9:45 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [asam] C:\Documents and Settings\Mike\Local Settings\Application Data\asam.exe (eSXi)
    O4 - HKLM..\Run: [xkovnvub] C:\Documents and Settings\Mike\Local Settings\Application Data\yeltmfifu\bygtlmptssd.exe (Unhmy)
    O4 - HKCU..\Run: [asam] C:\Documents and Settings\Mike\Local Settings\Application Data\asam.exe (eSXi)
    O4 - HKCU..\Run: [xkovnvub] C:\Documents and Settings\Mike\Local Settings\Application Data\yeltmfifu\bygtlmptssd.exe (Unhmy)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: RTHDBPL = C:\Documents and Settings\Mikey\Application Data\SystemProc\lsass.exe (Mevwgu)
    [2010/06/01 01:46:16 | 000,099,584 | ---- | C] (eSXi) -- C:\Documents and Settings\Mike\Local Settings\Application Data\asam.exe
    [2010/06/01 01:45:06 | 000,099,584 | ---- | C] (eSXi) -- C:\Documents and Settings\Mike\Local Settings\Application Data\syssvc.exe
    [2010/06/01 01:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\yeltmfifu


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum