WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Possible Malware

2 posters

descriptionPossible Malware EmptyPossible MalwareSun Apr 25, 2010 6:07 pm

more_horiz
Computer unable to run any virus software. Vista is asking to select a program to open the exe file? Not sure how to fix.

descriptionPossible Malware EmptyRe: Possible MalwareSun Apr 25, 2010 8:18 pm

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Possible Malware DXwU4
Possible Malware VvYDg

descriptionPossible Malware EmptyRe: Possible MalwareMon Apr 26, 2010 10:48 am

more_horiz
OTL logfile created on: 4/26/2010 10:21:53 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\My Computer\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.12 Gb Total Space | 548.94 Gb Free Space | 93.82% Space Free | Partition Type: NTFS
Drive D: | 11.05 Gb Total Space | 1.48 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYCOMPUTER-PC
Current User Name: My Computer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/26 10:21:15 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\My Computer\Desktop\OTL.exe
PRC - [2010/04/22 21:59:58 | 000,171,520 | ---- | M] () -- C:\Users\My Computer\AppData\Local\Temp\Ak1.exe
PRC - [2010/04/22 21:59:56 | 000,176,640 | ---- | M] () -- C:\Users\My Computer\AppData\Local\Temp\Ak0.exe
PRC - [2009/11/02 20:24:58 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe


========== Modules (SafeList) ==========

MOD - [2010/04/26 10:21:15 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\My Computer\Desktop\OTL.exe
MOD - [2009/12/08 14:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/04/11 02:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 21:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/09/16 11:23:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2009/09/16 10:15:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 11:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2009/12/08 15:25:28 | 000,110,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/09/17 22:28:04 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/09/16 10:22:40 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/09/16 10:22:40 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/09/16 10:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/07/16 12:32:26 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/03 18:10:08 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/03/25 05:50:18 | 007,715,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/02/14 10:56:14 | 000,160,768 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/02/12 11:50:14 | 000,286,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys -- (CAXHWBS3)
DRV:64bit: - [2008/02/12 11:48:10 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/02/12 11:47:08 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP)
DRV:64bit: - [2007/10/18 11:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/11/29 18:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw) WAN Miniport (ATW)
DRV:64bit: - [2006/06/19 10:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006/06/19 10:26:50 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/04/24 23:15:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (adHlpr Object) - {C5151860-EC17-425B-B60D-3F7AD41B9AE5} - C:\Windows\SysWOW64\czwnbght.dll ()
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1238773922\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKCU..\Run: [acrombml] C:\Users\My Computer\AppData\Local\yqahrqgon\vbfqvoptssd.exe File not found
O4 - HKCU..\Run: [AIM] C:\Program Files (x86)\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL 9.5a\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [QZAIB7KITK] C:\Users\My Computer\AppData\Local\Temp\Ak0.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [titylqot] C:\Users\My Computer\AppData\Local\ffcbjpnlo\ukauxjktssd.exe File not found
O4 - HKCU..\Run: [userinit] C:\Users\My Computer\AppData\Roaming\sdra64.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Users\My Computer\AppData\Local\Temp\Ak1.exe ()
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 7.0; AOL 9.5; AOLBuild 4337.155; Windows NT 6.0; WOW64; Trident\4.0; File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://domino2.ncat.edu/dwa7W.cab (Domino Web Access 7 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\My Computer\Pictures\27088_118972291453096_100000209766872_313251_631998_n.jpg
O24 - Desktop BackupWallPaper: C:\Users\My Computer\Pictures\27088_118972291453096_100000209766872_313251_631998_n.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{88d78f6d-a07a-11de-be62-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{88d78f6d-a07a-11de-be62-00038a000015}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37:64bit: - HKCU\...exe [@ = secfile] -- Reg Error: Key error. File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = secfile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/26 10:21:10 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\My Computer\Desktop\OTL.exe
[2010/04/25 10:43:49 | 000,638,232 | ---- | C] (Microsoft Corporation) -- C:\Users\My Computer\Desktop\Internet Explorer.exe
[2010/04/24 16:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/04/24 14:48:45 | 000,000,000 | ---D | C] -- C:\Users\My Computer\AppData\Local\yqahrqgon
[2010/04/24 14:09:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart-Ads-Solutions
[2010/04/24 13:59:06 | 000,000,000 | ---D | C] -- C:\Users\My Computer\AppData\Roaming\077ADD58CF4D6F2E0DB77368097301FB
[2010/04/24 10:21:01 | 000,000,000 | ---D | C] -- C:\Users\My Computer\AppData\Local\Windows Server
[2010/04/22 23:41:19 | 000,000,000 | ---D | C] -- C:\Users\My Computer\AppData\Local\ffcbjpnlo
[2010/04/22 22:34:14 | 000,000,000 | ---D | C] -- C:\Users\My Computer\AppData\Local\avG
[2010/04/22 22:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\avG
[2010/04/18 17:22:29 | 000,000,000 | ---D | C] -- C:\Users\My Computer\AppData\Local\IsolatedStorage
[2010/04/18 03:15:06 | 000,000,000 | ---D | C] -- C:\Users\My Computer\AppData\Local\Street_Challenge
[2010/04/18 03:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Street Challenge LLC
[2010/04/18 02:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbo Drag 2
[2010/04/18 02:51:32 | 000,000,000 | ---D | C] -- C:\Users\My Computer\AppData\Local\Protexis
[2010/04/18 02:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2010/04/18 02:49:49 | 000,000,000 | ---D | C] -- C:\Users\My Computer\Uninstall
[2010/04/18 02:49:49 | 000,000,000 | ---D | C] -- C:\Windows\Turbo Drag 2
[2010/04/14 05:39:52 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/14 05:39:16 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/14 05:39:16 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/14 05:36:08 | 000,072,192 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codeca.acm
[2010/04/14 05:36:08 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm
[2010/04/14 05:36:07 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codecp.acm
[2010/04/14 05:36:07 | 000,181,760 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codecp.acm
[2010/04/14 05:33:51 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/14 05:33:51 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/14 05:33:49 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/14 05:33:49 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/04/07 16:49:31 | 000,000,000 | ---D | C] -- C:\Users\My Computer\Documents\KelliRiding
[2010/03/30 20:01:35 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/03/30 20:01:35 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/03/30 20:01:35 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/03/30 20:01:35 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/03/30 20:01:35 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/03/30 20:01:35 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/03/30 20:01:34 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/03/30 20:01:34 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/03/30 20:01:34 | 001,062,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/03/30 20:01:34 | 000,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/03/30 20:01:34 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/03/30 20:01:34 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/03/30 20:01:34 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/03/30 20:01:34 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/03/30 20:01:34 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/03/30 20:01:34 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/03/30 20:01:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/03/30 20:01:34 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/03/30 20:01:34 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/03/30 20:01:34 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/03/30 20:01:34 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/03/30 20:01:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/03/30 20:01:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/03/30 20:01:34 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/03/30 20:01:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/03/30 20:01:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/03/30 20:01:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/03/30 20:01:34 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/03/30 20:01:34 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/03/30 20:01:34 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/03/30 20:01:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/03/30 20:01:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/03/30 20:01:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

========== Files - Modified Within 30 Days ==========

[2010/04/26 10:25:29 | 002,359,296 | -HS- | M] () -- C:\Users\My Computer\ntuser.dat
[2010/04/26 10:22:03 | 000,000,304 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/26 10:21:15 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\My Computer\Desktop\OTL.exe
[2010/04/26 10:20:03 | 000,000,304 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/04/26 10:13:58 | 000,013,361 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/04/26 10:13:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/26 09:54:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/26 09:21:27 | 000,000,183 | ---- | M] () -- C:\Users\My Computer\Desktop\Navy For Moms.url
[2010/04/26 08:47:03 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/26 08:47:03 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/26 08:47:03 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/26 08:41:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 08:41:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 08:41:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/26 08:41:47 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\ErrorFix Startup.job
[2010/04/26 08:41:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/26 06:48:54 | 000,524,288 | -HS- | M] () -- C:\Users\My Computer\ntuser.dat{3d1f4bfe-db85-11de-8748-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/04/26 06:48:54 | 000,065,536 | -HS- | M] () -- C:\Users\My Computer\ntuser.dat{3d1f4bfe-db85-11de-8748-00038a000015}.TM.blf
[2010/04/26 06:48:52 | 002,692,734 | -H-- | M] () -- C:\Users\My Computer\AppData\Local\IconCache.db
[2010/04/25 22:34:08 | 000,010,368 | -HS- | M] () -- C:\Users\My Computer\AppData\Local\nFWUk4hL
[2010/04/25 22:34:08 | 000,010,368 | -HS- | M] () -- C:\ProgramData\nFWUk4hL
[2010/04/25 22:34:04 | 000,208,896 | -HS- | M] () -- C:\ProgramData\vma.exe
[2010/04/25 22:34:04 | 000,208,896 | -HS- | M] () -- C:\ProgramData\MSASCui.exe
[2010/04/25 22:34:03 | 000,208,896 | -HS- | M] () -- C:\ProgramData\ave.exe
[2010/04/25 22:34:03 | 000,208,896 | -HS- | M] () -- C:\ProgramData\av.exe
[2010/04/25 22:33:57 | 000,208,896 | -HS- | M] () -- C:\Users\My Computer\AppData\Local\vma.exe
[2010/04/25 22:33:57 | 000,208,896 | -HS- | M] () -- C:\Users\My Computer\AppData\Local\MSASCui.exe
[2010/04/25 22:33:57 | 000,208,896 | -HS- | M] () -- C:\Users\My Computer\AppData\Local\av.exe
[2010/04/25 12:00:00 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\ErrorFix Scan.job
[2010/04/25 10:44:59 | 000,001,204 | ---- | M] () -- C:\Users\My Computer\AppData\Roaming\wklnhst.dat
[2010/04/25 09:31:14 | 000,011,660 | -HS- | M] () -- C:\Users\My Computer\AppData\Local\ltMp4dxaNlfp
[2010/04/25 09:31:14 | 000,011,660 | -HS- | M] () -- C:\ProgramData\ltMp4dxaNlfp
[2010/04/24 10:50:32 | 000,728,064 | ---- | M] () -- C:\Users\My Computer\Documents\11MostExpensiveCatastrophes.pps
[2010/04/23 01:34:51 | 000,012,366 | -HS- | M] () -- C:\Users\My Computer\AppData\Local\6WJ37r
[2010/04/23 01:34:51 | 000,012,366 | -HS- | M] () -- C:\ProgramData\6WJ37r
[2010/04/21 07:55:32 | 000,299,008 | ---- | M] () -- C:\Windows\SysWow64\czwnbght.dll
[2010/04/20 21:56:03 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/04/20 17:54:40 | 001,330,176 | ---- | M] () -- C:\Users\My Computer\Documents\EmpireStateBldg.pps
[2010/04/20 13:10:29 | 004,273,632 | ---- | M] () -- C:\Users\My Computer\Documents\Thisiswhattolerancelookslike.wmv
[2010/04/18 17:32:46 | 000,015,872 | ---- | M] () -- C:\Users\My Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/18 03:04:56 | 000,000,080 | RHS- | M] () -- C:\Windows\SysWow64\506DED0771.dll
[2010/04/15 14:08:41 | 000,957,054 | ---- | M] () -- C:\Users\My Computer\Documents\obama.bmp
[2010/04/15 01:04:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/04/08 16:57:22 | 000,199,262 | ---- | M] () -- C:\Users\My Computer\Documents\blond_goes_to_work_after_many_years.wmv
[2010/04/07 16:49:31 | 000,229,673 | ---- | M] () -- C:\Users\My Computer\Documents\KelliRiding.zip
[2010/04/01 01:00:19 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/03/30 18:03:00 | 000,307,254 | ---- | M] () -- C:\Users\My Computer\Documents\erica.bmp

========== Files Created - No Company Name ==========

[2010/04/25 22:34:04 | 000,208,896 | -HS- | C] () -- C:\ProgramData\vma.exe
[2010/04/25 22:34:03 | 000,208,896 | -HS- | C] () -- C:\ProgramData\MSASCui.exe
[2010/04/25 22:34:03 | 000,208,896 | -HS- | C] () -- C:\ProgramData\av.exe
[2010/04/25 22:34:02 | 000,208,896 | -HS- | C] () -- C:\ProgramData\ave.exe
[2010/04/25 22:33:57 | 000,208,896 | -HS- | C] () -- C:\Users\My Computer\AppData\Local\vma.exe
[2010/04/25 22:33:57 | 000,208,896 | -HS- | C] () -- C:\Users\My Computer\AppData\Local\MSASCui.exe
[2010/04/25 22:33:57 | 000,208,896 | -HS- | C] () -- C:\Users\My Computer\AppData\Local\av.exe
[2010/04/25 20:10:59 | 000,010,368 | -HS- | C] () -- C:\Users\My Computer\AppData\Local\nFWUk4hL
[2010/04/25 20:10:59 | 000,010,368 | -HS- | C] () -- C:\ProgramData\nFWUk4hL
[2010/04/25 13:52:23 | 000,000,304 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/24 23:31:16 | 000,011,660 | -HS- | C] () -- C:\Users\My Computer\AppData\Local\ltMp4dxaNlfp
[2010/04/24 23:31:16 | 000,011,660 | -HS- | C] () -- C:\ProgramData\ltMp4dxaNlfp
[2010/04/24 10:50:19 | 000,728,064 | ---- | C] () -- C:\Users\My Computer\Documents\11MostExpensiveCatastrophes.pps
[2010/04/22 22:34:16 | 000,012,366 | -HS- | C] () -- C:\Users\My Computer\AppData\Local\6WJ37r
[2010/04/22 22:34:16 | 000,012,366 | -HS- | C] () -- C:\ProgramData\6WJ37r
[2010/04/22 22:00:00 | 000,000,304 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/04/21 07:55:32 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\czwnbght.dll
[2010/04/20 17:54:24 | 001,330,176 | ---- | C] () -- C:\Users\My Computer\Documents\EmpireStateBldg.pps
[2010/04/20 13:09:27 | 004,273,632 | ---- | C] () -- C:\Users\My Computer\Documents\Thisiswhattolerancelookslike.wmv
[2010/04/18 02:51:01 | 000,000,080 | RHS- | C] () -- C:\Windows\SysWow64\506DED0771.dll
[2010/04/15 14:08:35 | 000,957,054 | ---- | C] () -- C:\Users\My Computer\Documents\obama.bmp
[2010/04/08 16:57:17 | 000,199,262 | ---- | C] () -- C:\Users\My Computer\Documents\blond_goes_to_work_after_many_years.wmv
[2010/04/07 16:49:27 | 000,229,673 | ---- | C] () -- C:\Users\My Computer\Documents\KelliRiding.zip
[2010/03/30 18:02:32 | 000,307,254 | ---- | C] () -- C:\Users\My Computer\Documents\erica.bmp
[2009/09/17 13:23:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/17 13:22:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/31 14:15:04 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2008/05/28 13:30:00 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/05/28 13:30:00 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
< End of report >

descriptionPossible Malware EmptyRe: Possible MalwareMon Apr 26, 2010 10:49 am

more_horiz
OTL Extras logfile created on: 4/26/2010 10:21:54 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\My Computer\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.12 Gb Total Space | 548.94 Gb Free Space | 93.82% Space Free | Partition Type: NTFS
Drive D: | 11.05 Gb Total Space | 1.48 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYCOMPUTER-PC
Current User Name: My Computer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = secfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 01 40 DA 41 C1 37 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10F03A3A-1FF7-4C26-8861-1718472E8CE1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{24837F88-1EAA-4722-B223-D3CC5FFDFDA0}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{31326FDA-2CAE-4B0E-AA56-84AA38F46347}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{4C3999BE-D554-45F4-AB64-0B41924C8930}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1238773922\ee\aolsoftware.exe |
"{4E412441-B02A-4438-8693-8D59C7C689D0}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe |
"{539496BA-066A-48B3-9DE1-FCDF9AE062FA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{54701193-F254-4CDC-A8A0-10CE4ED18872}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{5B0DCBB7-BF0F-4FAF-9E9B-DE08A862FCCB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{5B10F37C-4815-4002-B361-A6C6E865E8A0}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{62852A24-0252-4E9E-96E0-808CC5317B4E}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{64FE5AA8-F179-4102-899C-39D4D72BE287}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1225237593\ee\aolsoftware.exe |
"{67308085-ACBA-4F69-B5C4-B6540C0F1C19}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6A631CDE-8B0E-4B10-B643-66EF6ED582EE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1238773922\ee\aolservicehost.exe |
"{73928607-133B-4A31-A0C6-F32DA7BB2193}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe |
"{7F4C0169-5B08-4452-9647-F66F6A6A2195}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{80276037-7020-441D-ABC4-AC5B7B7F4FA3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{82BB695B-8EE8-4D6B-AB61-8DBCE7FA424A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{8902B5F8-31E2-4C43-9492-92EF3769B923}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{8C6F488B-70D6-4F85-BDC5-3A58D08E4F37}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{94B9529B-B3FB-4081-B5BA-176E4A77B111}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1225237593\ee\aolsoftware.exe |
"{985AA411-6982-4809-91EA-D393D758F195}" = protocol=6 | dir=in | app=c:\users\my computer\appdata\local\temp\wzse0.tmp\symnrt.exe |
"{9C598F7A-4B58-4A45-A348-68827AF8E6C0}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1238773922\ee\aolservicehost.exe |
"{B8D3D8E5-48D3-4167-99FA-13F9D5F9DF3C}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.1\waol.exe |
"{C626859C-7DE2-4B99-9398-6269172D3C28}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C6E79F8C-855E-4A75-8F82-C848F0B8B524}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.5a\waol.exe |
"{CB5F32F8-E9C6-44BB-B1D8-1A58B7A66542}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1238773922\ee\aolsoftware.exe |
"{D44E911A-65CD-4183-8541-8E593F197E22}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.5a\waol.exe |
"{D905EFBD-1FB9-4BCA-9A9E-FC3DBE33F1A4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E80E247B-A046-49D4-AD02-1B00A6D1F64C}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{EC962056-2F82-4FC5-B890-380833E6E43B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{EDD5D4ED-39F2-4CAE-B06C-287A3F37975B}" = protocol=17 | dir=in | app=c:\users\my computer\appdata\local\temp\wzse0.tmp\symnrt.exe |
"{EDF8524A-F1D2-4232-B901-FD79E2F8A32D}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.1\waol.exe |
"{F1CF74A9-1DAD-460D-9A8F-DC40BBEAE02E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5759E649-E281-46C2-BB4B-50413623DCDF}" = iTunes
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel®️ Matrix Storage Manager
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A7D48BF6-8ED8-4B91-8267-34CDE7807D05}_is1" = HP Demo
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"OfficeTrial" = Microsoft Office Home and Student 60 day trial

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™️ 4.2
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Explorer" = AOL Explorer
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Toolbar" = AOL Toolbar
"AOL Toolbar 5.0" =
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Backyard Basketball 2007" = Backyard Basketball 2007 (remove only)
"Google Chrome" = Google Chrome
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSC" = McAfee SecurityCenter
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Smart-Ads-Solutions" = SmartAds browser enhancer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"sp41119" = sp41119
"Street Challenge - Extreme Velocity" = Street Challenge - Extreme Velocity
"support.com Support Connection" = support.com Support Connection
"Turbo Drag 21.0" = Turbo Drag 2
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/7/2010 6:52:38 PM | Computer Name = MyComputer-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/8/2010 5:52:50 PM | Computer Name = MyComputer-PC | Source = Google Update | ID = 20
Description =

Error - 3/10/2010 4:20:49 AM | Computer Name = MyComputer-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/23/2010 3:50:48 PM | Computer Name = MyComputer-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/31/2010 3:17:51 AM | Computer Name = MyComputer-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/6/2010 9:47:46 PM | Computer Name = MyComputer-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/15/2010 3:20:00 AM | Computer Name = MyComputer-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/18/2010 3:09:20 AM | Computer Name = MyComputer-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/23/2010 2:21:21 AM | Computer Name = MyComputer-PC | Source = VSS | ID = 8194
Description =

Error - 4/24/2010 4:39:59 PM | Computer Name = MyComputer-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 10/3/2009 10:09:33 PM | Computer Name = MyComputer-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 10:14:21 PM | Computer Name = MyComputer-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/26/2010 4:04:41 AM | Computer Name = MyComputer-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/2/2010 4:00:08 AM | Computer Name = MyComputer-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/6/2010 9:47:25 PM | Computer Name = MyComputer-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:11:46 PM on 4/6/2010 was unexpected.

Error - 4/9/2010 4:00:08 AM | Computer Name = MyComputer-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/9/2010 6:16:36 PM | Computer Name = MyComputer-PC | Source = DCOM | ID = 10010
Description =

Error - 4/16/2010 4:00:08 AM | Computer Name = MyComputer-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/23/2010 4:00:11 AM | Computer Name = MyComputer-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/25/2010 9:29:31 AM | Computer Name = MyComputer-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:09:26 AM on 4/25/2010 was unexpected.

Error - 4/25/2010 9:54:13 AM | Computer Name = MyComputer-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/25/2010 5:07:11 PM | Computer Name = MyComputer-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.


< End of report >

descriptionPossible Malware EmptyRe: Possible MalwareMon Apr 26, 2010 6:09 pm

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [acrombml] C:\Users\My Computer\AppData\Local\yqahrqgon\vbfqvoptssd.exe File not found
    O4 - HKCU..\Run: [titylqot] C:\Users\My Computer\AppData\Local\ffcbjpnlo\ukauxjktssd.exe File not found
    O4 - HKCU..\Run: [userinit] C:\Users\My Computer\AppData\Roaming\sdra64.exe ()
    O4 - HKCU..\Run: [YVIBBBHA8C] C:\Users\My Computer\AppData\Local\Temp\Ak1.exe ()
    [2010/04/26 10:22:03 | 000,000,304 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2010/04/26 10:20:03 | 000,000,304 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    [2010/04/26 08:41:47 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\ErrorFix Startup.job
    [2010/04/25 22:34:08 | 000,010,368 | -HS- | M] () -- C:\ProgramData\nFWUk4hL
    [2010/04/25 22:34:04 | 000,208,896 | -HS- | M] () -- C:\ProgramData\vma.exe
    [2010/04/25 22:34:04 | 000,208,896 | -HS- | M] () -- C:\ProgramData\MSASCui.exe
    [2010/04/25 22:34:03 | 000,208,896 | -HS- | M] () -- C:\ProgramData\ave.exe
    [2010/04/25 22:34:03 | 000,208,896 | -HS- | M] () -- C:\ProgramData\av.exe
    [2010/04/25 22:33:57 | 000,208,896 | -HS- | M] () -- C:\Users\My Computer\AppData\Local\vma.exe
    [2010/04/25 22:33:57 | 000,208,896 | -HS- | M] () -- C:\Users\My Computer\AppData\Local\MSASCui.exe
    [2010/04/25 22:33:57 | 000,208,896 | -HS- | M] () -- C:\Users\My Computer\AppData\Local\av.exe
    [2010/04/25 12:00:00 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\ErrorFix Scan.job
    [2010/04/25 09:31:14 | 000,011,660 | -HS- | M] () -- C:\Users\My Computer\AppData\Local\ltMp4dxaNlfp
    [2010/04/25 09:31:14 | 000,011,660 | -HS- | M] () -- C:\ProgramData\ltMp4dxaNlfp
    [2010/04/23 01:34:51 | 000,012,366 | -HS- | M] () -- C:\Users\My Computer\AppData\Local\6WJ37r
    [2010/04/23 01:34:51 | 000,012,366 | -HS- | M] () -- C:\ProgramData\6WJ37r
    [2010/04/18 03:04:56 | 000,000,080 | RHS- | M] () -- C:\Windows\SysWow64\506DED0771.dll



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Possible Malware DXwU4
Possible Malware VvYDg

descriptionPossible Malware EmptyRe: Possible MalwareTue Apr 27, 2010 8:18 pm

more_horiz
I have completed the request but a Fix Log did not appear after selecting "ok".

descriptionPossible Malware EmptyRe: Possible MalwareTue Apr 27, 2010 8:23 pm

more_horiz
Hello.
Is there a log here?

C:\_OTL\time-and-date.log

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Possible Malware DXwU4
Possible Malware VvYDg

descriptionPossible Malware EmptyRe: Possible MalwareTue Apr 27, 2010 8:28 pm

more_horiz
Yes it was there.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\acrombml deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\titylqot deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\userinit not found.
File C:\Users\My Computer\AppData\Roaming\sdra64.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YVIBBBHA8C deleted successfully.
File C:\Users\My Computer\AppData\Local\Temp\Ak1.exe not found.
File C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
File C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job not found.
C:\Windows\Tasks\ErrorFix Startup.job moved successfully.
C:\ProgramData\nFWUk4hL moved successfully.
File C:\ProgramData\vma.exe not found.
File C:\ProgramData\MSASCui.exe not found.
File C:\ProgramData\ave.exe not found.
File C:\ProgramData\av.exe not found.
File C:\Users\My Computer\AppData\Local\vma.exe not found.
File C:\Users\My Computer\AppData\Local\MSASCui.exe not found.
File C:\Users\My Computer\AppData\Local\av.exe not found.
C:\Windows\Tasks\ErrorFix Scan.job moved successfully.
C:\Users\My Computer\AppData\Local\ltMp4dxaNlfp moved successfully.
C:\ProgramData\ltMp4dxaNlfp moved successfully.
C:\Users\My Computer\AppData\Local\6WJ37r moved successfully.
C:\ProgramData\6WJ37r moved successfully.
C:\Windows\SysWOW64\506DED0771.dll moved successfully.

OTL by OldTimer - Version 3.2.3.0 log created on 04272010_201430

descriptionPossible Malware EmptyRe: Possible MalwareWed Apr 28, 2010 2:43 pm

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Possible Malware DXwU4
Possible Malware VvYDg

descriptionPossible Malware EmptyRe: Possible Malware

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum