Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Ending Program - n & Suspicious Antivir Scan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Ending Program - n & Suspicious Antivir Scan

Unread postby bat_sali » March 9th, 2010, 7:25 pm

Hi :)
OTL.txt:
OTL logfile created on: 3/9/2010 10:43:08 PM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\Viktor Vutov\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.00 Mb Total Physical Memory | 158.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 2.68 Gb Free Space | 9.59% Space Free | Partition Type: NTFS
Drive D: | 46.58 Gb Total Space | 35.02 Gb Free Space | 75.17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VUTOV-S-TOSHIBA
Current User Name: Viktor Vutov
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/09 22:39:38 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Viktor Vutov\My Documents\Downloads\OTL.exe
PRC - [2010/02/24 13:12:27 | 001,709,296 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\casc.exe
PRC - [2010/02/24 12:42:31 | 000,251,120 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2010/02/24 12:42:28 | 001,058,032 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
PRC - [2010/02/24 12:42:27 | 000,206,064 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2009/11/20 21:09:16 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
PRC - [2009/10/23 12:52:45 | 000,464,312 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
PRC - [2009/08/04 11:42:18 | 000,887,288 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2009/07/31 17:30:14 | 000,150,008 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2009/07/27 16:40:44 | 000,227,832 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2009/07/13 11:39:14 | 000,760,664 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/29 17:55:44 | 000,569,405 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
PRC - [2004/11/29 17:50:00 | 000,254,007 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
PRC - [2004/07/12 20:06:00 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/06/16 23:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2003/01/15 16:24:14 | 000,102,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\Power Management\CePMTray.exe
PRC - [2003/01/14 23:52:26 | 000,561,152 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\E-KEY\CeEKey.exe
PRC - [2002/10/17 12:21:38 | 000,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\ivp\ISM\pinger.exe
PRC - [2002/10/04 20:24:18 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/08/20 18:29:26 | 000,040,960 | R--- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe


========== Modules (SafeList) ==========

MOD - [2010/03/09 22:39:38 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Viktor Vutov\My Documents\Downloads\OTL.exe
MOD - [2010/01/27 15:25:22 | 000,083,184 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-8.0.0.261\QOEHook.dll
MOD - [2009/10/23 12:53:03 | 001,447,352 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll
MOD - [2009/07/01 11:55:58 | 000,113,144 | ---- | M] (CA) -- C:\WINDOWS\system32\UmxSbxExw.dll
MOD - [2009/04/01 10:45:50 | 000,272,888 | ---- | M] (CA) -- C:\WINDOWS\system32\UmxSbxw.dll
MOD - [2008/04/14 00:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2004/11/29 17:56:52 | 000,053,248 | ---- | M] () -- C:\Program Files\IOGEAR\Bluetooth Software\BTKeyInd.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/24 12:42:31 | 000,251,120 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2010/02/24 12:42:27 | 000,206,064 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2009/11/20 21:09:16 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2009/08/04 11:42:18 | 000,887,288 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2009/07/31 17:30:14 | 000,150,008 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2009/07/27 16:40:44 | 000,227,832 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2009/07/13 11:39:14 | 000,760,664 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2005/03/30 14:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2004/11/29 17:50:00 | 000,254,007 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2004/07/12 20:06:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/06/16 23:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2002/10/04 20:24:18 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2009/09/30 17:51:00 | 000,239,608 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2009/09/30 17:51:00 | 000,078,840 | ---- | M] (CA) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2009/09/30 17:51:00 | 000,060,920 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2009/09/02 18:29:58 | 000,053,240 | ---- | M] (CA) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2009/08/27 11:14:48 | 000,143,352 | ---- | M] (CA) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys -- (KmxAMRT)
DRV - [2009/08/14 12:43:50 | 000,145,912 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2009/06/08 11:02:04 | 000,115,704 | ---- | M] (CA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw)
DRV - [2009/06/08 11:02:02 | 000,108,024 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys -- (KmxStart)
DRV - [2009/03/27 16:27:04 | 000,598,656 | ---- | M] (Computer Associates International, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KmxAMVet.sys -- (KmxAMVet)
DRV - [2008/11/16 12:02:52 | 000,006,896 | ---- | M] (Compal Electronic Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hkdrv.sys -- (EPOWER)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/02/25 09:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/08/19 12:38:26 | 000,021,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Viktor Vutov\Desktop\Everest\Everest UE 4.10.1119-reg\kerneld.wnt -- (EverestDriver)
DRV - [2006/08/21 16:40:46 | 000,244,864 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm323.sys -- (ZSMC326) Vimicro USB2.0 PC Camera(VC0323)
DRV - [2006/08/08 11:25:40 | 000,476,672 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter323.sys -- (vmfilter323)
DRV - [2006/02/07 08:14:30 | 000,034,671 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2005/10/16 05:03:50 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/06/16 12:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/04/11 07:17:42 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2005/03/31 06:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 05:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 05:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 05:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 05:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/12/22 20:30:00 | 000,407,360 | ---- | M] (D-Link ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/11/29 23:31:08 | 000,030,125 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2004/11/29 17:36:22 | 000,399,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004/11/29 17:34:38 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2004/11/29 17:34:32 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2004/11/29 17:34:20 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/11/29 17:33:14 | 001,337,850 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/11/29 17:31:46 | 000,044,163 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2004/11/29 17:31:16 | 000,030,299 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004/11/29 17:30:44 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/10/07 08:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2004/08/22 20:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 20:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/07/26 01:12:40 | 000,050,048 | R--- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxser.sys -- (oxser)
DRV - [2004/07/26 01:12:40 | 000,015,872 | R--- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxmf.sys -- (oxmf)
DRV - [2004/07/26 01:12:40 | 000,004,992 | R--- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oxmfuf.sys -- (Oxmfuf)
DRV - [2003/10/10 02:23:48 | 000,032,640 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2003/08/10 06:17:58 | 000,256,568 | R--- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2003/03/25 09:55:04 | 000,027,136 | ---- | M] (Mobile Action Tech. Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA-620.sys -- (MA-620)
DRV - [2003/03/18 14:05:10 | 000,155,392 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SMCWLAN.sys -- (SMCLN)
DRV - [2003/01/29 21:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/30 12:20:14 | 000,030,775 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wa301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2002/12/19 03:56:34 | 000,005,888 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2002/12/19 03:56:32 | 000,005,888 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SrvcEPIOMngr)
DRV - [2002/12/19 03:56:32 | 000,005,888 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2002/11/22 18:21:18 | 001,157,856 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/10/31 17:26:44 | 000,041,216 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (ser2pl)
DRV - [2002/10/07 18:09:58 | 000,019,140 | ---- | M] (America Online) [Kernel | On_Demand | Stopped] -- C:\Program Files\America Online 8.0a\atwpkt2.sys -- (ATWPKT2)
DRV - [2002/10/04 20:22:16 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/08/28 22:59:26 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2002/07/18 01:45:48 | 000,004,183 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPIOMngr.sys -- (SrvcTPIOMngr)
DRV - [2002/06/29 00:29:12 | 000,156,672 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlags48b.sys -- (wlags48b)
DRV - [2002/06/13 19:37:16 | 000,045,568 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/05/15 12:49:54 | 000,063,405 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/01/24 22:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)
DRV - [2001/12/11 18:27:58 | 000,314,792 | ---- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt891x1.sys -- (DCamUSBDXGTech) Trust 350FT PowerC@m Flash (Video Camera)
DRV - [2001/07/05 08:13:14 | 000,018,088 | ---- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt890x.sys -- (GT890x) Trust 350FT PowerC@m Flash (Still Camera)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-711985713-4290104095-50919101-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-711985713-4290104095-50919101-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-711985713-4290104095-50919101-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-711985713-4290104095-50919101-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-711985713-4290104095-50919101-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?.home=ytie
IE - HKU\S-1-5-21-711985713-4290104095-50919101-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-711985713-4290104095-50919101-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-711985713-4290104095-50919101-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-711985713-4290104095-50919101-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://mail.yahoo.com"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10
FF - prefs.js..extensions.enabledItems: {9e1d7c80-43d1-11db-b0de-0800200c9a66}:1.0.2.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {e9259cba-e7ad-4f74-863f-ef9fe935394d}:1.2.0.32
FF - prefs.js..extensions.enabledItems: {8b02914c-4e6b-4410-90e1-1a2b1b69b12d}:1.2.0.32
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox [2010/01/28 23:48:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox [2010/01/28 23:48:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/30 21:49:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/03 02:20:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox [2010/01/28 23:48:23 | 000,000,000 | ---D | M]

[2008/08/31 10:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Viktor Vutov\Application Data\Mozilla\Extensions
[2010/03/09 20:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Viktor Vutov\Application Data\Mozilla\Firefox\Profiles\orwwglau.default\extensions
[2010/01/30 21:58:12 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Viktor Vutov\Application Data\Mozilla\Firefox\Profiles\orwwglau.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/05 10:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Viktor Vutov\Application Data\Mozilla\Firefox\Profiles\orwwglau.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/01/30 10:25:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Viktor Vutov\Application Data\Mozilla\Firefox\Profiles\orwwglau.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/19 12:48:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Viktor Vutov\Application Data\Mozilla\Firefox\Profiles\orwwglau.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/09/21 19:48:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Viktor Vutov\Application Data\Mozilla\Firefox\Profiles\orwwglau.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}
[2008/12/04 21:22:51 | 000,001,522 | ---- | M] () -- C:\Documents and Settings\Viktor Vutov\Application Data\Mozilla\Firefox\Profiles\orwwglau.default\searchplugins\-bg.xml
[2010/03/09 21:49:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/04/05 22:57:52 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ThreeShips IE Helper) - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll (ThreeShips enterprises b.v.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-711985713-4290104095-50919101-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-711985713-4290104095-50919101-1005\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKU\S-1-5-21-711985713-4290104095-50919101-1005\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-711985713-4290104095-50919101-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [CeEPOWER] C:\Program Files\Toshiba\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-711985713-4290104095-50919101-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/08/16 22:38:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/08/16 22:38:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/08/16 22:38:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/08/16 22:38:52 | 000,000,000 | ---D | M]
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O12 - Plugin for: .UVR - C:\Program Files\Internet Explorer\PLUGINS\NPUPano.dll (Ulead Systems, Inc.)
O15 - HKU\S-1-5-21-711985713-4290104095-50919101-1005\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-711985713-4290104095-50919101-1005\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-711985713-4290104095-50919101-1005\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\WINDOWS\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\OdysseyClient: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Documents and Settings\Viktor Vutov\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Viktor Vutov\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/28 14:11:12 | 000,000,002 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ]
O32 - AutoRun File - [2006/01/28 14:11:26 | 000,000,037 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{468164d0-e4a7-11de-b3c6-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{468164d0-e4a7-11de-b3c6-00038a000015}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/01/16 07:54:45 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (8946227899006976)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/08 14:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/08 14:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/04 00:54:38 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/03/02 21:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Viktor Vutov\Desktop\SysProt
[2010/03/02 00:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Viktor Vutov\Application Data\Malwarebytes
[2010/03/02 00:30:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/02 00:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/02 00:30:20 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/02 00:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/02 00:06:59 | 000,177,928 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Viktor Vutov\Desktop\TDSSKiller.exe
[2010/03/02 00:01:09 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Viktor Vutov\Desktop\TFC.exe
[2010/03/01 13:40:17 | 000,577,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
[2010/03/01 13:40:14 | 010,528,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.exe
[2010/03/01 13:40:13 | 018,804,736 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\alsndmgr.cpl
[2010/03/01 13:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2010/03/01 01:09:18 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Viktor Vutov\Desktop\RootRepeal.exe
[2010/02/28 21:44:14 | 000,000,000 | ---D | C] -- C:\rsit
[2010/02/26 19:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Viktor Vutov\Desktop\Interviews
[2010/02/21 15:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/05 22:32:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/28 20:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/09/09 06:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\CallingID
[2005/10/30 02:00:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/10/25 23:56:48 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2005/10/25 23:56:48 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2004/11/03 11:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/09 21:42:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/09 21:41:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/09 21:41:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/09 21:41:26 | 518,508,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/09 21:40:23 | 001,027,853 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/03/09 21:40:23 | 000,976,300 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2010/03/09 21:40:23 | 000,008,621 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/03/09 21:40:23 | 000,000,403 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/03/09 21:40:23 | 000,000,403 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/03/09 21:40:23 | 000,000,403 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/03/09 21:40:23 | 000,000,289 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/03/09 21:40:23 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/03/09 21:40:23 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/03/09 21:40:23 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/03/09 21:40:23 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/03/09 21:40:23 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/03/09 21:40:23 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/03/09 21:40:23 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/03/09 21:40:23 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/03/09 21:40:23 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/03/09 21:40:23 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/03/09 21:39:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Viktor Vutov\ntuser.ini
[2010/03/09 21:39:26 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\Viktor Vutov\NTUSER.DAT
[2010/03/08 19:37:20 | 000,002,175 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/08 13:11:42 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/07 10:42:21 | 000,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver
[2010/03/05 00:29:15 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Viktor Vutov\Desktop\HijackThis.lnk
[2010/03/02 22:01:57 | 000,077,312 | ---- | M] () -- C:\mbr.exe
[2010/03/02 00:01:08 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Viktor Vutov\Desktop\TFC.exe
[2010/03/01 13:11:36 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Viktor Vutov\Desktop\4BM.doc
[2010/03/01 01:16:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Viktor Vutov\Desktop\settings.dat
[2010/03/01 00:40:24 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Viktor Vutov\My Documents\Application to CPM Data Analyst.bmp
[2010/03/01 00:07:13 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Viktor Vutov\My Documents\adp1.adp
[2010/02/27 22:54:54 | 000,005,612 | ---- | M] () -- C:\WINDOWS\DNAPrinters.ini
[2010/02/27 22:06:28 | 000,000,608 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/02/27 21:53:33 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/27 13:29:40 | 000,177,928 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Viktor Vutov\Desktop\TDSSKiller.exe
[2010/02/24 12:56:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/24 12:40:26 | 000,000,965 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/21 15:35:03 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Viktor Vutov\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/20 16:44:50 | 000,064,982 | ---- | M] () -- C:\Documents and Settings\Viktor Vutov\Desktop\aaaaa.jpg
[2010/02/19 00:24:10 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Viktor Vutov\Desktop\CV Victor Vutov SmlN.doc
[2010/02/18 17:55:12 | 024,580,096 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/02/18 17:55:06 | 017,976,320 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/02/18 17:07:49 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/18 12:25:49 | 065,990,800 | ---- | M] () -- C:\Documents and Settings\Viktor Vutov\Desktop\Adrenalinka.Avi
[2010/02/15 13:01:16 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Viktor Vutov\Desktop\CV Victor Vutov SmlNT.doc

========== Files Created - No Company Name ==========

[2010/03/03 02:20:02 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/02 22:02:01 | 000,077,312 | ---- | C] () -- C:\mbr.exe
[2010/03/01 13:40:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/03/01 13:40:14 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2010/03/01 13:37:45 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/03/01 13:11:33 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Viktor Vutov\Desktop\4BM.doc
[2010/03/01 01:16:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Viktor Vutov\Desktop\settings.dat
[2010/03/01 00:40:24 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Viktor Vutov\My Documents\Application to CPM Data Analyst.bmp
[2010/03/01 00:07:12 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Viktor Vutov\My Documents\adp1.adp
[2010/02/21 15:08:51 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Viktor Vutov\Desktop\HijackThis.lnk
[2010/02/20 16:44:45 | 000,064,982 | ---- | C] () -- C:\Documents and Settings\Viktor Vutov\Desktop\aaaaa.jpg
[2010/02/19 00:24:09 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Viktor Vutov\Desktop\CV Victor Vutov SmlN.doc
[2010/02/18 12:20:59 | 065,990,800 | ---- | C] () -- C:\Documents and Settings\Viktor Vutov\Desktop\Adrenalinka.Porno.Avi
[2010/02/15 12:58:05 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Viktor Vutov\Desktop\CV Victor Vutov SmlNT.doc
[2010/01/02 13:24:15 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/11/26 23:06:46 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/10/21 12:33:55 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Viktor Vutov\Application Data\$_hpcst$.hpc
[2008/09/04 14:35:22 | 000,005,612 | ---- | C] () -- C:\WINDOWS\DNAPrinters.ini
[2008/08/02 10:44:02 | 000,000,598 | ---- | C] () -- C:\WINDOWS\FashionCam21.ini
[2008/08/02 10:44:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\AVIMaker.INI
[2008/08/02 10:44:01 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\gtcodec.dll
[2008/08/02 10:44:01 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\infcpy.dll
[2008/01/10 08:26:22 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2007/12/08 08:11:35 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/27 07:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 07:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 07:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/20 20:55:22 | 000,003,927 | R--- | C] () -- C:\WINDOWS\System32\MXCDRIVE.DLL
[2007/01/20 20:55:22 | 000,003,927 | -H-- | C] () -- C:\WINDOWS\ARDRIVE.SYS
[2007/01/04 06:22:18 | 000,000,391 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2007/01/01 16:39:09 | 000,002,042 | ---- | C] () -- C:\WINDOWS\Ca536a.ini
[2007/01/01 16:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2006/12/19 19:13:01 | 000,000,040 | ---- | C] () -- C:\WINDOWS\pdf2rtf.INI
[2006/04/26 11:15:20 | 000,000,180 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2006/04/26 09:40:26 | 000,000,070 | ---- | C] () -- C:\WINDOWS\init.ini
[2006/04/25 21:24:56 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/04/25 21:24:52 | 000,568,850 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/04/25 21:24:51 | 000,856,064 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/04/25 21:24:51 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/04/25 21:24:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/25 21:24:49 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/04/25 21:24:49 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/03/09 20:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/03/05 20:33:23 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\RTELM.dll
[2006/02/05 21:14:43 | 000,002,589 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2006/02/05 21:12:52 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2006/01/26 17:36:57 | 000,034,671 | ---- | C] () -- C:\WINDOWS\System32\drivers\nipplpt.sys
[2006/01/24 19:16:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll
[2005/12/06 17:22:02 | 000,012,974 | ---- | C] () -- C:\WINDOWS\ASS_150E.INI
[2005/11/10 06:51:40 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2005/11/04 01:55:41 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/11/04 01:54:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/10/19 03:38:27 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Viktor Vutov\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/19 03:37:54 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Viktor Vutov.ini
[2005/10/13 22:17:03 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Viktor Vutov\Local Settings\Application Data\fusioncache.dat
[2005/07/26 09:04:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Victor Vutov.ini
[2005/04/04 07:22:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2005/03/05 17:13:45 | 000,000,070 | ---- | C] () -- C:\WINDOWS\mmpoly.ini
[2005/02/05 22:58:02 | 000,004,638 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2005/02/05 22:57:29 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/01/16 13:57:27 | 000,000,632 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2005/01/16 11:36:53 | 000,005,562 | ---- | C] () -- C:\WINDOWS\RTE.INI
[2004/12/05 10:34:21 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/11/29 17:44:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/11/29 06:03:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2004/11/26 14:00:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CePMTray.INI
[2004/11/26 13:36:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/26 13:11:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/11/26 13:08:41 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.ini
[2004/08/22 21:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003/07/17 06:51:54 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\AnimWnd.dll
[2003/05/20 01:40:06 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\IrrShape.dll
[2003/02/06 19:08:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/27 17:31:22 | 000,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2003/01/27 17:31:21 | 000,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2003/01/27 17:31:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2003/01/27 17:31:21 | 000,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2003/01/16 01:23:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\CeEPDefDat.dll
[2003/01/15 18:52:08 | 000,000,608 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/01/15 17:47:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CeEPPolicy.dll
[2003/01/14 23:56:10 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CeEKPolicy.dll
[2003/01/14 18:15:41 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/01/14 18:14:43 | 000,000,665 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/01/14 00:34:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/01/13 23:38:59 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2002/07/18 01:45:48 | 000,004,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPIOMngr.sys
[2002/05/15 20:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 15:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 10:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/10/01 07:36:50 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/10/01 07:27:02 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/10/01 04:09:04 | 000,000,382 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/10/01 04:08:28 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005607_.tmp.dll
[2001/10/01 04:08:06 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005639_.tmp.dll
[2001/07/30 15:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2000/09/08 15:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[2000/04/12 08:28:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2000/04/12 08:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/03/02 22:01:57 | 000,077,312 | ---- | M] () -- C:\mbr.exe


< MD5 for: AGP440.SYS >
[2005/10/14 01:31:31 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/26 11:00:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2005/10/14 01:31:31 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/26 11:00:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/08/26 11:00:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 06:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 12:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2005/10/14 01:31:31 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/26 11:00:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 12:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2005/10/14 01:31:31 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/26 11:00:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/08/26 11:00:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:atapi.sys
[2002/08/29 12:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 07:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2001/10/01 00:20:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2001/10/01 00:20:11 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2001/10/01 00:20:11 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Extras.txt:
OTL Extras logfile created on: 3/9/2010 10:43:08 PM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\Viktor Vutov\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.00 Mb Total Physical Memory | 158.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 2.68 Gb Free Space | 9.59% Space Free | Partition Type: NTFS
Drive D: | 46.58 Gb Total Space | 35.02 Gb Free Space | 75.17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VUTOV-S-TOSHIBA
Current User Name: Viktor Vutov
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-711985713-4290104095-50919101-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"24124:TCP" = 24124:TCP:*:Disabled:BitComet 24124 TCP
"24124:UDP" = 24124:UDP:*:Disabled:BitComet 24124 UDP
"20718:TCP" = 20718:TCP:*:Disabled:BitComet 20718 TCP
"20718:UDP" = 20718:UDP:*:Disabled:BitComet 20718 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"24074:TCP" = 24074:TCP:*:Disabled:BitComet 24074 TCP
"24074:UDP" = 24074:UDP:*:Disabled:BitComet 24074 UDP
"12806:TCP" = 12806:TCP:*:Enabled:BitComet 12806 TCP
"12806:UDP" = 12806:UDP:*:Enabled:BitComet 12806 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\IOGEAR\Bluetooth Software\BTStackServer.exe" = C:\Program Files\IOGEAR\Bluetooth Software\BTStackServer.exe:*:Disabled:Bluetooth Stack COM Server -- (Broadcom Corporation.)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Disabled:Ares -- File not found
"C:\Program Files\ICQLite\ICQLite.exe" = C:\Program Files\ICQLite\ICQLite.exe:*:Disabled:ICQ Lite -- File not found
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Disabled:ICQ6 -- (ICQ, Inc.)
"C:\Program Files\Networx-BG\Helper\winvnc.exe" = C:\Program Files\Networx-BG\Helper\winvnc.exe:192.168.11.0/255.255.255.0:Disabled:Networx-BG Helper VNC -- File not found
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" = C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Disabled:VoipBuster -- File not found
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" = C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Disabled:VoipStunt -- (VoipStunt)
"C:\Documents and Settings\Viktor Vutov\My Documents\Downloads\issdm_ca_en.exe" = C:\Documents and Settings\Viktor Vutov\My Documents\Downloads\issdm_ca_en.exe:*:Enabled:issdm_ca_en -- (CA)
"C:\Program Files\CA\CA Internet Security Suite\ccupdate\ccupdate.exe" = C:\Program Files\CA\CA Internet Security Suite\ccupdate\ccupdate.exe:*:Enabled:ccupdate -- (CA, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A3E75B-54C0-407F-8B95-B77705C7DCC4}" = AMRT
"{02FF72DD-F3C1-45A2-B52A-9E596EF8A5D7}" = MapSource - City Select Europe v7
"{10B3936F-0E93-4431-8E7B-3FEA5DAC88C3}" = Garmin Communicator Plugin
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{12408EED-3F86-4DDD-AE7D-78167031DFDF}" = TouchPad On/Off Utility
"{1367D815-EC9F-4e2f-9FB9-E40A075AD19B}" = DNAMigrator
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{19054939-DBF1-4ED9-B9EB-EF5EA725908F}" = TOSHIBA Hotkey Utility
"{1B9B7BA2-0C7A-4759-BACD-FADADE9E6694}" = Vimicro USB2.0 PC Camera (VC0323)
"{21BCE515-D5A3-11D4-8E33-0010B53EC668}" = Ulead Photo Express 4.0 My Custom Edition
"{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
"{2681A52E-FCFA-4982-A030-7B652BDD346C}" = CA Personal Firewall
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{2FD94FBC-07AE-475C-B522-BFE899B9048E}" = Garmin WebUpdater
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}" = Philips Device Manager
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{395131D0-71C3-4411-8DDD-84E7A4EC8754}" = Intellisync® for Yahoo!
"{39B1915D-3CBA-42F8-8A58-2AB5587BF863}" = Microsoft Office PowerPoint 2003 Template Creation Wizard
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = IOGEAR Bluetooth Software
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{46463780-40FD-4929-BDE6-C32BEE15107E}" = TOSHIBA Power Management Utility
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{52A5F706-2FCC-4C14-9E9A-345C2DCB25E9}" = D-Link AirPlus Xtreme G Adapter
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{60fa7bf1-3044-4718-9857-21eb48df6789}" = Microsoft Visual C++ 2005 Redistributable
"{6259F28B-6C4A-4259-8A1D-F44794DF73E2}" = Garmin StreetPilot i2/i3 North America
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78FAC9DA-E0A7-45BA-B9E1-181CB57C6D1C}" = MapSource - European City Navigator v6
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82D48731-8BC6-44A2-8D41-B5FF33541378}" = 350FT PowerC@m Flash
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90AC0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 2
"{90AD0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{96DA37C3-4B48-41ED-8500-9C1F1E3933A2}" = Garmin City Navigator Europe 2008
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek Fast Ethernet Adapter Driver
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9964DA70-CA9D-48BD-93E6-19F121143958}" = Helper
"{996EC44B-38E1-4898-8E47-3EE3D15F2712}" = Garmin WebUpdater
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D0FB354-3D85-483A-A899-99FB3084942D}" = Garmin MapSource
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5676-5A64-E98530000001}" = Extended Language Support Fonts Package
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B8D57AEB-841A-415F-9331-13DDF09BD3F2}" = Nokia PC Suite 5.1
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC9EA2BC-BCFA-4DEA-8F5F-1E1032567673}" = Pocket Controller-Professional
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}" = CA Website Inspector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4A2957D-5113-4722-A0A3-E7D0BF85D5D4}" = Three Ships Browser Plugin
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{DE69C175-DFFB-4502-A1AB-E13F7852F1C7}" = EZ Connect Wireless AP Utility
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F90DA605-4E92-11D4-A319-00104BCAB4AB}" =
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"AddressBook" =
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"America Online us" = America Online
"AolCoach" = AOL Coach Version 1.0(Build:20020823.1)
"ArcSoft PhotoImpression 2000" = ArcSoft PhotoImpression 2000
"AvantGo Client" =
"BG OFFRoadMap" = BG OFFRoadMap 4.60
"BG Road Maps_is1" = BG Road Maps 2.12
"Branding" =
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"Connection Manager" =
"DirectAnimation" =
"DirectDrawEx" =
"DXM_Runtime" =
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 User’s Guide" = Epson Stylus SX210_SX410_TX210_TX410 Manual
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"eTrust Suite Personal" = CA Internet Security Suite
"FlexType 2K" = FlexType 2K
"Fontcore" =
"Glary Registry Repair_is1" = Glary Registry Repair 3.0
"HijackThis" = HijackThis 2.0.2
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie8" = Windows Internet Explorer 8
"IEData" =
"InstallShield Uninstall Information" =
"InstallShield_{02FF72DD-F3C1-45A2-B52A-9E596EF8A5D7}" = MapSource - City Select Europe v7
"InstallShield_{12408EED-3F86-4DDD-AE7D-78167031DFDF}" = TouchPad On/Off Utility
"InstallShield_{19054939-DBF1-4ED9-B9EB-EF5EA725908F}" = TOSHIBA Hotkey Utility
"InstallShield_{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
"InstallShield_{46463780-40FD-4929-BDE6-C32BEE15107E}" = TOSHIBA Power Management Utility
"InstallShield_{78FAC9DA-E0A7-45BA-B9E1-181CB57C6D1C}" = MapSource - European City Navigator v6
"InstallShield_{B8D57AEB-841A-415F-9331-13DDF09BD3F2}" = Nokia PC Suite 5.1
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.53
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Interactive Training" =
"Microsoft NetShow Player 2.0" =
"Mobile Application Link" =
"MobileOptionPack" =
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MsJavaVM" =
"MSN Music Assistant" = MSN Music Assistant
"MXOFX" = USB Storage Adapter FX (MXO)
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novell iPrint Client" = Novell iPrint Client v04.16.00
"OutlookExpress" =
"PCHealth" =
"QuickTime" = QuickTime
"RealJukebox 1.0" =
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 5.2
"SA Dictionary 2005 T2" = SA Dictionary 2005 T2
"SAGEM My Pictures And Sounds" = My Pictures And Sounds 7.13
"SchedulingAgent" =
"Skype™ for Pocket PC_is1" = Skype™ for Pocket PC 2.2
"Toshiba Access" = Toshiba Access
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA Software Upgrades" = TOSHIBA Software Upgrades
"TOSHIBA System Stability Program" = TOSHIBA System Stability Program
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"Ulead COOL 360 1.0" = Ulead COOL 360 1.0
"VLC media player" = VideoLAN VLC media player 0.8.4a
"VoipStunt_is1" = VoipStunt
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip Self-Extractor" = WinZip Self-Extractor
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/5/2010 4:44:06 AM | Computer Name = VUTOV-S-TOSHIBA | Source = Application Error | ID = 1000
Description = Faulting application viktor vutov.exe, version 2.0.0.2, faulting module
viktor vutov.exe, version 2.0.0.2, fault address 0x001429c6.

Error - 3/5/2010 12:25:39 PM | Computer Name = VUTOV-S-TOSHIBA | Source = Application Error | ID = 1000
Description = Faulting application ccevtmgr.exe, version 6.0.0.272, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x00011782.

Error - 3/5/2010 12:26:05 PM | Computer Name = VUTOV-S-TOSHIBA | Source = Application Error | ID = 1001
Description = Fault bucket 1726664821.

Error - 3/8/2010 10:42:52 AM | Computer Name = VUTOV-S-TOSHIBA | Source = Application Error | ID = 1000
Description = Faulting application rsit.exe, version 3.2.12.1, faulting module rsit.exe,
version 3.2.12.1, fault address 0x0010df1e.

Error - 3/8/2010 10:42:52 AM | Computer Name = VUTOV-S-TOSHIBA | Source = Application Error | ID = 1000
Description = Faulting application rsit.exe, version 3.2.12.1, faulting module rsit.exe,
version 3.2.12.1, fault address 0x0010df1e.

Error - 3/8/2010 10:43:06 AM | Computer Name = VUTOV-S-TOSHIBA | Source = Application Error | ID = 1000
Description = Faulting application rsit.exe, version 3.2.12.1, faulting module rsit.exe,
version 3.2.12.1, fault address 0x0010df1e.

Error - 3/8/2010 10:49:27 AM | Computer Name = VUTOV-S-TOSHIBA | Source = Application Error | ID = 1000
Description = Faulting application rsit.exe, version 3.2.12.1, faulting module rsit.exe,
version 3.2.12.1, fault address 0x0010df1e.

Error - 3/8/2010 10:49:49 AM | Computer Name = VUTOV-S-TOSHIBA | Source = Application Error | ID = 1001
Description = Fault bucket 1748493470.

Error - 3/8/2010 10:50:31 AM | Computer Name = VUTOV-S-TOSHIBA | Source = Application Error | ID = 1000
Description = Faulting application rsit.exe, version 3.2.12.1, faulting module rsit.exe,
version 3.2.12.1, fault address 0x0010df1e.

Error - 3/8/2010 11:02:07 AM | Computer Name = VUTOV-S-TOSHIBA | Source = Application Error | ID = 1000
Description = Faulting application rsit.exe, version 3.2.12.1, faulting module rsit.exe,
version 3.2.12.1, fault address 0x0010df1e.

[ System Events ]
Error - 3/8/2010 10:29:33 AM | Computer Name = VUTOV-S-TOSHIBA | Source = Service Control Manager | ID = 7034
Description = The CA Common Scheduler Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/8/2010 10:29:33 AM | Computer Name = VUTOV-S-TOSHIBA | Source = Service Control Manager | ID = 7034
Description = The ConfigFree Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/8/2010 10:29:38 AM | Computer Name = VUTOV-S-TOSHIBA | Source = Service Control Manager | ID = 7034
Description = The WAN Miniport (ATW) Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 3/8/2010 10:29:42 AM | Computer Name = VUTOV-S-TOSHIBA | Source = Service Control Manager | ID = 7034
Description = The CaCCProvSP service terminated unexpectedly. It has done this
1 time(s).

Error - 3/8/2010 10:32:40 AM | Computer Name = VUTOV-S-TOSHIBA | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 3/8/2010 10:46:00 AM | Computer Name = VUTOV-S-TOSHIBA | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 3/8/2010 3:33:00 PM | Computer Name = VUTOV-S-TOSHIBA | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 3/9/2010 4:51:02 AM | Computer Name = VUTOV-S-TOSHIBA | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 3/9/2010 6:51:36 AM | Computer Name = VUTOV-S-TOSHIBA | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 3/9/2010 5:42:30 PM | Computer Name = VUTOV-S-TOSHIBA | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2


< End of report >
bat_sali
Regular Member
 
Posts: 22
Joined: February 21st, 2010, 11:04 am
Location: Dublin
Advertisement
Register to Remove

Re: Ending Program - n & Suspicious Antivir Scan

Unread postby melboy » March 10th, 2010, 3:03 pm

Hi

What do you know about the program "Helper" in your uninstall list and found at:

C:\Program Files\Networx-BG\Helper

After completing the instructions below, please give me a description of how the computer is running.



Backup the Registry:

Modifying the Registry can create unforseen problems, so it always wise to create a backup before doing so.

  • Start ERUNT by double clicking on the desktop icon >> Click OK at the Welcome prompt.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.(System registry & Current user registry)
  • Click on OK
  • When the Question pop-up appears click on Yes to create the folder.
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.



OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    IE - HKU\S-1-5-21-711985713-4290104095-50919101-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "24124:TCP"=-
    "24124:UDP"=-
    "20718:TCP"=-
    "20718:UDP"=-
    "24074:TCP"=-
    "24074:UDP"=-
    "12806:TCP"=-
    "12806:UDP"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Ares\Ares.exe"=-
    
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


After reboot:


Re-run OTL
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, Please post the contents of
    • OTL.txt <-- Will be opened



In your next reply:
  1. OTL report
  2. OTL.Txt
  3. Answers to my questions.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Ending Program - n & Suspicious Antivir Scan

Unread postby bat_sali » March 10th, 2010, 9:07 pm

Hi melboy,

I'm getting fed up with this machine. There is obviously something quite wrong with it.
OTL has encountered a problem and needs to close. We are sorry for the inconvenience.

I backed up the registry, but then OTL would not start, so I couldn't complete the next steps.

The program Helper is actually something I did not want on it and did not install myself. It was installed a couple of years ago by a local Internet Service Provider technician. The idea of it being is that if you have problems with your computer, the support team from the ISP can log into it remotely and work on it (they actually control everything). The guy told me (after he had installed it) that if I need any help, I should press the "Help!" button for them to log on. I did not like this (as you can imagine) and as soon as he walked out the door I went into CA Firewall and blocked all access (incoming and outgoing) to that program.
I also used to have Ares years ago and I recently came across its folder and uninstalled it.

I wonder is it possible to migrate the settings of this machine to another Windows (after disk Format) without migrating the infections as well? I need the computer desperately until Friday anyway, but if this continues I might have to reinstall Win. :(
bat_sali
Regular Member
 
Posts: 22
Joined: February 21st, 2010, 11:04 am
Location: Dublin

Re: Ending Program - n & Suspicious Antivir Scan

Unread postby melboy » March 11th, 2010, 5:38 pm

Hi

Regarding "helper" - So long as you know the program is there and how it got there that is fine. Programs that give remote access can be used legitimately and nefariously. I was the Dublin/Bulgaria connection that confused me somewhat.


I'm getting fed up with this machine. There is obviously something quite wrong with it.

That there is but whether that is due to malware is debatable at this point in time - I'm not seeing any signs of a currently active infestation in your logs.

You say the problems first started when you installed SP3. Installing a service pack is a major update and can bring it's own problems whether infected with malware or not. Again, the use of registry Cleaners can also cause problems.

So - It's up to you .

We can continue and try another couple of scans, or I can direct you to a more general PC help forum (We deal specifically with malware here), or I can give help to reformat - the choice is yours.

One question - did you follow the instructions here for UNchecking the proxy server?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Ending Program - n & Suspicious Antivir Scan

Unread postby bat_sali » March 14th, 2010, 7:50 pm

melboy wrote:was the Dublin/Bulgaria connection that confused me somewhat.

:D I'm originally from Bulgaria (I've only lived there for about 14 years) but I live in Dublin now, so the computer has traveled a bit... :D
melboy wrote:One question - did you follow the instructions

I did indeed... all as shown.

I'm still thinking, but I think I will re-install, format all drives and start fresh. It's a very old machine anyway... Nevertheless, it proved to be the most reliable I've ever had, that's why I use it now actively :)
Just one thing: is it possible to put the my unlock code using another MS Office install pack (cause I don't have my original)?
bat_sali
Regular Member
 
Posts: 22
Joined: February 21st, 2010, 11:04 am
Location: Dublin

Re: Ending Program - n & Suspicious Antivir Scan

Unread postby melboy » March 16th, 2010, 2:44 pm

I think I will re-install, format all drives and start fresh

A wise choice in consideration of the Backdoor.Bot infection.

is it possible to put the my unlock code using another MS Office install pack (cause I don't have my original)?
I'm not sure you can. You would be far better contacting MS themselves about this.
http://support.microsoft.com/kb/326246


================================

Some advice for when you reformat:

Link: How to Reformat & Reinstall your Operating System

Make sure you back up any personal files or documents you wish to save before you reformat. (photo's, e-mails etc).

After formatting the HDD and reinstalling the OS, Install an antivirus, straight away before connecting to the internet. Have the installer file for your chosen AV handy on a form of removable media (Flash Drive/CD etc) if at all possible.

Once you have installed an AV and when you connect to the internet, check for updates for your AntiVirus straight away and then make getting Windows updates a priority.

================================


Below is some general advice/suggestions for programs to install. You may have your own preference for an Antivirus/firewall.

Antivirus
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.
Suggestions:
  • Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
  • avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for non-commercial users.
  • Microsoft Security Essentials - Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
[Please note that trial pay is not needed to get any product for free.]
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts, system instability and false virus alerts.

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
  • Make Internet Explorer More Secure
    Internet Explorer 8 <<< Recommended Version
    For older versions please read and follow the recommendations at this site
    Internet Explorer7
    Internet Explorer6


Recommended Programs

I would recommend the download and installation of some or all of the following programs, and the updating of them on a regular basis.

  • Install and use a firewall with outbound protection
    The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
    Suggestions:
    [Please note that trial pay is not needed to get any product for free.]
  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Ending Program - n & Suspicious Antivir Scan

Unread postby bat_sali » March 18th, 2010, 10:10 pm

Thanks for the tips melboy :)

I want to ask you something: you advise of several programs for protection, however I already use CA ISS which has integrated Firewall, Spyware monitor, Antivirus and Internet link advisor. Is it wise to use these programs with CA Internet Security Suite at the same time?
bat_sali
Regular Member
 
Posts: 22
Joined: February 21st, 2010, 11:04 am
Location: Dublin

Re: Ending Program - n & Suspicious Antivir Scan

Unread postby melboy » March 19th, 2010, 3:57 am

You're Welcome.

No. The Antivirus and Firewall suggestions are for if you didn't have your own preference.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts, system instability and false virus alerts.
You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.

Although each system is different so impossible to tell how each program will work with another, WinPatrol should work alongside CA and malwarebytes will be Ok as the free version is just an on-demand scanner and has no realtime protection. The paid version includes realtime protection but is designed to work alongside an antivirus too. If you did purchase the full version, to minimise any potential conflicts you should add the following to the exclusions list.

Code: Select all
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
C:\Windows\System32\drivers\mbam.sys
C:\Windows\System32\drivers\mbamswissarmy.sys


A hosts file would be fine to add too.


Any more questions? :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Ending Program - n & Suspicious Antivir Scan

Unread postby Dakeyras » March 22nd, 2010, 4:39 pm

Since we have done all we can, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 499 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware