 fakeavalert, severly infected computer |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Oct 25 2009, 04:28 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 4 Joined: 25-October 09 Member No.: 394,441  |
DDS (Ver_09-10-24.04) - NTFSx86 Run by Julie Ross at 17:02:00.21 on Sun 10/25/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.75 [GMT -4:00] AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe C:\Program Files\Common Files\AOL\1157510312\ee\AOLSoftware.exe C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\SymcPCCULaunchSvc.exe C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\ccSvcHst.exe C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\ccSvcHst.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Julie Ross\Desktop\dds.scr ============== Pseudo HJT Report =============== uLocal Page = \blank.htm uStart Page = hxxp://www.comcast.net/comcast.html {368a612f-7a26-4e53-98d0-70e2b23d893d} BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1303.0\msneshellx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1303.0\msneshellx.dll TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe" uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe" mRun: [HostManager] c:\program files\common files\aol\1157510312\ee\AOLSoftware.exe mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe mRun: [bemobigoj] Rundll32.exe "c:\windows\system32\dewezuwa.dll",a mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus\AirPlus.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} - hxxp://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - hxxp://asp.mathxl.com/applets/PearsonInstallAsst.cab DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.15.44/ttinst.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll AppInit_DLLs: c:\windows\system32\yumikedi.dll c:\windows\system32\dewezuwa.dll gijoyeri.dll c:\windows\system32\hahohetu.dll SSODL: runikumus - {66b9d25d-9869-40d8-b5ad-fde117d2b3be} - c:\windows\system32\yumikedi.dll SSODL: zuzurolil - {2cefa6ac-6cad-4aa4-9c0d-56fad940dd1d} - c:\windows\system32\hahohetu.dll SSODL: hemisajeb - {2ab26149-16c4-4480-9c20-aa489e9dbced} - c:\windows\system32\hahohetu.dll SSODL: hurekiyat - {23819cce-cc61-41b1-b4d6-deeba8fd1fab} - c:\windows\system32\hahohetu.dll SSODL: votoyafit - {2d9e134d-b863-479f-8bdc-0f801aebf55d} - c:\windows\system32\hahohetu.dll SSODL: yesehuyeg - {3a74ea6a-07b4-47c0-80dd-0cf3d8657570} - c:\windows\system32\hahohetu.dll SSODL: meguyuhaf - {ec211094-5375-4bfb-81a1-8ce393cefa5a} - c:\windows\system32\dewezuwa.dll LSA: Notification Packages = scecli libetuka.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\julier~1\applic~1\mozilla\firefox\profiles\6znh2z4v.mac\ FF - prefs.js: browser.startup.homepage - www.comcast.net FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: XUL Cache: {A9A05615-D954-475F-9A68-B06BA9A55E2E} - c:\documents and settings\julie ross\local settings\application data\{A9A05615-D954-475F-9A68-B06BA9A55E2E} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} As per the instructions you would have received, kindly ensure any onboard script blocking tools have been disabled for they shall interfere with DDS. DDS is a non-invasive diagnostic tool. - DDS makes no registry writes/changes - DDS does not create any permanent files/folders. This scan should not take longer than three minutes to complete. When the scan is complete, a logfile/report shall pop open. Post the contents of the logfile to the forum where it was requested We only require it to run just once. Dispose after use. ::::::::::::::::::::::::::::::::::::::: ============= SERVICES / DRIVERS =============== R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-10-16 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-10-16 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-10-16 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091021.001\IDSXpx86.sys [2009-10-24 329080] R2 ccJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.0.146\ccSvcHst.exe [2009-10-25 126392] R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-10-16 117640] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.0.146\SymcPCCULaunchSvc.exe [2009-10-25 123248] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-24 102448] S1 44944763;44944763;c:\windows\system32\drivers\44944763.sys --> c:\windows\system32\drivers\44944763.sys [?] S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\julie ross\local settings\temporary internet files\content.ie5\z7cf0765\sabkutil.sys --> c:\documents and settings\julie ross\local settings\temporary internet files\content.ie5\z7cf0765\SABKUTIL.sys [?] S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?] =============== Created Last 30 ================ 2009-10-25 17:17:26 0 d-----w- c:\docume~1\julier~1\applic~1\Tific 2009-10-25 17:16:47 0 d-----w- c:\windows\system32\drivers\NortonPCCheckup 2009-10-25 17:16:47 0 d-----w- c:\program files\Norton PC Checkup 2009-10-25 17:07:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-25 17:07:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-10-25 17:07:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-25 17:07:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-25 16:32:00 0 d-----w- c:\program files\SUPERAntiSpyware 2009-10-25 16:32:00 0 d-----w- c:\docume~1\julier~1\applic~1\SUPERAntiSpyware.com 2009-10-25 16:30:52 0 d-----w- c:\program files\common files\Wise Installation Wizard 2009-10-25 16:27:06 0 d-----w- C:\Mike 2009-10-25 16:24:08 2383047 ----a-w- C:\MGtools.exe 2009-10-25 15:58:42 0 d-----w- c:\windows\pss 2009-10-25 15:08:06 2713 --sh--w- c:\windows\system32\yitefuko.dll 2009-10-25 15:08:06 2713 --sh--w- c:\windows\system32\raramuge.exe 2009-10-25 15:08:06 2713 --sh--w- c:\windows\system32\lodivoyo.dll 2009-10-25 14:32:38 73728 ----a-w- c:\windows\system32\javacpl.cpl 2009-10-25 14:20:04 0 d-----w- c:\program files\CCleaner 2009-10-25 13:29:31 0 d-----w- c:\program files\Trend Micro 2009-10-25 13:18:21 0 d-----w- c:\program files\Adware Professional 2009-10-25 12:32:38 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-10-25 11:35:24 0 d-----w- c:\windows\system32\NtmsData 2009-10-24 23:54:46 6 ----a-w- c:\windows\system32\ClassU 2009-10-24 23:54:46 5 ----a-w- c:\windows\system32\Band4 2009-10-24 22:45:10 0 d-----w- c:\windows\ie8updates 2009-10-24 22:42:55 0 d-----w- c:\docume~1\julier~1\applic~1\COMCASTTOOLBAR 2009-10-24 22:37:27 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-10-24 22:37:18 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-10-24 22:30:50 0 d-sh--w- c:\documents and settings\julie ross\PrivacIE 2009-10-24 22:28:24 0 d-sh--w- c:\documents and settings\julie ross\IETldCache 2009-10-24 22:20:42 0 dc-h--w- c:\windows\ie8 2009-10-24 15:07:12 0 d-----w- c:\docume~1\alluse~1\applic~1\20314818 2009-10-22 01:26:13 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-22 01:14:06 10096 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2009-10-21 23:48:23 0 d-----w- c:\docume~1\alluse~1\applic~1\44229829 2009-10-20 22:49:28 0 d-----w- c:\docume~1\alluse~1\applic~1\04849934 2009-10-20 10:49:17 0 d-----w- c:\docume~1\alluse~1\applic~1\71315421 2009-10-19 22:50:42 58 ----a-w- c:\windows\wp4.dat 2009-10-19 22:50:42 1 ----a-w- c:\windows\wp3.dat 2009-10-19 22:50:31 92 ----a-w- c:\windows\system32\wwp.htm 2009-10-19 22:49:12 0 d-----w- c:\docume~1\alluse~1\applic~1\66154527 2009-10-13 13:21:54 0 d--h--w- c:\windows\PIF ==================== Find3M ==================== 2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-20 19:19:54 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 00:44:46 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20:08 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-07-21 23:48:17 90112 --sha-w- c:\windows\system32\dewezuwa.dll 2009-01-24 16:37:33 412227 --sha-w- c:\windows\system32\GffMUvut.ini2 2009-07-24 15:07:00 89600 --sha-w- c:\windows\system32\hahohetu.dll 2009-07-21 23:48:50 51200 --sha-w- c:\windows\system32\libetuka.dll 2009-07-21 23:48:17 51200 --sha-w- c:\windows\system32\semasowa.dll 2009-07-24 15:07:01 1011747 --sha-w- c:\windows\system32\tedegeru.exe 2009-07-20 22:49:20 90112 --sha-w- c:\windows\system32\tuhipulo.dll 2009-07-21 23:48:50 51200 --sha-w- c:\windows\system32\vayihufi.dll 2009-07-21 23:48:19 38912 --sha-w- c:\windows\system32\wotitiha.dll 2009-07-24 15:07:00 38400 --sha-w- c:\windows\system32\zeginizo.dll 2008-08-28 22:34:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat ============= FINISH: 17:04:16.10 ===============
Attached File(s)
Attach.txt ( 10.47k )
Number of downloads: 1
RootRepeal_report_10_25_09__17_16_46_.txt ( 10.74k )
Number of downloads: 2
startuplist.txt ( 8.59k )
Number of downloads: 1 |
 |
 
|
|
Oct 26 2009, 07:51 PM
Post
#2
|
|
|
Malware Expert Group: HJT Team Posts: 15,811 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Hello!
 My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process. We need to create an OTL Report
--------------------  If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Oct 26 2009, 09:08 PM
Post
#3
|
|
|
New Member Group: Members Posts: 4 Joined: 25-October 09 Member No.: 394,441 |
OTL logfile created on: 10/26/2009 10:01:31 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Julie Ross\Desktop Thanks for your help Sam. Hope you dont mind helping a Hoosier. OTL Extras logfile created on: 10/26/2009 10:01:32 PM - Run 1 OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Julie Ross\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.42 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 22.49% Memory free 1.22 Gb Paging File | 0.81 Gb Available in Paging File | 66.07% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.79 Gb Total Space | 99.44 Gb Free Space | 88.95% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 1006.92 Mb Total Space | 1006.92 Mb Free Space | 100.00% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JULIE-O7W2BN5SI Current User Name: Julie Ross Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .js [@ = jsfile] -- C:\Corel\Suite8\Programs\CCWin\Cscape.exe (Netscape Communications Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) jsfile [open] -- C:\Corel\Suite8\Programs\CCWin\Cscape.exe (Netscape Communications Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Comcast Rhapsody\rhapsody.exe" = C:\Program Files\Comcast Rhapsody\rhapsody.exe:*:Disabled:RealNetworks Rhapsody -- (RealNetworks, Inc.) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) "C:\Program Files\Common Files\AOL\1157510312\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1157510312\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\1157510312\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1157510312\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.) "C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.) "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation) "C:\WINDOWS\svohost.exe" = C:\WINDOWS\svohost.exe:*:Enabled:svohost -- File not found "C:\Program Files\Windows Police Pro\Windows Police Pro.exe" = C:\Program Files\Windows Police Pro\Windows Police Pro.exe:*:Enabled:Windows Police Pro -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B70A780-4D87-4602-A015-6EE728C26A91}" = MSN Toolbar "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{87A7D286-B0AD-45CB-906D-0E59E2698661}" = D-Link 11Mbps Wireless LAN for Windows "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101 "{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9 "{C71A1FD7-EB23-45AA-A9AA-8DFEC0881875}" = 530TX+ "{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}" = D-Link AirPlus "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus "0FPABC32V2" = Fisher Price ABC 32 "Action Replay Code Manager_is1" = Action Replay Code Manager "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AdobeESD" = Adobe Download Manager 2.0 (Remove Only) "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "CAL" = Canon Camera Access Library "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CCleaner" = CCleaner (remove only) "Comcast Rhapsody" = Comcast Rhapsody "Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8 "CSCLIB" = Canon Camera Support Core Library "Cyberchase Carnival Chaos" = Cyberchase Carnival Chaos "Digital Audio Center" = Creative Digital Audio Center "Disney's Toontown Online" = Disney's Toontown Online "Dollhouse" = Fisher-Price® Time to Play ™ Dollhouse "EOS Utility" = Canon Utilities EOS Utility "FG_1.0" = 1st Grade v1.0 "FP123" = Fisher-Price 1-2-3's "HijackThis" = HijackThis 2.0.2 "iCarly - iDream in Toons" = iCarly - iDream in Toons "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{C71A1FD7-EB23-45AA-A9AA-8DFEC0881875}" = 530TX+ "InterActual Player" = InterActual Player "Lexmark X6100 Series" = Lexmark X6100 Series "LucasArts' Jedi Knight" = LucasArts' Jedi Knight "LucasArts' Rogue Squadron" = LucasArts' Rogue Squadron "LucasArts' X-Wing Alliance" = LucasArts' X-Wing Alliance "LucasArts' X-Wing vs. TIE Fighter" = LucasArts' X-Wing vs. TIE Fighter "Macromedia Shockwave Player" = Macromedia Shockwave Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14) "MSN Music Assistant" = MSN Music Assistant "MSPersonalTutorMathopolis" = Microsoft Mathopolis "MSPersonalTutorPreschool Workshop" = Microsoft Preschool Workshop "MSPersonalTutorReaderRailway" = Microsoft Reader Railway "NIS" = Norton Internet Security "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NortonPCCheckup" = Norton PC Checkup "pet95" = Time to Play ™ Pet Shop "PhotoStitch" = Canon Utilities PhotoStitch "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX "RRK32.exe" = Reader Rabbit's Kindergarten "RSX2Uninst" = Intel RSX 3D "ShockwaveFlash" = Adobe Flash Player 9 "SpongeBob SquarePants Obstacle Odyssey 2" = SpongeBob SquarePants Obstacle Odyssey 2 "UnityWebPlayer" = Unity Web Player "VLC media player" = VideoLAN VLC media player 0.8.2 "VN_VUIns_Rhine_D-Link" = D-Link PCI Fast Ethernet Adapter "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "Windows XP Service Pack" = Windows XP Service Pack 3 "Yahoo! Messenger" = Yahoo! Messenger "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-861567501-1060284298-274436499-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 8/25/2009 12:26:25 PM | Computer Name = JULIE-O7W2BN5SI | Source = Application Error | ID = 1000 Description = Faulting application ccSvcHst.exe, version 108.1.1.10, faulting module msvcr80.dll, version 8.0.50727.762, fault address 0x00014580. Error - 10/6/2009 4:02:45 PM | Computer Name = JULIE-O7W2BN5SI | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 1.9.0.3526, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/6/2009 4:04:41 PM | Computer Name = JULIE-O7W2BN5SI | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 1.9.0.3526, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/6/2009 4:04:47 PM | Computer Name = JULIE-O7W2BN5SI | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 1.9.0.3526, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/13/2009 4:08:54 PM | Computer Name = JULIE-O7W2BN5SI | Source = Application Error | ID = 1000 Description = Faulting application ccSvcHst.exe, version 108.1.1.10, faulting module msvcr80.dll, version 8.0.50727.762, fault address 0x00014580. Error - 10/13/2009 4:14:27 PM | Computer Name = JULIE-O7W2BN5SI | Source = Application Error | ID = 1000 Description = Faulting application ccSvcHst.exe, version 108.1.1.10, faulting module msvcr80.dll, version 8.0.50727.762, fault address 0x00014580. Error - 10/21/2009 8:21:28 PM | Computer Name = JULIE-O7W2BN5SI | Source = EventSystem | ID = 4609 Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erro Error - 10/21/2009 8:21:28 PM | Computer Name = JULIE-O7W2BN5SI | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Error - 10/25/2009 9:07:23 AM | Computer Name = JULIE-O7W2BN5SI | Source = MPSampleSubmission | ID = 5000 Description = Error - 10/25/2009 9:12:35 AM | Computer Name = JULIE-O7W2BN5SI | Source = Application Error | ID = 1000 Description = Faulting application mrt.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000. [ System Events ] Error - 10/24/2009 11:08:51 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010 Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register with DCOM within the required timeout. Error - 10/24/2009 11:09:25 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010 Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error - 10/24/2009 11:09:57 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010 Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register with DCOM within the required timeout. Error - 10/24/2009 11:10:28 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010 Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register with DCOM within the required timeout. Error - 10/24/2009 11:11:00 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010 Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error - 10/24/2009 11:11:32 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010 Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register with DCOM within the required timeout. Error - 10/24/2009 11:12:03 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010 Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register with DCOM within the required timeout. Error - 10/24/2009 11:12:35 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010 Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error - 10/26/2009 9:36:35 PM | Computer Name = JULIE-O7W2BN5SI | Source = Service Control Manager | ID = 7000 Description = The Viewpoint Manager Service service failed to start due to the following error: %%2 Error - 10/26/2009 9:38:54 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010 Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. < End of report > Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.42 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 22.49% Memory free 1.22 Gb Paging File | 0.81 Gb Available in Paging File | 66.07% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.79 Gb Total Space | 99.44 Gb Free Space | 88.95% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 1006.92 Mb Total Space | 1006.92 Mb Free Space | 100.00% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JULIE-O7W2BN5SI Current User Name: Julie Ross Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/10/26 21:43:31 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Julie Ross\Desktop\OTL.exe PRC - [2009/10/25 10:31:58 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/10/25 10:31:57 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/08/31 17:37:31 | 00,123,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\SymcPCCULaunchSvc.exe PRC - [2009/08/24 18:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\ccSvcHst.exe PRC - [2009/08/22 03:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe PRC - [2009/05/26 21:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2008/12/19 14:18:47 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2006/05/09 20:24:16 | 00,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1157510312\ee\aolsoftware.exe PRC - [2005/09/30 20:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe PRC - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2003/09/23 02:20:02 | 00,049,152 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe PRC - [2003/09/23 02:01:40 | 00,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe PRC - [2003/09/23 01:42:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE PRC - [2003/09/23 01:37:18 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2001/08/17 18:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\devldr32.exe ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (Viewpoint Manager Service [Auto | Stopped]) SRV - [2009/10/25 10:31:57 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2009/08/31 17:37:31 | 00,123,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher [Auto | Running]) SRV - [2009/08/24 18:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\ccSvcHst.exe -- (ccJobMgr [Unknown | Running]) SRV - [2009/08/22 03:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security [Auto | Running]) SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005/09/30 20:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running]) SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) SRV - [2003/09/23 01:42:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running]) SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running]) ========== Modules (SafeList) ========== MOD - [2009/10/26 21:43:31 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Julie Ross\Desktop\OTL.exe MOD - [2009/08/22 03:28:14 | 00,419,696 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\16.7.2.11\ASOEHOOK.DLL MOD - [2009/07/24 11:07:00 | 00,089,600 | -HS- | M] () -- C:\WINDOWS\System32\hahohetu.dll MOD - [2009/07/21 19:48:17 | 00,090,112 | -HS- | M] () -- C:\WINDOWS\System32\dewezuwa.dll MOD - [2009/07/17 15:01:06 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL.DLL MOD - [2008/05/13 10:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL MOD - [2008/04/13 20:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008/04/13 20:12:02 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntshrui.dll MOD - [2008/04/13 20:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mslbui.dll MOD - [2008/04/13 20:11:56 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\LINKINFO.dll ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-861567501-1060284298-274436499-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm IE - HKU\S-1-5-21-861567501-1060284298-274436499-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\S-1-5-21-861567501-1060284298-274436499-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\S-1-5-21-861567501-1060284298-274436499-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html IE - HKU\S-1-5-21-861567501-1060284298-274436499-1003\S-1-5-21-861567501-1060284298-274436499-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.comcast.net" FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\firefox\extensions\\{A9A05615-D954-475F-9A68-B06BA9A55E2E}: C:\Documents and Settings\Julie Ross\Local Settings\Application Data\{A9A05615-D954-475F-9A68-B06BA9A55E2E} [2008/12/23 15:59:15 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/25 10:32:03 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/24 19:30:51 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/21 21:26:13 | 00,000,000 | ---D | M] [2008/12/05 22:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Extensions [2008/12/05 22:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/01/16 21:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Firefox\Profiles\6znh2z4v.mac\extensions [2005/11/04 15:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Firefox\Profiles\hjlx0jzk.default\extensions [2005/11/04 15:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Firefox\Profiles\hjlx0jzk.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/10/26 21:36:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/09/13 10:14:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/10/25 10:32:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009/09/13 10:14:19 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/09/13 10:14:19 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2004/11/12 23:36:20 | 00,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll [2009/10/25 10:31:59 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/09/13 10:14:24 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2003/07/14 23:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2006/12/18 05:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008/03/24 20:21:00 | 02,889,088 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll [2004/02/20 16:14:09 | 00,176,177 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2009/07/22 19:11:41 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/07/22 19:11:41 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/07/22 19:11:41 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/07/22 19:11:41 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/07/22 19:11:41 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/08/24 09:49:59 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml [2009/07/22 19:11:41 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/07/22 19:11:41 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {368a612f-7a26-4e53-98d0-70e2b23d893d} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-861567501-1060284298-274436499-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found. O3 - HKU\S-1-5-21-861567501-1060284298-274436499-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKU\S-1-5-21-861567501-1060284298-274436499-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [bemobigoj] C:\WINDOWS\System32\hahohetu.DLL () O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157510312\ee\AOLSoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.) O4 - HKLM..\Run: [Lexmark X6100 Series] C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-861567501-1060284298-274436499-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-861567501-1060284298-274436499-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-861567501-1060284298-274436499-1003..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AirPlus.exe (D-Link) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-21-861567501-1060284298-274436499-1003\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-861567501-1060284298-274436499-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-21-861567501-1060284298-274436499-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-861567501-1060284298-274436499-1003_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-861567501-1060284298-274436499-1003_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-861567501-1060284298-274436499-1003\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab (Microsoft ProgressBar Control, version 5.0 (SP2)) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} http://asp.mathxl.com/applets/PearsonInstallAsst.cab (PearsonAsstX Control) O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab (cpbrkpie Control) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab (ZoneIntro Class) O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.) O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.15.44/ttinst.cab (Toontown Installer ActiveX Control) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\windows\system32\yumikedi.dll) - C:\WINDOWS\System32\yumikedi.dll File not found O20 - AppInit_DLLs: (c:\windows\system32\dewezuwa.dll) - C:\WINDOWS\System32\dewezuwa.dll () O20 - AppInit_DLLs: (gijoyeri.dll) - File not found O20 - AppInit_DLLs: (c:\windows\system32\hahohetu.dll) - C:\WINDOWS\System32\hahohetu.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O21 - SSODL: hemisajeb - {2ab26149-16c4-4480-9c20-aa489e9dbced} - C:\WINDOWS\System32\hahohetu.dll () O21 - SSODL: hurekiyat - {23819cce-cc61-41b1-b4d6-deeba8fd1fab} - C:\WINDOWS\System32\hahohetu.dll () O21 - SSODL: meguyuhaf - {ec211094-5375-4bfb-81a1-8ce393cefa5a} - C:\WINDOWS\System32\dewezuwa.dll () O21 - SSODL: runikumus - {66b9d25d-9869-40d8-b5ad-fde117d2b3be} - C:\WINDOWS\System32\yumikedi.dll File not found O21 - SSODL: votoyafit - {2d9e134d-b863-479f-8bdc-0f801aebf55d} - C:\WINDOWS\System32\hahohetu.dll () O21 - SSODL: yesehuyeg - {3a74ea6a-07b4-47c0-80dd-0cf3d8657570} - C:\WINDOWS\System32\hahohetu.dll () O21 - SSODL: zuzurolil - {2cefa6ac-6cad-4aa4-9c0d-56fad940dd1d} - C:\WINDOWS\System32\hahohetu.dll () O22 - SharedTaskScheduler: {23819cce-cc61-41b1-b4d6-deeba8fd1fab} - kupuhivus - C:\WINDOWS\System32\hahohetu.dll () O22 - SharedTaskScheduler: {2ab26149-16c4-4480-9c20-aa489e9dbced} - mujuzedij - C:\WINDOWS\System32\hahohetu.dll () O22 - SharedTaskScheduler: {2cefa6ac-6cad-4aa4-9c0d-56fad940dd1d} - kupuhivus - C:\WINDOWS\System32\hahohetu.dll () O22 - SharedTaskScheduler: {2d9e134d-b863-479f-8bdc-0f801aebf55d} - jugezatag - C:\WINDOWS\System32\hahohetu.dll () O22 - SharedTaskScheduler: {3a74ea6a-07b4-47c0-80dd-0cf3d8657570} - mujuzedij - C:\WINDOWS\System32\hahohetu.dll () O22 - SharedTaskScheduler: {66b9d25d-9869-40d8-b5ad-fde117d2b3be} - kupuhivus - C:\WINDOWS\System32\yumikedi.dll File not found O22 - SharedTaskScheduler: {ec211094-5375-4bfb-81a1-8ce393cefa5a} - mujuzedij - C:\WINDOWS\System32\dewezuwa.dll () O24 - Desktop Components:0 () - https://pulse.clarian.org/clarian/layoutTem...s/header-bg.gif O24 - Desktop Components:1 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/10/10 10:07:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 14 Days ========== [2 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [2009/10/20 18:49:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\04849934 [2009/10/24 11:07:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\20314818 [2009/10/21 19:48:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\44229829 [2009/10/19 18:49:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\66154527 [2009/10/20 06:49:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\71315421 [2009/10/25 13:07:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/24 18:42:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Application Data\COMCASTTOOLBAR [2009/10/25 12:32:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Application Data\SUPERAntiSpyware.com [2009/10/25 13:17:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Application Data\Tific [2009/10/25 13:17:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\Tific [2009/10/25 12:30:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009/10/25 09:18:21 | 00,000,000 | ---D | C] -- C:\Program Files\Adware Professional [2009/10/25 10:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009/10/25 10:31:48 | 00,000,000 | ---D | C] -- C:\Program Files\Java [2009/10/25 13:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/25 13:16:47 | 00,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup [2009/10/25 12:32:00 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2009/10/25 09:29:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/10/26 21:43:10 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Julie Ross\Desktop\OTL.exe [2009/10/25 17:06:45 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Julie Ross\Desktop\RootRepeal.exe [2009/10/25 13:16:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200000.092 [2009/10/25 13:16:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup [2009/10/25 13:07:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/25 13:07:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/25 12:27:06 | 00,000,000 | ---D | C] -- C:\Mike [2009/10/25 11:58:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009/10/25 07:35:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2009/10/24 18:45:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2009/10/24 18:20:42 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2009/10/21 21:19:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Desktop\PC Fix by Mike [2009/10/13 09:21:54 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF ========== Files - Modified Within 14 Days ========== [2 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [8 C:\Documents and Settings\Julie Ross\My Documents\*.tmp files] [2009/10/26 22:00:39 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\gokunike [2009/10/26 22:00:02 | 00,000,348 | ---- | M] () -- C:\WINDOWS\tasks\kboeuqyx.job [2009/10/26 22:00:01 | 00,000,320 | ---- | M] () -- C:\WINDOWS\tasks\jegdszug.job [2009/10/26 21:43:31 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Julie Ross\Desktop\OTL.exe [2009/10/26 21:39:08 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\hamehalu.dll [2009/10/26 21:36:53 | 00,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/10/26 21:35:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/26 21:35:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/10/26 21:35:22 | 53,633,4336 | -HS- | M] () -- C:\hiberfil.sys [2009/10/25 17:06:45 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Julie Ross\Desktop\RootRepeal.exe [2009/10/25 17:01:25 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Julie Ross\Desktop\dds.scr [2009/10/25 13:17:06 | 00,001,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.lnk [2009/10/25 13:09:34 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/25 13:05:45 | 00,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/10/25 12:45:09 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\IconCache.db [2009/10/25 12:32:09 | 00,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\sas.exe.lnk [2009/10/25 12:24:12 | 02,383,047 | ---- | M] () -- C:\MGtools.exe [2009/10/25 11:59:09 | 00,000,737 | ---- | M] () -- C:\WINDOWS\win.ini [2009/10/25 11:59:09 | 00,000,243 | ---- | M] () -- C:\WINDOWS\system.ini [2009/10/25 11:59:09 | 00,000,211 | -H-- | M] () -- C:\boot.ini [2009/10/25 11:08:07 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\yitefuko.dll [2009/10/25 11:08:06 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\raramuge.exe [2009/10/25 11:08:06 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\lodivoyo.dll [2009/10/25 10:20:07 | 00,001,557 | ---- | M] () -- C:\Documents and Settings\Julie Ross\Desktop\CCleaner.lnk [2009/10/25 09:29:35 | 00,001,743 | ---- | M] () -- C:\Documents and Settings\Julie Ross\Desktop\HijackThis.lnk [2009/10/25 07:37:39 | 00,670,218 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB [2009/10/24 19:54:46 | 00,000,006 | ---- | M] () -- C:\WINDOWS\System32\ClassU [2009/10/24 19:54:46 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\Band4 [2009/10/24 11:06:53 | 00,000,058 | ---- | M] () -- C:\WINDOWS\wp4.dat [2009/10/24 11:06:53 | 00,000,001 | ---- | M] () -- C:\WINDOWS\wp3.dat [2009/10/21 21:54:30 | 00,010,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg [2009/10/19 18:50:31 | 00,000,092 | ---- | M] () -- C:\WINDOWS\System32\wwp.htm [2009/10/19 11:24:06 | 00,000,548 | ---- | M] () -- C:\WINDOWS\lexstat.ini [2009/10/19 10:03:45 | 00,001,982 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk [2009/10/16 03:24:59 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\cchpx86.sys [2009/10/16 03:24:51 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\isolate.ini ========== Files - No Company Name ========== [2009/10/26 21:39:08 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\hamehalu.dll [2009/10/25 17:01:24 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Desktop\dds.scr [2009/10/25 13:17:06 | 00,001,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.lnk [2009/10/25 13:16:47 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200000.092\isolate.ini [2009/10/25 13:07:11 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/25 13:05:44 | 00,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/10/25 12:46:22 | 53,633,4336 | -HS- | C] () -- C:\hiberfil.sys [2009/10/25 12:32:09 | 00,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\sas.exe.lnk [2009/10/25 12:24:08 | 02,383,047 | ---- | C] () -- C:\MGtools.exe [2009/10/25 11:08:06 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\yitefuko.dll [2009/10/25 11:08:06 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\raramuge.exe [2009/10/25 11:08:06 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\lodivoyo.dll [2009/10/25 10:20:06 | 00,001,557 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Desktop\CCleaner.lnk [2009/10/25 09:29:34 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Desktop\HijackThis.lnk [2009/10/24 19:54:46 | 00,000,006 | ---- | C] () -- C:\WINDOWS\System32\ClassU [2009/10/24 19:54:46 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\Band4 [2009/10/21 21:14:06 | 00,010,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg [2009/10/19 18:50:42 | 00,000,058 | ---- | C] () -- C:\WINDOWS\wp4.dat [2009/10/19 18:50:42 | 00,000,001 | ---- | C] () -- C:\WINDOWS\wp3.dat [2009/10/19 18:50:31 | 00,000,092 | ---- | C] () -- C:\WINDOWS\System32\wwp.htm [2009/07/24 11:07:00 | 00,089,600 | -HS- | C] () -- C:\WINDOWS\System32\hahohetu.dll [2009/07/24 11:07:00 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\zeginizo.dll [2009/07/21 19:48:50 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\vayihufi.dll [2009/07/21 19:48:50 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\libetuka.dll [2009/07/21 19:48:19 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\wotitiha.dll [2009/07/21 19:48:17 | 00,090,112 | -HS- | C] () -- C:\WINDOWS\System32\dewezuwa.dll [2009/07/21 19:48:17 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\semasowa.dll [2009/07/20 18:49:20 | 00,090,112 | -HS- | C] () -- C:\WINDOWS\System32\tuhipulo.dll [2009/01/24 15:44:37 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008/12/23 15:46:39 | 00,002,710 | ---- | C] () -- C:\WINDOWS\System32\TDSSxnpr.dll [2008/12/23 15:46:31 | 00,035,840 | ---- | C] () -- C:\WINDOWS\System32\TDSSkfkl.dll [2008/12/23 15:35:27 | 00,412,227 | -HS- | C] () -- C:\WINDOWS\System32\GffMUvut.ini2 [2008/12/23 15:35:27 | 00,412,227 | -HS- | C] () -- C:\WINDOWS\System32\GffMUvut.ini [2007/03/10 00:48:24 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys [2006/10/11 10:40:03 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/09/21 00:51:25 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2006/09/05 22:36:04 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini [2006/07/20 20:11:13 | 00,000,249 | ---- | C] () -- C:\WINDOWS\SimPark.ini [2006/06/06 15:13:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI [2006/01/20 12:39:55 | 00,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2006/01/20 12:39:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2006/01/20 12:31:03 | 00,000,936 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006/01/19 18:18:10 | 00,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini [2006/01/19 18:18:09 | 00,000,047 | ---- | C] () -- C:\WINDOWS\winhelp.ini [2006/01/19 18:16:05 | 00,000,321 | ---- | C] () -- C:\WINDOWS\System32\cosmo.ini [2006/01/19 18:15:45 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\sx83p32.dll [2006/01/19 18:15:08 | 00,150,016 | ---- | C] () -- C:\WINDOWS\CRLASP95.DLL [2006/01/19 18:13:51 | 00,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV [2006/01/19 18:12:23 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL [2006/01/19 18:12:22 | 00,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL [2006/01/04 13:59:01 | 00,000,198 | ---- | C] () -- C:\WINDOWS\DLCS.INI [2006/01/02 19:04:15 | 00,000,733 | ---- | C] () -- C:\WINDOWS\hegames.ini [2005/12/31 15:33:03 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/12/31 15:17:45 | 00,000,327 | ---- | C] () -- C:\WINDOWS\PSTUDIO.INI [2005/12/31 15:16:31 | 00,206,336 | ---- | C] () -- C:\WINDOWS\PCDLIB32.DLL [2005/12/15 20:34:49 | 00,082,768 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2005/11/10 21:06:49 | 00,000,077 | ---- | C] () -- C:\WINDOWS\KA.INI [2005/11/10 20:14:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2005/11/04 16:57:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Application Data\dm.ini [2005/11/04 16:57:03 | 00,000,879 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Application Data\AdobeDLM.log [2005/11/03 11:48:49 | 00,000,007 | ---- | C] () -- C:\WINDOWS\offnm.ini [2005/11/02 22:13:00 | 00,001,935 | ---- | C] () -- C:\WINDOWS\b9b9a5bd6632124470370a10375acc86.ini [2005/11/02 22:11:38 | 00,090,112 | ---- | C] () -- C:\WINDOWS\libbz2.dll [2005/11/02 22:11:38 | 00,000,148 | ---- | C] () -- C:\WINDOWS\Fnynlvks.ini [2005/11/02 22:09:43 | 00,000,417 | ---- | C] () -- C:\WINDOWS\tuptr.dll [2005/10/25 09:09:28 | 00,000,029 | ---- | C] () -- C:\WINDOWS\RRK.INI [2005/10/25 09:06:22 | 00,000,603 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI [2005/10/25 09:05:18 | 00,000,112 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI [2005/10/18 20:02:14 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2005/10/10 12:22:59 | 04,240,656 | -H-- | C] () -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\IconCache.db [2005/10/10 12:16:01 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Julie Ross\Application Data\desktop.ini [2005/10/10 11:59:25 | 00,000,548 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2005/10/10 11:59:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL [2005/10/10 11:59:02 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll [2005/10/10 11:58:45 | 00,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini [2005/10/10 04:54:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2003/03/31 08:00:00 | 00,000,737 | ---- | C] () -- C:\WINDOWS\win.ini [2003/03/31 08:00:00 | 00,000,243 | ---- | C] () -- C:\WINDOWS\system.ini [2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2009/10/25 13:07:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2009/10/21 21:01:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\04849934 [2009/10/24 12:15:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\20314818 [2009/10/21 21:01:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\44229829 [2009/10/21 21:01:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\66154527 [2009/10/21 21:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\71315421 [2005/11/03 23:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdDestroyer [2005/10/10 11:59:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2008/08/18 22:06:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast [2005/12/09 15:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2009/10/25 13:16:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton [2009/10/25 13:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller [2009/01/24 12:31:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard [2009/10/21 21:56:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla! [2009/01/24 10:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/10/21 21:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2006/02/13 19:18:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company [2005/11/03 21:17:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VBouncer [2008/12/28 19:03:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2005/10/10 04:54:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data [2009/10/25 13:17:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Julie Ross\Application Data [2009/10/24 18:44:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\COMCASTTOOLBAR [2009/10/26 21:56:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\DNA [2007/04/24 01:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\MSN6 [2007/07/30 17:54:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\SBTT [2009/10/25 13:17:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\Tific [2007/06/11 22:26:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\Viewpoint [2007/06/25 14:38:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data [2007/06/26 19:46:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\COMCASTTOOLBAR [2008/12/26 15:50:24 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Mackenzie\Application Data [2008/12/26 15:59:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mackenzie\Application Data\COMCASTTOOLBAR [2007/04/26 20:15:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mackenzie\Application Data\MSN6 [2007/12/24 10:57:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Mallory Ross\Application Data [2007/04/27 18:29:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mallory Ross\Application Data\MSN6 [2007/05/23 21:49:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Myles Ross\Application Data [2007/05/23 21:49:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Myles Ross\Application Data\COMCASTTOOLBAR [2005/10/10 10:12:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data [2003/03/31 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/10/26 22:00:01 | 00,000,320 | ---- | M] () -- C:\WINDOWS\Tasks\jegdszug.job [2009/10/26 22:00:02 | 00,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\kboeuqyx.job [2009/10/26 21:35:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Custom Scans ========== < %systemdrive%\*.exe > [2009/10/25 12:24:12 | 02,383,047 | ---- | M] () -- C:\MGtools.exe < %systemroot%\system32\drivers\*.sys > [2008/04/13 14:36:35 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys [2003/03/31 08:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpiec.sys [2008/04/13 12:39:23 | 00,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys [2008/08/14 06:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys [2008/04/13 14:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys [2008/04/13 14:36:39 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agpcpq.sys [2008/04/13 14:36:38 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\alim1541.sys [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys [2008/04/13 14:31:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk6.sys [2008/04/13 14:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys [2003/04/30 10:07:16 | 00,320,160 | ---- | M] (D-Link) -- C:\WINDOWS\system32\drivers\ar5211.sys [2008/04/13 14:51:25 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arp1394.sys [2008/04/13 14:57:27 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys [2008/04/13 14:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/04 01:29:29 | 00,056,623 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1btxx.sys [2004/08/04 01:29:29 | 00,011,615 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1mdxx.sys [2004/08/04 01:29:29 | 00,012,047 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1pdxx.sys [2004/08/04 01:29:30 | 00,030,671 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1raxx.sys [2004/08/04 01:29:30 | 00,063,663 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1rvxx.sys [2004/08/04 01:29:31 | 00,026,367 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1snxx.sys [2004/08/04 01:29:31 | 00,021,343 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1ttxx.sys [2004/08/04 01:29:31 | 00,036,463 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1tuxx.sys [2004/08/04 01:29:31 | 00,029,455 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xbxx.sys [2004/08/04 01:29:31 | 00,034,735 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xsxx.sys [2004/08/04 01:29:26 | 00,327,040 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys [2004/08/04 01:29:26 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys [2004/08/04 01:29:27 | 00,057,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinbtxx.sys [2004/08/04 01:29:28 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinmdxx.sys [2004/08/04 01:29:29 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinpdxx.sys [2004/08/04 01:29:29 | 00,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinraxx.sys [2004/08/04 01:29:30 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinrvxx.sys [2004/08/04 01:29:30 | 00,028,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinsnxx.sys [2004/08/04 01:29:30 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinttxx.sys [2004/08/04 01:29:31 | 00,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atintuxx.sys [2004/08/04 01:29:31 | 00,031,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxbxx.sys [2004/08/04 01:29:31 | 00,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxsxx.sys [2008/04/13 14:51:25 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys [2003/03/31 08:00:00 | 00,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmepvc.sys [2008/04/13 14:51:30 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmlane.sys [2003/03/31 08:00:00 | 00,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmuni.sys [2001/08/17 09:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys [2003/03/31 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\beep.sys [2008/04/13 14:53:23 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bridge.sys [2008/04/13 14:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys [2008/04/13 14:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys [2008/04/13 14:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys [2008/06/13 07:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys [2008/04/13 14:46:31 | 00,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthprint.sys [2008/04/13 14:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys [2003/03/31 08:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cbidf2k.sys [2003/03/31 08:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdaudio.sys [2008/04/13 15:14:21 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdfs.sys [2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys [2003/03/31 08:00:00 | 00,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [2008/04/13 15:16:22 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\classpnp.sys [2003/03/31 08:00:00 | 00,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [2008/04/13 14:31:32 | 00,036,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\crusoe.sys [2001/08/17 08:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys [2001/08/17 08:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys [2008/04/13 14:40:47 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys [2008/04/13 14:40:44 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\diskdump.sys [2005/07/01 16:48:42 | 00,043,008 | ---- | M] (D-Link ) -- C:\WINDOWS\system32\drivers\dlkfet5b.sys [2008/04/13 14:44:48 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys [2008/04/13 14:44:46 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys [2003/03/31 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys [2008/04/13 14:45:01 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dmusic.sys [2008/04/13 14:45:14 | 00,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmk.sys [2008/04/13 14:45:13 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys [2003/03/31 08:00:00 | 00,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxapi.sys [2008/04/13 14:38:29 | 00,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxg.sys [2003/03/31 08:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxgthk.sys [2001/08/17 08:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys [2001/08/17 08:12:32 | 00,016,074 | ---- | M] (NETGEAR Corp.) -- C:\WINDOWS\system32\drivers\FA312nd5.sys [2008/04/13 15:14:29 | 00,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fastfat.sys [2008/04/13 14:40:25 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys [2008/04/13 14:33:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fips.sys [2008/04/13 14:40:25 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys [2008/04/13 14:32:59 | 00,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys [2003/03/31 08:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys [2003/03/31 08:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fs_rec.sys [2003/03/31 08:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys [2008/04/13 14:36:40 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys [2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys [2008/04/13 14:45:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gckernel.sys [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys [2008/04/13 14:46:30 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbth.sys [2008/04/13 14:45:26 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidclass.sys [2008/04/13 14:45:26 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidir.sys [2008/04/13 14:45:22 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidparse.sys [2001/08/17 15:02:50 | 00,002,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys [2008/04/13 14:45:27 | 00,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys [2004/08/04 01:41:46 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys [2004/08/04 01:41:48 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys [2004/08/04 01:41:54 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys [2008/04/13 14:53:53 | 00,264,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys [2008/04/13 15:18:00 | 00,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys [2008/04/13 14:40:58 | 00,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys [2008/04/13 14:40:29 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelide.sys [2008/04/13 14:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys [2008/04/13 14:53:34 | 00,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys [2003/03/31 08:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys [2008/04/13 14:57:07 | 00,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys [2008/04/13 14:57:15 | 00,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys [2008/04/13 15:19:42 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys [2008/04/13 14:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irbus.sys [2008/04/13 14:54:28 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys [2008/04/13 14:36:41 | 00,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys [2008/04/13 14:39:47 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys [2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys [2008/04/13 14:45:09 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys [2008/04/13 15:16:36 | 00,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ks.sys [2009/06/24 07:18:41 | 00,092,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ksecdd.sys [2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys [2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2003/03/31 08:00:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mcd.sys [2005/10/10 11:44:03 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\system32\drivers\mcstrm.sys [2004/08/04 01:41:55 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys [2008/04/13 14:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys [2003/03/31 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mnmdd.sys [2008/04/13 15:00:19 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\modem.sys [2008/04/13 14:39:47 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys [2003/03/31 08:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys [2008/04/13 14:39:46 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mountmgr.sys [2008/04/13 14:39:44 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys [2008/04/13 14:32:44 | 00,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys [2008/10/24 07:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys [2008/04/13 14:32:39 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfs.sys [2008/04/13 14:56:32 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys [2008/04/13 14:39:52 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mskssrv.sys [2008/04/13 14:39:50 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspclock.sys [2008/04/13 14:39:51 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspqm.sys [2008/04/13 14:36:46 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys [2004/08/04 01:41:38 | 00,126,686 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys [2004/08/04 01:41:37 | 01,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlstrm.sys [2004/08/04 01:29:36 | 00,452,736 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\drivers\mtxparhm.sys [2008/04/13 15:17:05 | 00,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mup.sys [2008/04/13 14:43:55 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mutohpen.sys [2008/04/13 15:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys [2008/04/13 14:57:27 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys [2008/04/13 14:55:58 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys [2008/04/13 15:20:42 | 00,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys [2008/04/13 14:57:29 | 00,040,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys [2008/04/13 14:56:02 | 00,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys [2008/04/13 15:21:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys [2008/04/13 14:51:25 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nic1394.sys [2003/03/31 08:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\nikedrv.sys [2008/04/13 14:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys [2008/04/13 14:32:39 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\npfs.sys [2008/04/13 15:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntfs.sys [2004/08/04 01:41:39 | 00,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys [2003/03/31 08:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\null.sys [2004/08/04 01:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys [2003/03/31 08:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys [2003/03/31 08:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys [2008/04/13 14:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys [2003/03/31 08:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys [2003/03/31 08:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys [2008/04/13 14:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwrdr.sys [2003/03/31 08:00:00 | 00,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\oprghdlr.sys [2008/04/13 14:31:31 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\p3.sys [2008/04/13 14:40:10 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys [2008/04/13 14:40:49 | 00,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\partmgr.sys [2003/03/31 08:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parvdm.sys [2008/04/13 14:36:44 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys [2008/04/13 14:40:29 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciidex.sys [2008/04/13 14:36:43 | 00,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pcmcia.sys [2008/04/13 15:19:41 | 00,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\portcls.sys [2002/03/26 23:22:10 | 00,050,688 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\drivers\PRISMNDS.sys [2008/04/13 14:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys [2008/04/13 14:56:38 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys [2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys [2003/03/31 08:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys [2008/04/13 15:19:43 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys [2008/04/13 14:57:32 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys [2008/04/13 15:19:48 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys [2003/03/31 08:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys [2003/03/31 08:00:00 | 00,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rawwan.sys [2008/04/13 15:28:39 | 00,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys [2003/03/31 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys [2008/04/13 14:32:51 | 00,196,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpdr.sys [2008/04/13 20:13:22 | 00,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys [2004/08/04 01:41:39 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\recagent.sys [2008/04/13 14:40:27 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys [2008/04/13 14:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys [2003/03/31 08:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\rio8drv.sys [2003/03/31 08:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\riodrv.sys [2008/05/08 10:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys [2008/04/13 14:56:49 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismp.sys [2008/04/13 14:56:49 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismpx.sys [2003/03/31 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys [2004/08/04 01:29:51 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys [2008/04/13 14:40:30 | 00,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\scsiport.sys [2008/04/13 14:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys [2008/04/13 14:40:12 | 00,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys [2008/04/13 15:15:45 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys [2008/04/13 14:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys [2008/04/13 14:40:48 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_mmc.sys [2008/04/13 14:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys [2008/04/13 14:40:48 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sfloppy.sys [2001/08/17 08:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys [2004/08/04 01:41:40 | 00,129,535 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnt7554.sys [2004/08/04 01:41:42 | 00,404,990 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slntamr.sys [2004/08/04 01:41:44 | 00,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnthal.sys [2004/08/04 01:41:45 | 00,013,240 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slwdmsup.sys [2008/04/13 14:36:34 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smbali.sys [2003/03/31 08:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smclib.sys [2008/04/13 14:46:07 | 00,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sonydcam.sys [2008/04/13 14:45:07 | 00,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys [2008/04/13 14:36:52 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys [2008/12/11 06:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys [2008/04/13 14:45:15 | 00,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\stream.sys [2008/04/13 14:39:53 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys [2008/04/13 14:45:09 | 00,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys [2009/08/20 15:19:54 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS [2009/08/18 15:11:17 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys [2008/04/13 15:15:55 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys [2008/04/13 14:40:50 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tape.sys [2008/06/20 07:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys [2008/06/20 07:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys [2008/04/13 15:00:05 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdi.sys [2008/04/13 20:13:20 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdpipe.sys [2008/04/13 20:13:21 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdtcp.sys [2008/04/13 20:13:20 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys [2003/03/31 08:00:00 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tosdvd.sys [2003/03/31 08:00:00 | 00,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [2008/04/13 14:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys [2008/04/13 14:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys [2008/04/13 14:32:36 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\udfs.sys [2008/04/13 14:39:46 | 00,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys [2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys [2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys [2008/04/13 14:45:40 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd.sys [2008/04/13 14:45:41 | 00,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd2.sys [2008/04/13 14:45:39 | 00,032,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys [2003/03/31 08:00:00 | 00,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbd.sys [2008/04/13 14:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys [2008/04/13 14:45:37 | 00,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys [2008/04/13 14:45:43 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbintel.sys [2001/05/07 06:56:02 | 00,019,805 | R--- | M] (Thesycon GmbH, Germany) -- C:\WINDOWS\system32\drivers\usbio.sys [2008/04/13 14:45:36 | 00,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbport.sys [2008/04/13 14:47:37 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbprint.sys [2008/04/13 14:45:34 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys [2008/04/13 14:45:38 | 00,026,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbstor.sys [2008/04/13 14:45:35 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys [2008/04/13 14:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys [2003/03/31 08:00:00 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [2008/04/13 14:44:40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys [2008/04/13 14:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys [2008/04/13 14:44:40 | 00,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\videoprt.sys [2008/04/13 14:41:01 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\volsnap.sys [2008/04/13 14:43:55 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wacompen.sys [2004/08/04 01:29:38 | 00,011,807 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv07nt.sys [2004/08/04 01:29:39 | 00,011,295 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv08nt.sys [2004/08/04 01:29:40 | 00,011,871 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv09nt.sys [2004/08/04 01:29:40 | 00,011,935 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv11nt.sys [2008/04/13 14:57:21 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys [2004/08/04 01:29:44 | 00,022,271 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv06nt.sys [2004/08/04 01:29:45 | 00,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv10nt.sys [2008/04/13 15:17:18 | 00,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys [2003/03/31 08:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmilib.sys [2005/01/28 14:44:28 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys [2003/03/31 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512B5648 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report > |
|
|
|
|
Oct 27 2009, 07:13 AM
Post
#4
|
|
|
Malware Expert Group: HJT Team Posts: 15,811 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
No problem helping a Hoosier... til basketball season.
Run OTL.exe
====================== Please update Malwarebytes and run a full scan.
-------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Oct 27 2009, 04:20 PM
Post
#5
|
|
|
New Member Group: Members Posts: 4 Joined: 25-October 09 Member No.: 394,441 |
I will try updating and running Maleware bytes now
All processes killed ========== OTL ========== DllUnregisterServer procedure not found in C:\WINDOWS\System32\hahohetu.dll C:\WINDOWS\System32\hahohetu.dll NOT unregistered. C:\WINDOWS\System32\hahohetu.dll moved successfully. Releasing module c:\windows\system32\hahohetu.dll DllUnregisterServer procedure not found in C:\WINDOWS\System32\dewezuwa.dll C:\WINDOWS\System32\dewezuwa.dll NOT unregistered. C:\WINDOWS\System32\dewezuwa.dll moved successfully. Releasing module c:\windows\system32\dewezuwa.dll Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{368a612f-7a26-4e53-98d0-70e2b23d893d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{368a612f-7a26-4e53-98d0-70e2b23d893d}\ deleted successfully. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found. Registry value HKEY_USERS\S-1-5-21-861567501-1060284298-274436499-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\ not found. Registry value HKEY_USERS\S-1-5-21-861567501-1060284298-274436499-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bemobigoj deleted successfully. File C:\WINDOWS\System32\hahohetu.DLL not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\yumikedi.dll deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\dewezuwa.dll deleted successfully. File C:\WINDOWS\System32\dewezuwa.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:gijoyeri.dll deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\hahohetu.dll deleted successfully. File C:\WINDOWS\System32\hahohetu.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\hemisajeb deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ab26149-16c4-4480-9c20-aa489e9dbced}\ deleted successfully. File C:\WINDOWS\System32\hahohetu.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\hurekiyat deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23819cce-cc61-41b1-b4d6-deeba8fd1fab}\ deleted successfully. File C:\WINDOWS\System32\hahohetu.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\meguyuhaf deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec211094-5375-4bfb-81a1-8ce393cefa5a}\ deleted successfully. File C:\WINDOWS\System32\dewezuwa.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\runikumus deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66b9d25d-9869-40d8-b5ad-fde117d2b3be}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\votoyafit deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d9e134d-b863-479f-8bdc-0f801aebf55d}\ deleted successfully. File C:\WINDOWS\System32\hahohetu.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\yesehuyeg deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a74ea6a-07b4-47c0-80dd-0cf3d8657570}\ deleted successfully. File C:\WINDOWS\System32\hahohetu.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\zuzurolil deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cefa6ac-6cad-4aa4-9c0d-56fad940dd1d}\ deleted successfully. File C:\WINDOWS\System32\hahohetu.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{23819cce-cc61-41b1-b4d6-deeba8fd1fab} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23819cce-cc61-41b1-b4d6-deeba8fd1fab}\ not found. File C:\WINDOWS\System32\hahohetu.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{2ab26149-16c4-4480-9c20-aa489e9dbced} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ab26149-16c4-4480-9c20-aa489e9dbced}\ not found. File C:\WINDOWS\System32\hahohetu.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{2cefa6ac-6cad-4aa4-9c0d-56fad940dd1d} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cefa6ac-6cad-4aa4-9c0d-56fad940dd1d}\ not found. File C:\WINDOWS\System32\hahohetu.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{2d9e134d-b863-479f-8bdc-0f801aebf55d} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d9e134d-b863-479f-8bdc-0f801aebf55d}\ not found. File C:\WINDOWS\System32\hahohetu.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{3a74ea6a-07b4-47c0-80dd-0cf3d8657570} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a74ea6a-07b4-47c0-80dd-0cf3d8657570}\ not found. File C:\WINDOWS\System32\hahohetu.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{66b9d25d-9869-40d8-b5ad-fde117d2b3be} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66b9d25d-9869-40d8-b5ad-fde117d2b3be}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{ec211094-5375-4bfb-81a1-8ce393cefa5a} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec211094-5375-4bfb-81a1-8ce393cefa5a}\ not found. File C:\WINDOWS\System32\dewezuwa.dll not found. C:\Documents and Settings\All Users\Application Data\04849934 moved successfully. C:\Documents and Settings\All Users\Application Data\20314818 moved successfully. C:\Documents and Settings\All Users\Application Data\44229829 moved successfully. C:\Documents and Settings\All Users\Application Data\66154527 moved successfully. C:\Documents and Settings\All Users\Application Data\71315421 moved successfully. C:\WINDOWS\System32\gokunike moved successfully. C:\WINDOWS\tasks\kboeuqyx.job moved successfully. C:\WINDOWS\tasks\jegdszug.job moved successfully. LoadLibrary failed for C:\WINDOWS\System32\hamehalu.dll C:\WINDOWS\System32\hamehalu.dll NOT unregistered. C:\WINDOWS\System32\hamehalu.dll moved successfully. LoadLibrary failed for C:\WINDOWS\System32\yitefuko.dll C:\WINDOWS\System32\yitefuko.dll NOT unregistered. C:\WINDOWS\System32\yitefuko.dll moved successfully. C:\WINDOWS\System32\raramuge.exe moved successfully. LoadLibrary failed for C:\WINDOWS\System32\lodivoyo.dll C:\WINDOWS\System32\lodivoyo.dll NOT unregistered. C:\WINDOWS\System32\lodivoyo.dll moved successfully. C:\WINDOWS\wp4.dat moved successfully. C:\WINDOWS\wp3.dat moved successfully. ========== FILES ========== C:\WINDOWS\System32\CONFIG.TMP moved successfully. C:\WINDOWS\System32\SETB.tmp moved successfully. C:\WINDOWS\002357_.tmp moved successfully. C:\WINDOWS\005865_.tmp moved successfully. C:\WINDOWS\SET3.tmp moved successfully. C:\WINDOWS\SET7.tmp moved successfully. C:\WINDOWS\~ACROBAT.TMP moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Julie Ross File delete failed. C:\Documents and Settings\Julie Ross\Local Settings\Temp\~DF1981.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Julie Ross\Local Settings\Temp\~DF19F6.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Julie Ross\Local Settings\Temp\~DF1BBE.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Julie Ross\Local Settings\Temp\~DF1BDE.tmp scheduled to be deleted on reboot. ->Temp folder emptied: 473707751 bytes File delete failed. C:\Documents and Settings\Julie Ross\Local Settings\Temporary Internet Files\Content.IE5\AUIT5R2V\iframe[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Julie Ross\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 5200520 bytes ->Java cache emptied: 25493434 bytes ->FireFox cache emptied: 52205653 bytes User: LocalService ->Temp folder emptied: 66016 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 1362740 bytes User: Mackenzie ->Temp folder emptied: 155410 bytes ->Temporary Internet Files folder emptied: 21168066 bytes ->FireFox cache emptied: 72261228 bytes User: Mackenzie Ross ->Temporary Internet Files folder emptied: 92307005 bytes User: Mallory Ross ->Temp folder emptied: 3332 bytes ->Temporary Internet Files folder emptied: 4194722 bytes ->FireFox cache emptied: 8447575 bytes User: Myles Ross ->Temp folder emptied: 61641 bytes ->Temporary Internet Files folder emptied: 246642 bytes User: NetworkService ->Temp folder emptied: 1940 bytes File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 34041 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 179712 bytes File delete failed. C:\WINDOWS\temp\JETDBD8.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_d8.dat scheduled to be deleted on reboot. Windows Temp folder emptied: 232146424 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 943.45 mb OTL by OldTimer - Version 3.0.22.1 log created on 10272009_162211 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Julie Ross\Local Settings\Temp\~DF1981.tmp not found! File\Folder C:\Documents and Settings\Julie Ross\Local Settings\Temp\~DF19F6.tmp not found! File\Folder C:\Documents and Settings\Julie Ross\Local Settings\Temp\~DF1BBE.tmp not found! File\Folder C:\Documents and Settings\Julie Ross\Local Settings\Temp\~DF1BDE.tmp not found! C:\Documents and Settings\Julie Ross\Local Settings\Temporary Internet Files\Content.IE5\AUIT5R2V\iframe[1].htm moved successfully. File\Folder C:\WINDOWS\temp\JETDBD8.tmp not found! File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat not found! File\Folder C:\WINDOWS\temp\Perflib_Perfdata_d8.dat not found! Registry entries deleted on Reboot... OTL logfile created on: 10/27/2009 5:04:08 PM - Run 2 OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Julie Ross\Desktop\PC Fix by Mike Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.42 Mb Total Physical Memory | 203.45 Mb Available Physical Memory | 39.78% Memory free 1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.23% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.79 Gb Total Space | 100.39 Gb Free Space | 89.80% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 1006.92 Mb Total Space | 1006.92 Mb Free Space | 100.00% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JULIE-O7W2BN5SI Current User Name: Julie Ross Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/10/26 21:43:31 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Julie Ross\Desktop\PC Fix by Mike\OTL.exe PRC - [2009/10/25 10:31:58 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/10/25 10:31:57 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/08/31 17:37:31 | 00,123,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\SymcPCCULaunchSvc.exe PRC - [2009/08/24 18:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\ccSvcHst.exe PRC - [2009/08/22 03:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe PRC - [2009/05/26 21:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2008/12/19 14:18:47 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2006/05/09 20:24:16 | 00,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1157510312\ee\aolsoftware.exe PRC - [2005/09/30 20:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe PRC - [2005/09/23 23:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe PRC - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2003/09/23 02:20:02 | 00,049,152 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe PRC - [2003/09/23 02:01:40 | 00,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe PRC - [2003/09/23 01:42:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE PRC - [2003/09/23 01:37:18 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2001/08/17 18:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\devldr32.exe ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (Viewpoint Manager Service [Auto | Stopped]) SRV - [2009/10/25 10:31:57 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2009/08/31 17:37:31 | 00,123,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher [Auto | Running]) SRV - [2009/08/24 18:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\ccSvcHst.exe -- (ccJobMgr [Unknown | Running]) SRV - [2009/08/22 03:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security [Auto | Running]) SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005/09/30 20:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running]) SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) SRV - [2003/09/23 01:42:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running]) SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running]) ========== Driver Services (SafeList) ========== DRV - [2009/10/24 04:52:08 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091027.008\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running]) DRV - [2009/10/24 04:52:08 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running]) DRV - [2009/10/24 04:52:08 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running]) DRV - [2009/10/24 04:52:08 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091027.008\NAVENG.SYS -- (NAVENG [On_Demand | Running]) DRV - [2009/10/16 03:24:59 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\ccHPx86.sys -- (ccHP [System | Running]) DRV - [2009/09/10 16:10:19 | 00,329,080 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091021.001\IDSxpx86.sys -- (IDSxpx86 [System | Running]) DRV - [2009/08/22 03:28:17 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SYMEFA.SYS -- (SymEFA [Boot | Running]) DRV - [2009/08/22 03:28:17 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SRTSP.SYS -- (SRTSP [System | Running]) DRV - [2009/08/22 03:28:17 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys -- (BHDrvx86 [System | Running]) DRV - [2009/08/22 03:28:17 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS -- (SYMTDI [System | Running]) DRV - [2009/08/22 03:28:17 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS -- (SYMFW [On_Demand | Running]) DRV - [2009/08/22 03:28:17 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SRTSPX.SYS -- (SRTSPX [System | Running]) DRV - [2009/08/22 03:28:17 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running]) DRV - [2009/08/22 03:28:17 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS -- (SYMIDS [On_Demand | Running]) DRV - [2009/08/20 15:19:54 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running]) DRV - [2009/08/18 15:11:17 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running]) DRV - [2009/08/18 15:11:17 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped]) DRV - [2008/04/13 14:45:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\GcKernel.sys -- (GcKernel [On_Demand | Stopped]) DRV - [2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running]) DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2005/10/10 11:44:03 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running]) DRV - [2005/07/01 16:48:42 | 00,043,008 | ---- | M] (D-Link ) -- C:\WINDOWS\System32\DRIVERS\dlkfet5b.sys -- (FETNDISB [On_Demand | Running]) DRV - [2004/08/04 01:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2003/04/30 10:07:16 | 00,320,160 | ---- | M] (D-Link) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped]) DRV - [2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2001/08/17 15:02:50 | 00,002,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys -- (HIDSwvd [On_Demand | Stopped]) DRV - [2001/08/17 08:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\sfmanm.sys -- (sfman [On_Demand | Running]) DRV - [2001/08/17 08:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Running]) DRV - [2001/08/17 08:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Running]) DRV - [2001/08/17 08:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand | Running]) DRV - [2001/08/17 08:12:32 | 00,016,074 | ---- | M] (NETGEAR Corp.) -- C:\WINDOWS\System32\DRIVERS\FA312nd5.sys -- (FA312 [On_Demand | Running]) DRV - [2001/05/07 06:56:02 | 00,019,805 | R--- | M] (Thesycon GmbH, Germany) -- C:\WINDOWS\System32\Drivers\usbio.sys -- (USBIO [On_Demand | Stopped]) ========== Modules (SafeList) ========== MOD - [2009/10/26 21:43:31 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Julie Ross\Desktop\PC Fix by Mike\OTL.exe MOD - [2009/08/22 03:28:14 | 00,419,696 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\16.7.2.11\ASOEHOOK.DLL MOD - [2008/04/13 20:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008/04/13 20:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mslbui.dll ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.comcast.net" FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\firefox\extensions\\{A9A05615-D954-475F-9A68-B06BA9A55E2E}: C:\Documents and Settings\Julie Ross\Local Settings\Application Data\{A9A05615-D954-475F-9A68-B06BA9A55E2E} [2008/12/23 15:59:15 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/25 10:32:03 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/24 19:30:51 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/21 21:26:13 | 00,000,000 | ---D | M] [2008/12/05 22:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Extensions [2008/12/05 22:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/01/16 21:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Firefox\Profiles\6znh2z4v.mac\extensions [2005/11/04 15:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Firefox\Profiles\hjlx0jzk.default\extensions [2005/11/04 15:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Firefox\Profiles\hjlx0jzk.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/10/27 17:01:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/09/13 10:14:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/10/25 10:32:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009/09/13 10:14:19 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/09/13 10:14:19 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2004/11/12 23:36:20 | 00,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll [2009/10/25 10:31:59 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/09/13 10:14:24 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2003/07/14 23:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2006/12/18 05:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008/03/24 20:21:00 | 02,889,088 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll [2004/02/20 16:14:09 | 00,176,177 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2009/07/22 19:11:41 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/07/22 19:11:41 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/07/22 19:11:41 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/07/22 19:11:41 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/07/22 19:11:41 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/08/24 09:49:59 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml [2009/07/22 19:11:41 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/07/22 19:11:41 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [bemobigoj] C:\WINDOWS\System32\hahohetu.DLL File not found O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157510312\ee\AOLSoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.) O4 - HKLM..\Run: [Lexmark X6100 Series] C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AirPlus.exe (D-Link) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab (Microsoft ProgressBar Control, version 5.0 (SP2)) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} http://asp.mathxl.com/applets/PearsonInstallAsst.cab (PearsonAsstX Control) O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab (cpbrkpie Control) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab (ZoneIntro Class) O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.) O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.15.44/ttinst.cab (Toontown Installer ActiveX Control) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\windows\system32\hahohetu.dll) - C:\WINDOWS\System32\hahohetu.dll File not found O20 - AppInit_DLLs: (gijoyeri.dll) - File not found O20 - AppInit_DLLs: (c:\windows\system32\dewezuwa.dll) - C:\WINDOWS\System32\dewezuwa.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O21 - SSODL: lizoyorur - {7e129636-1c2b-4709-b8d2-30d93f5ba36f} - C:\WINDOWS\System32\hahohetu.dll File not found O22 - SharedTaskScheduler: {7e129636-1c2b-4709-b8d2-30d93f5ba36f} - gahurihor - C:\WINDOWS\System32\hahohetu.dll File not found O24 - Desktop Components:0 () - https://pulse.clarian.org/clarian/layoutTem...s/header-bg.gif O24 - Desktop Components:1 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/10/10 10:07:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/10/25 13:07:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/24 18:42:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Application Data\COMCASTTOOLBAR [2009/10/25 12:32:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Application Data\SUPERAntiSpyware.com [2009/10/25 13:17:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Application Data\Tific [2009/10/25 13:17:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\Tific [2009/10/25 12:30:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009/10/25 09:18:21 | 00,000,000 | ---D | C] -- C:\Program Files\Adware Professional [2009/10/25 10:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009/10/25 10:31:48 | 00,000,000 | ---D | C] -- C:\Program Files\Java [2009/10/25 13:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/25 13:16:47 | 00,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup [2009/10/25 12:32:00 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2009/10/25 09:29:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro File not found -- C:\WINDOWS\System32\tuhipulo.dll [2009/10/27 16:22:11 | 00,000,000 | ---D | C] -- C:\_OTL [2009/10/25 17:06:45 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Julie Ross\Desktop\RootRepeal.exe [2009/10/25 13:16:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200000.092 [2009/10/25 13:16:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup [2009/10/25 13:07:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/25 13:07:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/25 12:27:06 | 00,000,000 | ---D | C] -- C:\Mike [2009/10/25 11:58:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009/10/25 10:32:38 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/10/25 10:32:37 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/10/25 10:32:37 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/10/25 10:32:37 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/10/25 08:32:38 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2009/10/25 07:35:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2009/10/24 19:00:12 | 09,092,032 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Julie Ross\Desktop\windows-kb890830-v3.0.exe [2009/10/24 18:45:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2009/10/24 18:37:27 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll [2009/10/24 18:37:18 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll [2009/10/24 18:20:42 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2009/10/21 21:26:13 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/10/21 21:19:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Desktop\PC Fix by Mike [2009/10/13 09:21:54 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF ========== Files - Modified Within 30 Days ========== [8 C:\Documents and Settings\Julie Ross\My Documents\*.tmp files] [2009/10/27 17:05:54 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\gokunike [2009/10/27 17:02:35 | 00,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/10/27 17:01:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/27 17:00:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/10/27 17:00:34 | 53,633,4336 | -HS- | M] () -- C:\hiberfil.sys [2009/10/27 16:58:37 | 04,252,734 | -H-- | M] () -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\IconCache.db [2009/10/27 16:24:12 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\rigivika.dll [2009/10/27 16:24:12 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\rawomuba.dll [2009/10/27 16:24:12 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\besigaza.dll [2009/10/25 17:06:45 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Julie Ross\Desktop\RootRepeal.exe [2009/10/25 17:01:25 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Julie Ross\Desktop\dds.scr [2009/10/25 13:17:06 | 00,001,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.lnk [2009/10/25 13:09:34 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/25 13:05:45 | 00,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/10/25 12:32:09 | 00,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\sas.exe.lnk [2009/10/25 12:24:12 | 02,383,047 | ---- | M] () -- C:\MGtools.exe [2009/10/25 11:59:09 | 00,000,737 | ---- | M] () -- C:\WINDOWS\win.ini [2009/10/25 11:59:09 | 00,000,243 | ---- | M] () -- C:\WINDOWS\system.ini [2009/10/25 11:59:09 | 00,000,211 | -H-- | M] () -- C:\boot.ini [2009/10/25 10:31:56 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/10/25 10:31:56 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/10/25 10:31:56 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/10/25 10:31:56 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/10/25 10:31:54 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/10/25 10:20:07 | 00,001,557 | ---- | M] () -- C:\Documents and Settings\Julie Ross\Desktop\CCleaner.lnk [2009/10/25 09:29:35 | 00,001,743 | ---- | M] () -- C:\Documents and Settings\Julie Ross\Desktop\HijackThis.lnk [2009/10/25 07:37:39 | 00,670,218 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB [2009/10/24 19:54:46 | 00,000,006 | ---- | M] () -- C:\WINDOWS\System32\ClassU [2009/10/24 19:54:46 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\Band4 [2009/10/24 19:00:13 | 09,092,032 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Julie Ross\Desktop\windows-kb890830-v3.0.exe [2009/10/21 21:54:30 | 00,010,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg [2009/10/19 18:50:31 | 00,000,092 | ---- | M] () -- C:\WINDOWS\System32\wwp.htm [2009/10/19 11:24:06 | 00,000,548 | ---- | M] () -- C:\WINDOWS\lexstat.ini [2009/10/19 10:03:45 | 00,001,982 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk [2009/10/16 03:24:59 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\cchpx86.sys [2009/10/16 03:24:51 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\isolate.ini [2009/10/09 17:26:17 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Julie Ross\Desktop\Microsoft Office Word 2003.lnk [2009/10/06 19:17:02 | 00,772,096 | ---- | M] () -- C:\Documents and Settings\Julie Ross\My Documents\ferret doc.doc [2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe ========== Files - No Company Name ========== [2009/10/27 16:24:05 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\rigivika.dll [2009/10/27 16:24:05 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\rawomuba.dll [2009/10/27 16:24:05 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\besigaza.dll [2009/10/27 16:23:26 | 00,001,744 | -H-- | C] () -- C:\WINDOWS\System32\gokunike [2009/10/25 17:01:24 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Desktop\dds.scr [2009/10/25 13:17:06 | 00,001,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.lnk [2009/10/25 13:16:47 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200000.092\isolate.ini [2009/10/25 13:07:11 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/25 13:05:44 | 00,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/10/25 12:46:22 | 53,633,4336 | -HS- | C] () -- C:\hiberfil.sys [2009/10/25 12:32:09 | 00,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\sas.exe.lnk [2009/10/25 12:24:08 | 02,383,047 | ---- | C] () -- C:\MGtools.exe [2009/10/25 10:20:06 | 00,001,557 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Desktop\CCleaner.lnk [2009/10/25 09:29:34 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Desktop\HijackThis.lnk [2009/10/24 19:54:46 | 00,000,006 | ---- | C] () -- C:\WINDOWS\System32\ClassU [2009/10/24 19:54:46 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\Band4 [2009/10/21 21:14:06 | 00,010,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg [2009/10/19 18:50:31 | 00,000,092 | ---- | C] () -- C:\WINDOWS\System32\wwp.htm [2009/10/06 19:17:01 | 00,772,096 | ---- | C] () -- C:\Documents and Settings\Julie Ross\My Documents\ferret doc.doc [2009/07/24 11:07:00 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\zeginizo.dll [2009/07/21 19:48:50 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\vayihufi.dll [2009/07/21 19:48:50 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\libetuka.dll [2009/07/21 19:48:19 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\wotitiha.dll [2009/07/21 19:48:17 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\semasowa.dll [2009/01/24 15:44:37 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008/12/23 15:46:39 | 00,002,710 | ---- | C] () -- C:\WINDOWS\System32\TDSSxnpr.dll [2008/12/23 15:46:31 | 00,035,840 | ---- | C] () -- C:\WINDOWS\System32\TDSSkfkl.dll [2008/12/23 15:35:27 | 00,412,227 | -HS- | C] () -- C:\WINDOWS\System32\GffMUvut.ini2 [2008/12/23 15:35:27 | 00,412,227 | -HS- | C] () -- C:\WINDOWS\System32\GffMUvut.ini [2007/03/10 00:48:24 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys [2006/10/11 10:40:03 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/09/21 00:51:25 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2006/09/05 22:36:04 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini [2006/07/20 20:11:13 | 00,000,249 | ---- | C] () -- C:\WINDOWS\SimPark.ini [2006/06/06 15:13:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI [2006/01/20 12:39:55 | 00,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2006/01/20 12:39:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2006/01/20 12:31:03 | 00,000,936 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006/01/19 18:18:10 | 00,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini [2006/01/19 18:18:09 | 00,000,047 | ---- | C] () -- C:\WINDOWS\winhelp.ini [2006/01/19 18:16:05 | 00,000,321 | ---- | C] () -- C:\WINDOWS\System32\cosmo.ini [2006/01/19 18:15:45 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\sx83p32.dll [2006/01/19 18:15:08 | 00,150,016 | ---- | C] () -- C:\WINDOWS\CRLASP95.DLL [2006/01/19 18:13:51 | 00,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV [2006/01/19 18:12:23 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL [2006/01/19 18:12:22 | 00,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL [2006/01/04 13:59:01 | 00,000,198 | ---- | C] () -- C:\WINDOWS\DLCS.INI [2006/01/02 19:04:15 | 00,000,733 | ---- | C] () -- C:\WINDOWS\hegames.ini [2005/12/31 15:33:03 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/12/31 15:17:45 | 00,000,327 | ---- | C] () -- C:\WINDOWS\PSTUDIO.INI [2005/12/31 15:16:31 | 00,206,336 | ---- | C] () -- C:\WINDOWS\PCDLIB32.DLL [2005/12/15 20:34:49 | 00,082,768 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2005/11/10 21:06:49 | 00,000,077 | ---- | C] () -- C:\WINDOWS\KA.INI [2005/11/10 20:14:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2005/11/04 16:57:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Application Data\dm.ini [2005/11/04 16:57:03 | 00,000,879 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Application Data\AdobeDLM.log [2005/11/03 11:48:49 | 00,000,007 | ---- | C] () -- C:\WINDOWS\offnm.ini [2005/11/02 22:13:00 | 00,001,935 | ---- | C] () -- C:\WINDOWS\b9b9a5bd6632124470370a10375acc86.ini [2005/11/02 22:11:38 | 00,090,112 | ---- | C] () -- C:\WINDOWS\libbz2.dll [2005/11/02 22:11:38 | 00,000,148 | ---- | C] () -- C:\WINDOWS\Fnynlvks.ini [2005/11/02 22:09:43 | 00,000,417 | ---- | C] () -- C:\WINDOWS\tuptr.dll [2005/10/25 09:09:28 | 00,000,029 | ---- | C] () -- C:\WINDOWS\RRK.INI [2005/10/25 09:06:22 | 00,000,603 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI [2005/10/25 09:05:18 | 00,000,112 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI [2005/10/18 20:02:14 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2005/10/10 12:22:59 | 04,252,734 | -H-- | C] () -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\IconCache.db [2005/10/10 12:16:01 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Julie Ross\Application Data\desktop.ini [2005/10/10 11:59:25 | 00,000,548 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2005/10/10 11:59:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL [2005/10/10 11:59:02 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll [2005/10/10 11:58:45 | 00,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini [2005/10/10 04:54:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2003/03/31 08:00:00 | 00,000,737 | ---- | C] () -- C:\WINDOWS\win.ini [2003/03/31 08:00:00 | 00,000,243 | ---- | C] () -- C:\WINDOWS\system.ini [2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512B5648 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report > |
|
|
|
|
Oct 27 2009, 05:34 PM
Post
#6
|
|
|
Malware Expert Group: HJT Team Posts: 15,811 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
We're getting there. Once you run Malwarebytes and have it remove whatever it detects, please post a new log from OTL so I can see what's left.
-------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Oct 30 2009, 07:22 AM
Post
#7
|
|
|
New Member Group: Members Posts: 4 Joined: 25-October 09 Member No.: 394,441 |
Malwarebytes still would not run, nor would Microsofts anti-maleware.
I had another idea that I should have thought of from the beginning. Took the hard drive out of the infected computer and connected to my good computer through the black box usb connection. Scanned the drive using malwarebytes and removed the viruses. Reinstalled the drive into the original computer and was able to re-run malwarebytes on that bad computer this time. Malwarebytes seemed to clean up the registry some more. As of now everything seems to be fixed and running again. Thanks for your help. Go Hoosiers! |
|
|
|
|
Oct 30 2009, 04:51 PM
Post
#8
|
|
|
Malware Expert Group: HJT Team Posts: 15,811 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Do you not want me to review your log to see if anything is left?
-------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 10 2009, 06:17 PM
Post
#9
|
|
|
Malware Expert Group: HJT Team Posts: 15,811 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Now that your problem appears to be resolved, this topic will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this topic in your request.
-------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 1st December 2009 - 01:40 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.