Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Charter Security Suite Unable To Disinfect Multiple Detections


  • Please log in to reply
6 replies to this topic

#1 dmsharpe

dmsharpe

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 29 January 2009 - 04:37 PM

Windows XP Professional Version 2002 Service Pack 3
HP Workstation xw6200 Intel Xeon CPU 2.80 GHz, 512 MB Ram

Currently use Charter Security Suite for antivirus, adware, malware protection, etc. Recently unable to remove detections and receive messages similar to:

Trojan-Powerloader.JS.Psme.amy has been detected...the object could not be disinfected object was removed.

Have tried numerous online virus scans with no success such including F-Secure, Panda, etc. Recently downloaded Malwarebyte's and will post results below along with OTViewIt results. I hope I'm not providing too much info too early. Please advise next steps, thanks.

Malwarebytes' Anti-Malware 1.33
Database version: 1705
Windows 5.1.2600 Service Pack 3

1/29/2009 3:22:59 PM
mbam-log-2009-01-29 (15-22-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 129400
Time elapsed: 1 hour(s), 18 minute(s), 28 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 6
Registry Keys Infected: 27
Registry Values Infected: 7
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 29

Memory Processes Infected:
C:\Documents and Settings\Administrator\Application Data\Twain\Twain.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
C:\WINDOWS\system32\wiwirira.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\moruzagi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jalopeya.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vodawoja.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\tiwamora.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ufrctx.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b67ee1c3-8147-4ea7-9a63-7c0ed4d19e92} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b67ee1c3-8147-4ea7-9a63-7c0ed4d19e92} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84444d0e-eb34-4fc8-b75a-984c081ad5b9} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84444d0e-eb34-4fc8-b75a-984c081ad5b9} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{84444d0e-eb34-4fc8-b75a-984c081ad5b9} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b67ee1c3-8147-4ea7-9a63-7c0ed4d19e92} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\507f5f58 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pipepusara (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm534c6cc4 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\twain (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\moruzagi.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\moruzagi.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\moruzagi.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\tiwamora.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\tiwamora.dll -> No action taken.

Folders Infected:
C:\Documents and Settings\Administrator\Application Data\cogad (Trojan.Agent) -> No action taken.

Files Infected:
C:\WINDOWS\system32\ufrctx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\dagihama.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\amahigad.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tazodavi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ivadozat.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wiwirira.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\aririwiw.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vodawoja.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\tiwamora.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jalopeya.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\moruzagi.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP565\A0050330.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP565\A0050351.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP603\A0054658.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP603\A0054662.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP603\A0054663.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP613\A0061373.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP613\A0061244.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP613\A0061372.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP613\A0063274.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP621\A0064877.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\lefofafi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\libinisu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\weyuneve.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wpv881232809217.cpx (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\Twain\Twain.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\cbXPhghI.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yawikofe.dll (Trojan.Vundo) -> No action taken.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> No action taken.


OTViewIt logfile created on: 1/29/2009 3:29:49 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.50 Mb Total Physical Memory | 86.90 Mb Available Physical Memory | 16.99% Memory free
1.22 Gb Paging File | 0.59 Gb Available in Paging File | 48.09% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 50.95 Gb Free Space | 68.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/09/23 07:35:14 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
[2008/09/23 07:37:18 | 00,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
[2009/01/27 01:15:20 | 00,440,448 | ---- | M] (F-Secure Corp.) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32.exe
[2008/09/23 07:37:20 | 00,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSMB32.EXE
[2008/12/15 04:22:50 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2003/05/08 06:34:32 | 00,069,632 | ---- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
[2008/09/23 07:37:18 | 00,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FCH32.EXE
[2005/11/21 15:55:16 | 00,045,056 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2005/05/06 23:14:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2006/09/28 19:18:00 | 00,266,343 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
[2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[2003/05/05 09:57:30 | 00,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2006/11/22 21:10:06 | 00,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
[2008/09/23 07:37:18 | 00,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FAMEH32.EXE
[2008/09/23 07:35:14 | 00,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsqh.exe
[2008/12/15 04:22:51 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/09/23 07:37:18 | 00,182,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSM32.EXE
[2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/09/14 17:16:32 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2009/01/25 22:44:13 | 00,061,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Twain\Twain.exe
[2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/09/23 07:37:28 | 00,686,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FSPC\fspc.exe
[2008/09/23 07:36:54 | 00,604,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FSGUI\fsguidll.exe
[2009/01/27 01:15:25 | 00,519,816 | ---- | M] (F-Secure Corp.) -- C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
[2008/09/23 07:37:54 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
[2008/09/23 07:34:32 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FSAUA\program\fsaua.exe
[2008/09/23 07:35:40 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exe
[2008/04/13 18:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/12/01 04:31:24 | 00,174,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FSAUA\program\fsus.exe
[2009/01/15 02:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/09/23 07:35:12 | 00,344,160 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
[2009/01/29 13:45:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2009/01/14 16:11:26 | 01,273,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
[2008/09/23 07:37:00 | 01,251,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FSGUI\scanwizard.exe
[2009/01/15 02:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/01/15 02:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/01/29 13:45:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/09/23 07:35:14 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter [Auto | Running])
[2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/09/23 07:34:32 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FSAUA\program\fsaua.exe -- (FSAUA [On_Demand | Running])
[2008/09/23 07:35:40 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exe -- (FSDFWD [On_Demand | Running])
[2008/09/23 07:37:18 | 00,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE -- (FSMA [Auto | Running])
[2008/09/23 07:37:54 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe -- (FSORSPClient [On_Demand | Running])
[2008/12/14 23:27:21 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/12/15 04:22:50 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2005/05/06 23:14:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/09/28 19:18:00 | 00,266,343 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
[2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2001/08/17 08:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
[2002/05/08 19:44:42 | 00,105,472 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2003/03/13 12:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2004/07/15 14:44:27 | 00,190,336 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Running])
[2004/02/04 12:34:16 | 00,051,584 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp [On_Demand | Stopped])
[2001/08/17 08:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/09/23 07:35:18 | 00,039,776 | ---- | M] () -- C:\Program Files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter [Disabled | Stopped])
[2009/01/27 01:19:33 | 00,084,096 | ---- | M] () -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper [On_Demand | Running])
[2008/09/23 07:37:06 | 00,066,720 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys -- (F-Secure HIPS [System | Running])
[2008/09/23 07:35:18 | 00,025,184 | ---- | M] () -- C:\Program Files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer [Disabled | Stopped])
[2009/01/27 01:19:16 | 00,033,408 | ---- | M] () -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts [Boot | Running])
[2008/09/23 07:35:38 | 00,079,904 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW [Boot | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2003/09/25 21:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5 [On_Demand | Stopped])
[2004/08/03 18:29:38 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x [On_Demand | Stopped])
[2004/08/03 18:29:38 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
[2004/08/03 18:29:38 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
[2004/08/03 18:29:38 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
[2004/08/03 18:29:48 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
[2004/08/03 18:29:50 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
[2004/08/03 18:29:40 | 00,011,807 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5 [On_Demand | Stopped])
[2004/08/03 18:29:40 | 00,011,295 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6 [On_Demand | Stopped])
[2004/08/03 18:29:42 | 00,011,871 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7 [On_Demand | Stopped])
[2004/08/03 18:29:42 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
[2004/08/03 18:29:44 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
[2004/08/03 18:29:44 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
[2004/08/03 18:29:46 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
[2004/08/03 18:29:46 | 00,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5 [On_Demand | Stopped])
[2004/08/03 18:29:46 | 00,022,271 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6 [On_Demand | Stopped])
[2004/10/19 03:07:08 | 00,478,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Disabled | Stopped])
[2006/08/02 10:45:32 | 00,114,560 | ---- | M] (Mars Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910 [On_Demand | Stopped])
[2005/05/06 23:14:00 | 03,456,608 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/08/02 19:03:00 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem [Auto | Running])
[2001/08/17 14:49:58 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/07/31 16:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/10/20 01:00:04 | 00,243,328 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500 [On_Demand | Running])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2003/05/27 18:05:42 | 00,578,304 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2002/04/04 00:32:06 | 00,028,416 | R--- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2006/11/06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"Start Page Redirect Cache"=http://www.msn.com/
"Start Page Redirect Cache AcceptLangs"=en-us
"Start Page Redirect Cache_TIMESTAMP"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>;*.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.hp.com

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.hp.com

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.hp.com

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.hp.com

[HKEY_USERS\S-1-5-21-1598062124-3699688092-1250645814-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"Start Page Redirect Cache"=http://www.msn.com/
"Start Page Redirect Cache AcceptLangs"=en-us
"Start Page Redirect Cache_TIMESTAMP"=

[HKEY_USERS\S-1-5-21-1598062124-3699688092-1250645814-500\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-1598062124-3699688092-1250645814-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1598062124-3699688092-1250645814-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>;*.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{84444d0e-eb34-4fc8-b75a-984c081ad5b9} (HKLM) -- C:\WINDOWS\system32\jalopeya.dll ()
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
{b67ee1c3-8147-4ea7-9a63-7c0ed4d19e92} (HKLM) -- C:\WINDOWS\system32\ufrctx.dll (SoftComplete Development)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1598062124-3699688092-1250645814-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"507f5f58"=rundll32.exe "C:\WINDOWS\system32\wiwirira.dll",b ()
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"CPM534c6cc4"=Rundll32.exe "c:\windows\system32\tiwamora.dll",a ()
"DrvLsnr"=C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" (CyberLink Corp.)
"F-Secure Manager"="C:\Program Files\Charter Security Suite\Common\FSM32.EXE" /splash (F-Secure Corporation)
"F-Secure TNB"="C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW (F-Secure Corporation)
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"nwiz"=nwiz.exe /installquiet (NVIDIA Corporation)
"pipepusara"=Rundll32.exe "C:\WINDOWS\system32\vodawoja.dll",s ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on (HP)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"Twain"=C:\Documents and Settings\Administrator\Application Data\Twain\Twain.exe ()

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pipepusara"=Rundll32.exe "C:\WINDOWS\system32\vodawoja.dll",s ()

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pipepusara"=Rundll32.exe "C:\WINDOWS\system32\vodawoja.dll",s ()

[HKEY_USERS\S-1-5-21-1598062124-3699688092-1250645814-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"Twain"=C:\Documents and Settings\Administrator\Application Data\Twain\Twain.exe ()

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1598062124-3699688092-1250645814-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2009/01/05 16:33:03 | 03,751,995 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2009/01/05 16:33:03 | 03,751,995 | ---- | M] (Google Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{200DB664-75B5-47c0-8B45-A44ACCF73C00}: Button: Parental... -- %ProgramFiles%\Charter Security Suite\FSPC\fspcmsie.dll [2008/09/23 07:37:28 | 00,150,112 | ---- | M] (F-Secure Corporation)
{200DB664-75B5-47c0-8B45-A44ACCF73F01}: Menu: Parental... -- %ProgramFiles%\Charter Security Suite\FSPC\fspcmsie.dll [2008/09/23 07:37:28 | 00,150,112 | ---- | M] (F-Secure Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1598062124-3699688092-1250645814-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}: http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab -- Reg Error: Key does not exist or could not be opened.
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}: http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab -- Symantec AntiVirus scanner
{362C56AA-6E4F-40C7-A0B5-85501DBDAD77}: http://i.dell.com/images/global/js/scanner/SysProExe.cab -- Scanner.SysScanner
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab -- Windows Live Safety Center Base Module
{644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab -- Symantec RuFSI Utility Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://charter.net/files/charter/securitysuite/fscax.cab -- F-Secure Online Scanner 3.3
{C02226EB-A5D7-4B1F-BD7E-635E46C2288D}: http://a.download.toontown.com/sv1.0.31.5/ttinst.cab -- Toontown Installer ActiveX Control
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{6087773E-50D4-4219-BF0F-66C706F844A7} (Servers: | Description: Broadcom NetXtreme Gigabit Ethernet)
{91E7BEA5-A9F1-4CB7-B0C6-9296058A2D4E} (Servers: | Description: Linksys Wireless-G PCI Adapter)
{FE22DDD1-6675-4E01-B976-316B97A9BAD2} (Servers: | Description: Linksys Wireless-G PCI Adapter)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\moruzagi.dll atdhtk.dll c:\windows\system32\tiwamora.dll
>[1900/01/01 12:00:00 | 00,069,828 | -HS- | M] () -- C:\WINDOWS\system32\moruzagi.dll
>[2009/01/28 01:20:44 | 00,133,243 | -HS- | M] () -- C:\WINDOWS\system32\atdhtk.dll
>[2009/01/29 13:21:37 | 00,099,955 | -HS- | M] () -- c:\WINDOWS\system32\tiwamora.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
pmnNHyab: "DllName" = pmnNHyab.dll -- File not found

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (HKLM) -- c:\WINDOWS\system32\tiwamora.dll ()

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" (HKLM) = STS -- c:\WINDOWS\system32\tiwamora.dll ()

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
>File not found --

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\hgGwVNgD,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/01/29 14:37:52 | 01,648,013 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2009/01/29 14:02:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/01/29 14:01:58 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/29 14:01:57 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/29 14:01:46 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/29 14:01:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/29 14:01:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/29 14:00:38 | 02,737,808 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/01/29 13:45:17 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2009/01/29 13:34:44 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/01/29 13:21:40 | 01,463,190 | -HS- | C] () -- C:\WINDOWS\System32\aririwiw.ini
[2009/01/29 13:21:36 | 00,135,358 | -HS- | C] (SoftComplete Development) -- C:\WINDOWS\System32\bdaqte.dll
[2009/01/29 12:19:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/01/29 12:18:23 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/01/29 12:15:23 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/01/29 12:13:42 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/01/29 12:13:42 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/01/29 12:13:41 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/01/29 12:13:41 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/01/29 12:13:41 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/01/29 12:13:41 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/01/29 12:13:41 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/01/29 12:13:40 | 00,000,000 | ---D | C] -- C:\5e1fdfd02d0d86d4633cf032fe0e68
[2009/01/29 01:22:25 | 01,463,190 | -HS- | C] () -- C:\WINDOWS\System32\igidobum.ini
[2009/01/29 01:21:14 | 00,135,460 | -HS- | C] (SoftComplete Development) -- C:\WINDOWS\System32\aihvzb.dll
[2009/01/28 23:46:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/01/28 23:41:28 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/01/28 13:21:06 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\yawikofe.dll
[2009/01/28 13:20:55 | 01,466,190 | -HS- | C] () -- C:\WINDOWS\System32\ivadozat.ini
[2009/01/28 13:20:54 | 00,133,215 | -HS- | C] (SoftComplete Development) -- C:\WINDOWS\System32\ufrctx.dll
[2009/01/28 01:21:04 | 01,464,327 | -HS- | C] () -- C:\WINDOWS\System32\erenekak.ini
[2009/01/28 01:20:45 | 00,133,243 | -HS- | C] () -- C:\WINDOWS\System32\atdhtk.dll
[2009/01/28 00:52:47 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\cbXPhghI.dll
[2009/01/27 23:01:26 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2009/01/27 23:00:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\F-Secure
[2009/01/27 22:59:34 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2009/01/27 22:41:15 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/01/27 22:14:19 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/01/27 13:20:18 | 00,135,467 | -HS- | C] (SoftComplete Development) -- C:\WINDOWS\System32\jjpbfh.dll
[2009/01/27 13:20:16 | 01,464,887 | -HS- | C] () -- C:\WINDOWS\System32\amahigad.ini
[2009/01/27 01:19:54 | 01,462,525 | -HS- | C] () -- C:\WINDOWS\System32\ekuluzit.ini
[2009/01/27 01:19:52 | 00,141,932 | -HS- | C] () -- C:\WINDOWS\System32\tpwojh.dll
[2009/01/27 01:19:16 | 00,033,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2009/01/27 00:56:38 | 00,000,526 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2009/01/27 00:52:11 | 00,079,904 | ---- | C] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys
[2009/01/27 00:50:31 | 00,000,000 | ---D | C] -- C:\Program Files\Charter Security Suite
[2009/01/27 00:50:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009/01/27 00:49:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2009/01/27 00:44:16 | 71,772,240 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\Administrator\Desktop\Charter_version_8.exe
[2009/01/26 01:27:19 | 00,000,204 | ---- | C] () -- C:\WINDOWS\System32\ikhcore.cfg
[2009/01/25 22:44:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Twain
[2009/01/25 22:40:30 | 01,434,061 | -HS- | C] () -- C:\WINDOWS\System32\foujqnjp.ini
[2009/01/25 22:38:10 | 00,000,000 | ---D | C] -- C:\Program Files\WebShow
[2009/01/25 14:25:24 | 00,000,037 | ---- | C] () -- C:\WINDOWS\Acroread.ini
[2009/01/24 22:35:51 | 01,434,061 | -HS- | C] () -- C:\WINDOWS\System32\tmxfacbn.ini
[2009/01/24 22:32:09 | 00,406,959 | -HS- | C] () -- C:\WINDOWS\System32\DgNVwGgh.ini2
[2009/01/24 22:32:07 | 00,406,959 | -HS- | C] () -- C:\WINDOWS\System32\DgNVwGgh.ini
[2009/01/24 22:26:54 | 00,000,332 | ---- | C] () -- C:\WINDOWS\tasks\admnzbug.job
[2009/01/24 22:26:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\cogad
[2009/01/24 22:24:57 | 00,198,730 | ---- | C] () -- C:\WINDOWS\System32\wpv881232809217.cpx
[2009/01/20 19:35:08 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Breakneck Speed.doc
[2009/01/17 21:20:23 | 00,002,645 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2009/01/17 21:20:23 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys2.bmp
[2009/01/17 21:20:23 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys1.bmp
[2009/01/17 21:20:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Softwrap
[2009/01/17 21:20:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Fonts
[2009/01/17 21:20:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Config
[2009/01/17 21:20:06 | 00,000,000 | ---D | C] -- C:\Program Files\Game_Maker7
[2009/01/16 12:28:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IOSUBSYS
[2009/01/15 18:11:08 | 00,037,888 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\At the main menu.doc
[2009/01/15 02:22:00 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/01/15 02:21:44 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/01/15 02:19:22 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/01/15 02:19:02 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/01/15 02:04:28 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/01/12 20:23:49 | 00,000,000 | ---D | C] -- C:\Program Files\weblin
[2009/01/12 20:22:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\zweitgeist
[2009/01/11 19:00:01 | 00,035,071 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\p1_tomlinson.jpg
[2009/01/06 19:30:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Roblox
[2009/01/06 19:29:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\RobloxVersions
[2009/01/06 19:29:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\RobloxDownloads

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/01/29 15:31:23 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\yufeseji
[2009/01/29 15:30:00 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EB14FE14-CAC2-4270-99C5-55DCBCE100F6}.job
[2009/01/29 14:37:56 | 01,648,013 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2009/01/29 14:01:58 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/29 14:00:41 | 02,737,808 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/01/29 14:00:00 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\admnzbug.job
[2009/01/29 13:45:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2009/01/29 13:32:01 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/29 13:31:27 | 00,004,713 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/29 13:30:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/29 13:30:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/29 13:29:27 | 04,302,894 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/01/29 13:22:05 | 01,463,190 | -HS- | M] () -- C:\WINDOWS\System32\aririwiw.ini
[2009/01/29 13:21:37 | 00,099,955 | -HS- | M] () -- C:\WINDOWS\System32\tiwamora.dll
[2009/01/29 13:21:35 | 00,135,358 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\pivejehu.dll
[2009/01/29 13:21:35 | 00,135,358 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\bdaqte.dll
[2009/01/29 13:21:35 | 00,086,242 | -HS- | M] () -- C:\WINDOWS\System32\wiwirira.dll
[2009/01/29 13:19:54 | 00,535,904 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/29 13:19:54 | 00,451,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/29 13:19:54 | 00,075,148 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/29 13:09:13 | 00,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/29 01:22:39 | 01,463,190 | -HS- | M] () -- C:\WINDOWS\System32\igidobum.ini
[2009/01/29 01:21:14 | 00,135,460 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\neyuvena.dll
[2009/01/29 01:21:14 | 00,135,460 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\aihvzb.dll
[2009/01/29 01:21:14 | 00,100,628 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\ropenoya.dll
[2009/01/28 23:55:24 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2009/01/28 23:52:32 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/01/28 18:01:30 | 00,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2009/01/28 15:17:56 | 01,466,190 | -HS- | M] () -- C:\WINDOWS\System32\ivadozat.ini
[2009/01/28 13:21:07 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\yawikofe.dll
[2009/01/28 13:20:57 | 00,100,014 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\libinisu.dll
[2009/01/28 13:20:54 | 00,086,639 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\tazodavi.dll
[2009/01/28 13:20:53 | 00,133,215 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\ufrctx.dll
[2009/01/28 13:20:53 | 00,133,215 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\lefofafi.dll
[2009/01/28 01:21:14 | 01,464,327 | -HS- | M] () -- C:\WINDOWS\System32\erenekak.ini
[2009/01/28 01:20:44 | 00,133,243 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\duwibudo.dll
[2009/01/28 01:20:44 | 00,133,243 | -HS- | M] () -- C:\WINDOWS\System32\atdhtk.dll
[2009/01/28 01:20:43 | 00,100,476 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\tesirolo.dll
[2009/01/28 00:52:47 | 00,036,352 | ---- | M] () -- C:\WINDOWS\System32\cbXPhghI.dll
[2009/01/27 22:41:15 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/01/27 13:20:35 | 01,464,887 | -HS- | M] () -- C:\WINDOWS\System32\amahigad.ini
[2009/01/27 13:20:19 | 00,100,025 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\weyuneve.dll
[2009/01/27 13:20:17 | 00,135,467 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\wevagofo.dll
[2009/01/27 13:20:17 | 00,135,467 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\jjpbfh.dll
[2009/01/27 13:20:15 | 00,086,698 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\dagihama.dll
[2009/01/27 12:25:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/27 01:20:11 | 01,462,525 | -HS- | M] () -- C:\WINDOWS\System32\ekuluzit.ini
[2009/01/27 01:19:52 | 00,141,932 | -HS- | M] () -- C:\WINDOWS\System32\tpwojh.dll
[2009/01/27 01:19:52 | 00,141,932 | -HS- | M] () -- C:\WINDOWS\System32\palozora.dll
[2009/01/27 01:19:51 | 00,107,309 | -HS- | M] (ABBYY (BIT Software)) -- C:\WINDOWS\System32\suvekesa.dll
[2009/01/27 01:19:16 | 00,033,408 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2009/01/27 00:49:31 | 71,772,240 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\Administrator\Desktop\Charter_version_8.exe
[2009/01/26 01:27:19 | 00,000,204 | ---- | M] () -- C:\WINDOWS\System32\ikhcore.cfg
[2009/01/25 22:47:50 | 00,406,959 | -HS- | M] () -- C:\WINDOWS\System32\DgNVwGgh.ini
[2009/01/25 22:46:40 | 00,406,959 | -HS- | M] () -- C:\WINDOWS\System32\DgNVwGgh.ini2
[2009/01/25 22:40:34 | 01,434,061 | -HS- | M] () -- C:\WINDOWS\System32\foujqnjp.ini
[2009/01/25 14:25:24 | 00,000,037 | ---- | M] () -- C:\WINDOWS\Acroread.ini
[2009/01/25 09:30:19 | 05,154,304 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\WindowsDefender.msi
[2009/01/25 09:15:57 | 00,002,645 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2009/01/24 22:36:19 | 01,434,061 | -HS- | M] () -- C:\WINDOWS\System32\tmxfacbn.ini
[2009/01/24 22:24:57 | 00,198,730 | ---- | M] () -- C:\WINDOWS\System32\wpv881232809217.cpx
[2009/01/20 19:35:09 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Breakneck Speed.doc
[2009/01/19 18:47:05 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/01/17 21:20:23 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys2.bmp
[2009/01/17 21:20:23 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys1.bmp
[2009/01/15 18:11:09 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\At the main menu.doc
[2009/01/15 02:22:22 | 01,228,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll.mui
[2009/01/15 02:22:22 | 01,228,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/01/15 02:22:00 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/01/15 02:21:44 | 00,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/01/15 02:19:22 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll.mui
[2009/01/15 02:19:22 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/01/15 02:19:02 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/01/15 02:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2009/01/15 02:17:22 | 00,392,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/01/15 02:17:22 | 00,392,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2009/01/15 02:13:18 | 05,888,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/01/15 02:13:18 | 05,888,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/01/15 02:12:12 | 10,963,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/01/15 02:12:12 | 10,963,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/01/15 02:06:48 | 01,182,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2009/01/15 02:06:48 | 01,182,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/01/15 02:06:44 | 01,467,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2009/01/15 02:06:44 | 01,467,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2009/01/15 02:06:22 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2009/01/15 02:06:08 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll
[2009/01/15 02:06:08 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2009/01/15 02:06:00 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2009/01/15 02:06:00 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2009/01/15 02:05:42 | 00,911,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2009/01/15 02:05:42 | 00,911,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/01/15 02:05:34 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2009/01/15 02:05:34 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/01/15 02:05:34 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll
[2009/01/15 02:05:34 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2009/01/15 02:05:34 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2009/01/15 02:05:34 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2009/01/15 02:04:56 | 00,755,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll
[2009/01/15 02:04:28 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/01/15 02:04:28 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2009/01/15 02:04:16 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/01/15 02:04:16 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/01/15 02:03:58 | 00,724,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/01/15 02:03:58 | 00,724,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/01/15 02:03:50 | 00,228,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2009/01/15 02:03:50 | 00,228,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2009/01/15 02:03:42 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2009/01/15 02:03:42 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2009/01/15 02:03:36 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2009/01/15 02:03:36 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2009/01/15 02:03:32 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admparse.dll
[2009/01/15 02:03:32 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\admparse.dll
[2009/01/15 02:03:28 | 00,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/01/15 02:03:28 | 00,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/01/15 02:03:20 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2009/01/15 02:03:20 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2009/01/15 02:03:18 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iesetup.dll
[2009/01/15 02:03:18 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iesetup.dll
[2009/01/15 02:03:18 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009/01/15 02:03:14 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inseng.dll
[2009/01/15 02:03:14 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/01/15 02:03:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2009/01/15 02:03:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2009/01/15 02:03:12 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2009/01/15 02:03:12 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2009/01/15 02:02:50 | 01,975,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll
[2009/01/15 02:02:50 | 01,975,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/01/15 02:02:40 | 00,593,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2009/01/15 02:02:40 | 00,593,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/01/15 02:02:20 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2009/01/15 02:02:20 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/01/15 02:01:52 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2009/01/15 02:01:52 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/01/15 02:01:42 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2009/01/15 02:01:40 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll
[2009/01/15 02:01:40 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/01/15 02:01:40 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2009/01/15 02:01:40 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/01/15 02:01:26 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imgutil.dll
[2009/01/15 02:01:26 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imgutil.dll
[2009/01/15 02:01:22 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2009/01/15 02:01:22 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/01/15 02:01:18 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2009/01/15 02:01:18 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/01/15 02:01:16 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2009/01/15 02:01:16 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/01/15 02:01:06 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll
[2009/01/15 02:01:06 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/01/15 02:00:46 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmler.dll
[2009/01/15 02:00:46 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmler.dll
[2009/01/15 02:00:40 | 01,639,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.tlb
[2009/01/15 02:00:40 | 01,639,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.tlb
[2009/01/15 02:00:38 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe
[2009/01/15 02:00:38 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshta.exe
[2009/01/15 02:00:36 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tdc.ocx
[2009/01/15 02:00:36 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2009/01/15 01:53:40 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2009/01/15 01:50:50 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieui.dll
[2009/01/15 01:50:38 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msls31.dll
[2009/01/15 01:50:38 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msls31.dll
[2009/01/15 01:39:06 | 00,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2009/01/15 01:35:10 | 00,445,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2009/01/15 01:35:10 | 00,445,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/11 18:59:38 | 00,035,071 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\p1_tomlinson.jpg
[2009/01/10 23:00:34 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
< End of report >



OTViewIt Extras logfile created on: 1/29/2009 3:29:49 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.50 Mb Total Physical Memory | 86.90 Mb Available Physical Memory | 16.99% Memory free
1.22 Gb Paging File | 0.59 Gb Available in Paging File | 48.09% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 50.95 Gb Free Space | 68.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=
"Use My Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- C:\WINDOWS\system32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe
File not found -- D:\setup\hppapd.exe:*:Enabled:hppapd.exe
File not found -- D:\setup\HPPNICIFS01.EXE:*:Enabled:hppnicifs01.exe
File not found -- D:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe
File not found -- D:\setup\hppSetBOD.exe:*:Enabled:hppsetbod.exe
File not found -- D:\setup\HPPNAC01.EXE:*:Enabled:hppnac01.exe
[2008/04/13 18:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 18:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
[2009/01/15 02:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
File not found -- C:\Program Files\WildTangent\Polar Bowler\polar.exe:*:Enabled:polar
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2008/04/13 18:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon
[2009/01/27 01:15:20 | 00,440,448 | ---- | M] (F-Secure Corp.) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32.exe:*:Enabled:FSGK32
[2006/09/28 19:18:00 | 00,266,343 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe:*:Enabled:RichVideo
[2008/04/13 18:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\Program Files\Charter Security Suite\FSPS\program\fslsp.dll (F-Secure Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{049CAE8B-67B4-4C53-8B08-58331A41A4C0}"=hpzTLBXFX
"{07287123-B8AC-41CE-8346-3D777245C35B}"=Bonjour
"{11A3D40A-6EF9-4E0E-BB34-E9F458C40601}"=hppIOFiles
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{1E745BC8-4C2C-423D-8601-770BB3E9E023}"=hppusg2605
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}"=Product_SF_Full_QFolder
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}"=Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}"=OpenOffice.org 2.4
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150000}"=J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}"=Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}"=HP Product Assistant
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}"=PowerCinema NE for Everio
"{4041C245-7099-4C96-9738-5EBC23827B3C}"=BufferChm
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}"=Product_SF_Min_QFolder
"{48E15C9C-E25C-40AD-A46B-AB270729B9B9}"=Google SketchUp Pro 7
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}"=SolutionCenter
"{6441FECE-0E73-4326-81BF-68503E897820}"=CorePLS_Min_QFolder
"{64A77F14-0E08-4A97-A859-E93CFF428756}"=Broadcom Management Programs
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{67183F00-3DDC-497B-A090-4E2B79EAF1CD}"=Photo Viewer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}"=hppFonts
"{6B7E1C85-CAAB-42DD-9319-E785C2C19BB3}"=hppTLBXFX2605
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}"=Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8C0118CC-F720-45FF-A4DA-44AD77B2E73C}"=CorePLS_Full_QFolder
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}"=Google SketchUp 6
"{9D08BA75-D917-43FD-A0C4-F81D27C61053}"=hppCLJ2605
"{9DC0E0ED-C9CA-4843-AEAE-8F3292AD3943}"=HP Performance Tuning Framework
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}"=Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}"=HP Help and Support
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}"=MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}"=Spelling Dictionaries Support For Adobe Reader 8
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}"=Google SketchUp 6
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}"=PowerProducer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"=Microsoft .NET Framework 2.0 Service Pack 2
"{C53D0627-79E7-45A0-B37C-B92A7E40F122}"=hppManuals2605
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}"=Windows Vista Upgrade Advisor
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}"=NEF Codec
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}"=Digital Photo Navigator 1.5
"{D01653EF-9F9F-41D6-B879-654A6BF5892C}"=Digital Locker Assistant
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}"=Nikon Message Center
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DEBB2986-15B0-4D28-95FA-5C966A396589}"=HPProductAssistant
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}"=Nikon Transfer
"{EC2715CE-C182-483C-84CC-81D7D914CF14}"=WebReg
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{EDAE4F43-833C-443B-8DB5-129F897DF3E8}"=hppWebRegMM
"{EDE721EC-870A-11D8-9D75-000129760D75}"=PowerDirector Express
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}"=ViewNX
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FE57DE70-95DE-4B64-9266-84DA811053DB}"=HP Update
"693218053459EBF14C6505EA1172F17672B50DD1"=Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Capture NX 2"=Capture NX 2
"Dell TM WLAN Card"=Dell TM WLAN Card
"F-Secure Product 444"=Charter Security Suite
"Google Updater"=Google Updater
"HP Color LaserJet 2605"=HP Color LaserJet 2605 Series 1.0
"HP Imaging Device Functions"=HP Imaging Device Functions 6.0
"HP Solution Center & Imaging Support Tools"=HP Solution Center and Imaging Support Tools 6.0
"HPExtendedCapabilities"=HP Extended Capabilities 6.0
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"ie8"=Windows Internet Explorer 8 Release Candidate 1
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}"=Broadcom Management Programs
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"Mozilla Firefox (3.0b5)"=Mozilla Firefox (3.0b5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"Picasa 3"=Picasa 3
"Pocket PC Connection Wizard"=Pocket PC Connection Wizard
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1598062124-3699688092-1250645814-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 1/29/2009 12:50:41 AM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/29/2009 1:55:31 AM | Computer Name = FAMILY | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft Office Document Image
Writer share name Printer.

Error - 1/29/2009 1:47:02 PM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/29/2009 1:47:05 PM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/29/2009 2:56:18 PM | Computer Name = FAMILY | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_FSBL\0000 disappeared from the system without
first being prepared for removal.

Error - 1/29/2009 3:13:02 PM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/29/2009 3:13:02 PM | Computer Name = FAMILY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/29/2009 3:23:06 PM | Computer Name = FAMILY | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 1/29/2009 3:26:26 PM | Computer Name = FAMILY | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 1/29/2009 3:28:34 PM | Computer Name = FAMILY | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:41 PM

Posted 29 January 2009 - 04:50 PM

Hello and welcome,let's do 3 scans and get 2 logs,thanks.

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opers browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

RERUN MBAM

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode .

Please ask any needed questions,post log and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 dmsharpe

dmsharpe
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 29 January 2009 - 09:55 PM

It appears that while SUPERAntiSpyware was going through the cleaning process the computer rebooted before it was finished. Upon reboot, the computer is running painfully slow, this log was made before the quarantine process began. I am trying to open SUPERAntiSpware, but seem to be having difficulty loading...I'll keep trying and run MBAM in the meantime.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/29/2009 at 06:31 PM

Application Version : 4.25.1012

Core Rules Database Version : 3735
Trace Rules Database Version: 1704

Scan type : Complete Scan
Total Scan Time : 02:17:51

Memory items scanned : 232
Memory threats detected : 1
Registry items scanned : 6362
Registry threats detected : 7
File items scanned : 75044
File threats detected : 13

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\ATDHTK.DLL
C:\WINDOWS\SYSTEM32\ATDHTK.DLL

Rogue.Component/Trace
HKLM\Software\Microsoft\507F4DD6
HKLM\Software\Microsoft\507F4DD6#507f4dd6
HKLM\Software\Microsoft\507F4DD6#Version
HKLM\Software\Microsoft\507F4DD6#507fe056
HKLM\Software\Microsoft\507F4DD6#507f89b3
HKU\S-1-5-21-1598062124-3699688092-1250645814-500\Software\Microsoft\FIAS4018

Trojan.Fake-Alert/Trace
HKU\S-1-5-21-1598062124-3699688092-1250645814-500\SOFTWARE\Microsoft\fias4013
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\fbk.sts

Trojan.Dropper/Gen-SoftDev
C:\WINDOWS\SYSTEM32\AIHVZB.DLL
C:\WINDOWS\SYSTEM32\BDAQTE.DLL
C:\WINDOWS\SYSTEM32\DUWIBUDO.DLL
C:\WINDOWS\SYSTEM32\JJPBFH.DLL
C:\WINDOWS\SYSTEM32\NEYUVENA.DLL
C:\WINDOWS\SYSTEM32\PIVEJEHU.DLL
C:\WINDOWS\SYSTEM32\ROPENOYA.DLL
C:\WINDOWS\SYSTEM32\TESIROLO.DLL
C:\WINDOWS\SYSTEM32\WEVAGOFO.DLL

Adware.Vundo Variant/ACE
C:\WINDOWS\SYSTEM32\PALOZORA.DLL

Adware.Vundo Variant/LVL
C:\WINDOWS\SYSTEM32\SUVEKESA.DLL

#4 dmsharpe

dmsharpe
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 29 January 2009 - 10:03 PM

Malwarebytes' Anti-Malware 1.33
Database version: 1707
Windows 5.1.2600 Service Pack 3

1/29/2009 9:02:41 PM
mbam-log-2009-01-29 (21-02-41).txt

Scan type: Quick Scan
Objects scanned: 50750
Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:41 PM

Posted 29 January 2009 - 10:11 PM

Were you running SAS from safe Mode? It did appear to get a lot. Did you reboot since the scans? How is the PC running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 dmsharpe

dmsharpe
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 29 January 2009 - 10:12 PM

Rebooted, computer still running hellishly slow...

#7 dmsharpe

dmsharpe
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 29 January 2009 - 10:13 PM

Yes, ran SAS from Safe Mode




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users