Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Vundo Problem


  • This topic is locked This topic is locked
16 replies to this topic

#1 soccergb19

soccergb19

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 23 April 2009 - 05:02 PM

Hey,

I've been having computer problems and I ran a Super Anti-Spyware Scan and it catches a Vundo variant and other stuff all the time but when I delete them, new ones appear. This is my Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:34 PM, on 4/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\BELLS\Application Data\pidle\pidle.exe
C:\Documents and Settings\BELLS\Application Data\Twain\Twain.exe
C:\Documents and Settings\BELLS\Application Data\digifast\digifast.exe
C:\DOCUME~1\BELLS\LOCALS~1\Temp\1456357509.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
\?\globalroot\C:\WINDOWS\system32\winglsetup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: (no name) - {7f1af747-5152-4f32-a4a6-d2b91fcc4586} - C:\WINDOWS\system32\duvapame.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\jh9fgo4ksdgf.dll - {D7BF4552-94F1-42BD-F434-3604812C856D} - C:\WINDOWS\system32\jh9fgo4ksdgf.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run:

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:57 PM

Posted 24 April 2009 - 10:53 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 soccergb19

soccergb19
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 24 April 2009 - 11:37 PM

Here's the log

OTListIt logfile created on: 4/25/2009 12:25:44 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\BELLS\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.97 Mb Total Physical Memory | 449.65 Mb Available Physical Memory | 44.00% Memory free
2.40 Gb Paging File | 1.90 Gb Available in Paging File | 79.01% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.64 Gb Total Space | 82.06 Gb Free Space | 56.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.01 Gb Total Space | 42.30 Gb Free Space | 28.39% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREG
Current User Name: BELLS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2004/04/07 13:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/07/06 08:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2006/06/16 09:39:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/09/04 21:54:44 | 00,880,722 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe
PRC - [2005/08/30 10:47:46 | 00,290,889 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
PRC - [2005/08/30 10:47:46 | 00,262,215 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/08/30 10:47:46 | 00,585,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe
PRC - [2004/08/04 06:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/08/04 06:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2006/07/24 11:20:00 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 08:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
PRC - [2005/10/05 04:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/08/30 10:47:38 | 00,823,362 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
PRC - [2005/09/08 06:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 17:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/11/15 13:32:04 | 00,169,984 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2006/11/15 13:32:04 | 00,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2007/03/11 22:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/04/11 20:39:22 | 00,176,201 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
PRC - [2006/07/16 22:29:54 | 00,389,120 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2009/01/15 17:17:36 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/04/15 00:54:41 | 00,056,832 | ---- | M] () -- C:\Documents and Settings\BELLS\Application Data\pidle\pidle.exe
PRC - [2009/04/16 01:11:16 | 00,061,952 | ---- | M] () -- C:\Documents and Settings\BELLS\Application Data\Twain\Twain.exe
PRC - [2009/04/16 01:16:41 | 00,225,792 | ---- | M] () -- C:\Documents and Settings\BELLS\Application Data\digifast\digifast.exe
PRC - [2009/04/16 22:22:41 | 00,022,017 | ---- | M] () -- C:\Documents and Settings\BELLS\Local Settings\Temp\1456357509.exe
PRC - [2005/09/23 23:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2004/08/04 06:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/10/07 15:09:18 | 00,140,584 | ---- | M] (AOL LLC.) -- c:\program files\aim toolbar\aimtbServer.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2007/03/11 22:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/02/05 16:40:46 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2009/04/25 00:06:38 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BELLS\Desktop\OTListIt2.exe
PRC - [2007/03/11 22:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/04/07 13:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2004/08/04 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/03/11 22:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/03/11 23:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2006/07/06 08:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2006/06/16 09:39:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/09/04 21:54:44 | 00,880,722 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe -- (PcCtlCom [Auto | Running])
SRV - [2005/08/30 10:47:46 | 00,290,889 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe -- (Tmntsrv [Auto | Running])
SRV - [2005/08/30 10:47:46 | 00,585,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe -- (TmPfw [Auto | Running])
SRV - [2005/08/30 10:47:46 | 00,262,215 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe -- (tmproxy [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2006/11/15 13:29:17 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/09/08 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/09/08 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/09/08 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/09/08 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/09/08 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/01/10 13:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2006/07/24 13:03:04 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/08/12 18:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2006/07/06 07:59:42 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor [Boot | Running])
DRV - [2003/04/09 12:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2006/06/16 09:39:00 | 03,581,888 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/08/24 06:33:36 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2009/01/15 17:17:40 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/01/15 17:17:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/01/15 17:17:38 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2004/06/09 10:29:56 | 00,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2 [On_Demand | Stopped])
DRV - [2004/08/04 06:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2006/07/24 11:20:00 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2008/11/26 18:42:42 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\TmXPFlt.sys -- (Tmfilter [Auto | Running])
DRV - [2008/11/26 18:42:40 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\Tmpreflt.sys -- (Tmpreflt [Auto | Running])
DRV - [2005/08/30 10:47:52 | 00,038,528 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\Drivers\tmtdi.sys -- (tmtdi [System | Running])
DRV - [2005/08/30 10:47:50 | 01,884,585 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\Drivers\tm_cfw.sys -- (tm_cfw [Auto | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/04 06:00:00 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Running])
DRV - [2008/11/26 18:39:56 | 01,195,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\Vsapint.sys -- (Vsapint [Auto | Running])
DRV - [2003/01/10 17:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
IE - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/...html?channel=us
IE - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
IE - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\S-1-5-21-2166092130-778111604-4289639635-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\S-1-5-21-2166092130-778111604-4289639635-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E0D45314-21DA-4232-8015-091009582804}:1.0
FF - prefs.js..extensions.enabledItems: {0D240211-7F74-4C8D-B3D3-87A6885478B1}:1.0
FF - prefs.js..extensions.enabledItems: {314095F4-ECD3-4D4F-B588-E76E7FBB3AEA}:1.0
FF - prefs.js..extensions.enabledItems: {D3C05630-93C6-445D-B43F-07A497DE697A}:1.0
FF - prefs.js..extensions.enabledItems: {F9FDF0A6-DCE5-4998-9E65-AB02D07A5165}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/05 20:42:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/22 22:19:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/22 22:19:26 | 00,000,000 | ---D | M]

[2009/02/05 20:42:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BELLS\Application Data\mozilla\Extensions
[2009/02/03 21:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BELLS\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/05 20:42:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BELLS\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/03/12 19:23:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BELLS\Application Data\mozilla\Firefox\Profiles\icb3y7gj.default\extensions
[2009/03/12 19:23:18 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\BELLS\Application Data\Mozilla\FireFox\Profiles\icb3y7gj.default\searchplugins\aim-search.xml
[2009/04/23 18:15:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/20 21:37:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{0D240211-7F74-4C8D-B3D3-87A6885478B1}
[2009/04/21 16:49:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{314095F4-ECD3-4D4F-B588-E76E7FBB3AEA}
[2009/04/22 22:19:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/05 20:42:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/17 00:12:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/21 16:56:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{D3C05630-93C6-445D-B43F-07A497DE697A}
[2009/04/15 00:40:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{E0D45314-21DA-4232-8015-091009582804}
[2009/04/21 16:43:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{F9FDF0A6-DCE5-4998-9E65-AB02D07A5165}
[2009/04/22 22:19:19 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/22 22:19:19 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/16 01:17:10 | 00,211,968 | ---- | M] () -- C:\Program Files\mozilla firefox\components\dfff.dll
[2009/01/19 19:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 19:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/19 19:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 19:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 19:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/19 19:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 19:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (71 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: (no name) - {7f1af747-5152-4f32-a4a6-d2b91fcc4586} - C:\WINDOWS\system32\duvapame.dll File not found
O2 - BHO: (C:\WINDOWS\system32\jh9fgo4ksdgf.dll) - {D7BF4552-94F1-42BD-F434-3604812C856D} - C:\WINDOWS\system32\jh9fgo4ksdgf.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [CPMdb7201c7] Rundll32.exe "c:\windows\system32\nezebuka.dll",a ()
O4 - HKLM..\Run: [d841325b] rundll32.exe "C:\WINDOWS\system32\nazurugu.dll",b ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" (Trend Micro Incorporated.)
O4 - HKLM..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vusefajero] Rundll32.exe "C:\WINDOWS\system32\hogayapu.dll",s ()
O4 - HKU\.DEFAULT..\Run: [] C:\WINDOWS\TEMP\ibhr562nz.exe ()
O4 - HKU\.DEFAULT..\Run: [A00FE5138.exe] C:\WINDOWS\TEMP\_A00FE5138.exe File not found
O4 - HKU\.DEFAULT..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\2499015080.exe ()
O4 - HKU\.DEFAULT..\Run: [Windows Resurections] C:\WINDOWS\TEMP\ibhr562nz.exe ()
O4 - HKU\S-1-5-18..\Run: [] C:\WINDOWS\TEMP\ibhr562nz.exe ()
O4 - HKU\S-1-5-18..\Run: [A00FE5138.exe] C:\WINDOWS\TEMP\_A00FE5138.exe File not found
O4 - HKU\S-1-5-18..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\2499015080.exe ()
O4 - HKU\S-1-5-18..\Run: [Windows Resurections] C:\WINDOWS\TEMP\ibhr562nz.exe ()
O4 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006..\Run: [3F] C:\Documents and Settings\BELLS\Application Data\Microsoft\Windows\gnnkgj.exe File not found
O4 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006..\Run: [Diagnostic Manager] C:\DOCUME~1\BELLS\LOCALS~1\Temp\1456357509.exe ()
O4 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006..\Run: [DigiFast] C:\Documents and Settings\BELLS\Application Data\digifast\digifast.exe ()
O4 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (Trend Micro Inc.)
O4 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006..\Run: [pidle] "C:\Documents and Settings\BELLS\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 ()
O4 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" File not found
O4 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006..\Run: [Twain] C:\Documents and Settings\BELLS\Application Data\Twain\Twain.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html (Google Inc.)
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html (Google Inc.)
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html (Google Inc.)
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html (Google Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (ROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found
O20 - AppInit_DLLs: (gbavlm.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\hutiseho.dll) - c:\windows\system32\hutiseho.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\tisitora.dll) - C:\WINDOWS\system32\tisitora.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\bidiwaye.dll) - c:\windows\system32\bidiwaye.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\nezebuka.dll) - c:\windows\system32\nezebuka.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\__c00DB04: DllName - C:\WINDOWS\system32\__c00DB04.dat - C:\WINDOWS\system32\__c00DB04.dat File not found
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nezebuka.dll ()
O22 - SharedTaskScheduler: {D7BF4552-94F1-42BD-F434-3604812C856D} - sfdawtawgreage4tregrgae34 - C:\WINDOWS\system32\jh9fgo4ksdgf.dll File not found
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\nezebuka.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (mcenspc.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\ljJDUopP) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/03/03 08:41:46 | 00,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2005/11/15 12:08:04 | 00,000,036 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/25 00:06:37 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BELLS\Desktop\OTListIt2.exe
[2009/04/25 00:02:46 | 01,406,509 | -HS- | C] () -- C:\WINDOWS\System32\uguruzan.ini
[2009/04/23 17:56:56 | 00,000,155 | ---- | C] () -- C:\WINDOWS\System32\SelfDel.bat
[2009/04/23 17:56:42 | 00,084,045 | ---- | C] () -- C:\WINDOWS\System32\ftp_non_crp.exe
[2009/04/23 17:47:56 | 00,000,104 | ---- | C] () -- C:\xcrashdump.dat
[2009/04/23 17:44:50 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\BELLS\Desktop\HijackThis.lnk
[2009/04/23 17:41:33 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\winglsetup.exe
[2009/04/21 06:51:16 | 01,408,817 | -HS- | C] () -- C:\WINDOWS\System32\usoniged.ini
[2009/04/19 12:09:42 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\wipotazi.exe
[2009/04/19 12:01:14 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\wuhahate.dll
[2009/04/19 12:00:14 | 00,052,224 | ---- | C] () -- C:\WINDOWS\System32\sisofeda.exe
[2009/04/18 23:42:49 | 01,409,073 | -HS- | C] () -- C:\WINDOWS\System32\ogujegud.ini
[2009/04/18 23:20:18 | 01,409,073 | -HS- | C] () -- C:\WINDOWS\System32\umeyelij.ini
[2009/04/18 22:57:57 | 01,409,082 | -HS- | C] () -- C:\WINDOWS\System32\irurovuk.ini
[2009/04/16 18:31:53 | 00,000,046 | ---- | C] () -- C:\WINDOWS\System32\p2hhr.bat
[2009/04/16 18:31:19 | 00,021,504 | ---- | C] () -- C:\WINDOWS\System32\ak1.exe
[2009/04/16 01:16:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BELLS\Application Data\digifast
[2009/04/16 01:11:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BELLS\Application Data\Twain
[2009/04/16 01:06:13 | 00,000,000 | ---D | C] -- C:\Program Files\WWShow
[2009/04/16 01:01:16 | 00,000,000 | ---D | C] -- C:\Program Files\Jcore
[2009/04/16 00:12:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/04/15 10:27:12 | 00,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2009/04/15 05:20:15 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Winset20.exe
[2009/04/15 00:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BELLS\Application Data\pidle
[2009/04/15 00:39:00 | 01,197,294 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 00:39:00 | 00,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2009/04/15 00:39:00 | 00,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2009/04/15 00:38:56 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/04/15 00:38:25 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/04/15 00:36:57 | 00,000,000 | ---D | C] -- C:\48c9cea7e48d6b4929
[2009/04/15 00:36:55 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/04/15 00:36:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/04/15 00:36:19 | 00,000,000 | ---D | C] -- C:\6f41b3aada9fbbd4a7b08051a615f7a8
[2009/04/09 01:47:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/04/09 01:46:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BELLS\Application Data\AVS4YOU
[2009/04/09 01:46:17 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2009/04/09 01:46:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009/04/09 01:46:06 | 00,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009/04/02 22:15:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BELLS\Application Data\HP
[2009/04/02 22:06:10 | 00,000,870 | ---- | C] () -- C:\Documents and Settings\BELLS\Desktop\Insaniquarium Deluxe.lnk
[2009/04/02 22:05:58 | 00,000,000 | ---D | C] -- C:\Program Files\Shockwave.com
[2009/03/30 23:06:45 | 00,338,984 | ---- | C] () -- C:\Documents and Settings\BELLS\My Documents\CBA Volleyball.docx
[2009/03/30 22:43:00 | 00,335,780 | ---- | C] () -- C:\Documents and Settings\BELLS\My Documents\Alistair.docx
[2009/03/26 19:30:27 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/03/12 19:22:26 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/03/02 00:47:20 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/16 02:14:55 | 01,583,467 | -HS- | C] () -- C:\WINDOWS\System32\eumtykjo.ini
[2009/02/16 02:14:31 | 00,083,985 | -HS- | C] () -- C:\WINDOWS\System32\PpoUDJjl.ini2
[2009/02/16 02:14:31 | 00,083,985 | -HS- | C] () -- C:\WINDOWS\System32\PpoUDJjl.ini
[2009/02/11 21:48:41 | 00,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/02/11 21:48:41 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\D478770E7E.sys
[2009/02/03 20:35:04 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/01/25 00:02:24 | 00,087,552 | -HS- | C] () -- C:\WINDOWS\System32\nezebuka.dll
[2009/01/25 00:02:24 | 00,080,896 | -HS- | C] () -- C:\WINDOWS\System32\nazurugu.dll
[2009/01/23 16:45:28 | 00,002,984 | -HS- | C] () -- C:\WINDOWS\System32\hedafatu.dll
[2009/01/22 17:43:56 | 00,002,984 | -HS- | C] () -- C:\WINDOWS\System32\zoyageze.dll
[2009/01/22 17:43:56 | 00,002,984 | -HS- | C] () -- C:\WINDOWS\System32\fijiveni.dll
[2009/01/21 06:51:03 | 00,080,384 | -HS- | C] () -- C:\WINDOWS\System32\deginosu.dll
[2009/01/20 18:50:57 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\tifunalo.dll
[2009/01/20 18:50:57 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\depopuho.dll
[2009/01/19 18:37:31 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\jesuvaya.dll
[2009/01/19 18:37:31 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\fadonovi.dll
[2009/01/19 18:11:54 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\rujamika.dll
[2009/01/19 18:11:54 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\fahazura.dll
[2009/01/19 17:06:17 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\zerudibo.dll
[2009/01/19 17:06:16 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\hufugido.dll
[2009/01/19 16:43:35 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\sapahore.dll
[2009/01/19 16:43:34 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\soluwale.dll
[2009/01/19 16:20:49 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\fuhazepi.dll
[2009/01/19 16:20:48 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\gamurade.dll
[2009/01/19 15:57:46 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\kupuruzi.dll
[2009/01/19 15:57:44 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\hoseyima.dll
[2009/01/19 15:34:54 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\fujatoki.dll
[2009/01/19 15:34:54 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\duhotumi.dll
[2009/01/19 15:12:12 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\zuyavizu.dll
[2009/01/19 15:12:11 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\mokagesi.dll
[2009/01/19 14:49:04 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\rogiwunu.dll
[2009/01/19 14:49:02 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\soyivita.dll
[2009/01/19 14:26:21 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\sopakowo.dll
[2009/01/19 14:26:19 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\hiheteki.dll
[2009/01/19 14:03:38 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\fupilito.dll
[2009/01/19 14:03:37 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\gesekise.dll
[2009/01/19 13:40:38 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\tugokira.dll
[2009/01/19 13:40:37 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\nuzadayi.dll
[2009/01/19 13:17:45 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\nozidepa.dll
[2009/01/19 13:17:44 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\nubakuja.dll
[2009/01/19 12:55:05 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\tiyanezi.dll
[2009/01/19 12:55:05 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\mahozege.dll
[2009/01/19 12:32:18 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\silebovu.dll
[2009/01/19 12:32:17 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\hirihipo.dll
[2009/01/19 12:07:26 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\risozope.dll
[2009/01/18 23:48:12 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\teyufeve.dll
[2009/01/18 23:48:12 | 00,002,970 | -HS- | C] () -- C:\WINDOWS\System32\hilijizi.dll
[2009/01/18 23:48:01 | 00,049,152 | -HS- | C] () -- C:\WINDOWS\System32\tisitora.dll
[2009/01/18 23:48:01 | 00,049,152 | -HS- | C] () -- C:\WINDOWS\System32\hogayapu.dll
[2009/01/18 23:42:46 | 00,049,152 | -HS- | C] () -- C:\WINDOWS\System32\kojizayu.dll
[2009/01/18 23:31:45 | 00,049,664 | -HS- | C] () -- C:\WINDOWS\System32\japanupa.dll
[2009/01/18 23:20:15 | 00,088,064 | -HS- | C] () -- C:\WINDOWS\System32\lavisuko.dll
[2009/01/18 23:20:15 | 00,079,360 | -HS- | C] () -- C:\WINDOWS\System32\jileyemu.dll
[2009/01/18 23:09:13 | 00,049,152 | -HS- | C] () -- C:\WINDOWS\System32\guyeroso.dll
[2009/01/18 23:09:13 | 00,049,152 | -HS- | C] () -- C:\WINDOWS\System32\gibefige.dll
[2009/01/18 22:57:43 | 00,088,064 | -HS- | C] () -- C:\WINDOWS\System32\garenuji.dll
[2009/01/18 22:57:43 | 00,049,152 | -HS- | C] () -- C:\WINDOWS\System32\difiyulu.dll
[2009/01/18 10:37:56 | 00,002,964 | -HS- | C] () -- C:\WINDOWS\System32\fiwobifi.dll
[2009/01/18 10:37:56 | 00,002,961 | -HS- | C] () -- C:\WINDOWS\System32\sabafiru.dll
[2009/01/16 18:16:44 | 00,002,964 | -HS- | C] () -- C:\WINDOWS\System32\lijaduhi.dll
[2009/01/16 18:16:44 | 00,002,961 | -HS- | C] () -- C:\WINDOWS\System32\laroriwa.dll
[2009/01/15 14:35:17 | 00,002,964 | -HS- | C] () -- C:\WINDOWS\System32\mefumudo.dll
[2009/01/15 14:35:14 | 00,002,964 | -HS- | C] () -- C:\WINDOWS\System32\yisihude.dll
[2009/01/15 14:12:43 | 00,002,964 | -HS- | C] () -- C:\WINDOWS\System32\jugamoga.dll
[2009/01/15 14:12:43 | 00,002,964 | -HS- | C] () -- C:\WINDOWS\System32\gadapobo.dll
[2009/01/15 13:50:13 | 00,002,964 | -HS- | C] () -- C:\WINDOWS\System32\tuzoyefo.dll
[2009/01/15 13:50:13 | 00,002,961 | -HS- | C] () -- C:\WINDOWS\System32\heyigula.dll
[2009/01/15 13:27:42 | 00,002,964 | -HS- | C] () -- C:\WINDOWS\System32\puyikuhe.dll
[2009/01/15 13:27:42 | 00,002,964 | -HS- | C] () -- C:\WINDOWS\System32\dofoferu.dll
[2009/01/15 13:27:42 | 00,002,961 | -HS- | C] () -- C:\WINDOWS\System32\masekaba.dll
[2009/01/15 13:05:12 | 00,002,964 | -HS- | C] () -- C:\WINDOWS\System32\pigofube.dll
[2009/01/15 13:05:12 | 00,002,964 | -HS- | C] () -- C:\WINDOWS\System32\hiragege.dll
[2009/01/15 13:05:12 | 00,002,962 | -HS- | C] () -- C:\WINDOWS\System32\vufurajo.dll
[2009/01/15 00:45:06 | 00,002,964 | -HS- | C] () -- C:\WINDOWS\System32\pukerafe.dll
[2009/01/15 00:45:06 | 00,002,964 | -HS- | C] () -- C:\WINDOWS\System32\kelidedi.dll
[2007/01/03 12:24:36 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 12:22:46 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 12:22:14 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/15 13:42:13 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/15 13:36:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/15 13:30:55 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/15 13:04:32 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/11/15 13:02:59 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 02:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:00:37 | 00,000,707 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 18:00:35 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/11 18:00:30 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/11 18:00:16 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/11 17:56:08 | 01,580,544 | ---- | C] () -- C:\WINDOWS\System32\sfcfiles.dll

========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[2009/04/25 00:31:35 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\fosomati
[2009/04/25 00:25:27 | 01,406,509 | -HS- | M] () -- C:\WINDOWS\System32\uguruzan.ini
[2009/04/25 00:25:07 | 00,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/25 00:25:06 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/25 00:24:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/25 00:24:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/25 00:24:34 | 10,716,85632 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/25 00:06:38 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BELLS\Desktop\OTListIt2.exe
[2009/04/25 00:02:26 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\dukeyiwa.exe
[2009/04/25 00:02:25 | 00,087,552 | -HS- | M] () -- C:\WINDOWS\System32\nezebuka.dll
[2009/04/25 00:02:25 | 00,080,896 | -HS- | M] () -- C:\WINDOWS\System32\nazurugu.dll
[2009/04/23 22:20:40 | 00,000,104 | ---- | M] () -- C:\xcrashdump.dat
[2009/04/23 18:42:23 | 00,143,872 | ---- | M] () -- C:\Documents and Settings\BELLS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/23 18:08:18 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\BELLS\Desktop\Microsoft Office Word 2007.lnk
[2009/04/23 17:56:56 | 00,000,155 | ---- | M] () -- C:\WINDOWS\System32\SelfDel.bat
[2009/04/23 17:56:51 | 00,084,045 | ---- | M] () -- C:\WINDOWS\System32\ftp_non_crp.exe
[2009/04/23 17:48:39 | 01,408,817 | -HS- | M] () -- C:\WINDOWS\System32\usoniged.ini
[2009/04/23 17:44:50 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\BELLS\Desktop\HijackThis.lnk
[2009/04/23 17:41:38 | 00,039,424 | ---- | M] () -- C:\WINDOWS\System32\winglsetup.exe
[2009/04/23 17:28:34 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/23 16:45:30 | 00,002,984 | -HS- | M] () -- C:\WINDOWS\System32\kuvimulo.exe
[2009/04/23 16:45:28 | 00,002,984 | -HS- | M] () -- C:\WINDOWS\System32\hedafatu.dll
[2009/04/22 17:43:58 | 00,002,984 | -HS- | M] () -- C:\WINDOWS\System32\yiwuyipa.exe
[2009/04/22 17:43:56 | 00,002,984 | -HS- | M] () -- C:\WINDOWS\System32\zoyageze.dll
[2009/04/22 17:43:56 | 00,002,984 | -HS- | M] () -- C:\WINDOWS\System32\fijiveni.dll
[2009/04/21 20:43:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/21 19:01:30 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\haditapo.exe
[2009/04/21 06:51:03 | 00,080,384 | -HS- | M] () -- C:\WINDOWS\System32\deginosu.dll
[2009/04/21 06:51:03 | 00,050,688 | -HS- | M] () -- C:\WINDOWS\System32\yamijoja.exe
[2009/04/20 19:05:44 | 00,000,046 | ---- | M] () -- C:\WINDOWS\System32\p2hhr.bat
[2009/04/20 19:05:29 | 00,021,504 | ---- | M] () -- C:\WINDOWS\System32\ak1.exe
[2009/04/20 18:50:58 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\begajetu.exe
[2009/04/20 18:50:57 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\tifunalo.dll
[2009/04/20 18:50:57 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\depopuho.dll
[2009/04/19 18:37:33 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\giwohide.exe
[2009/04/19 18:37:32 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\jesuvaya.dll
[2009/04/19 18:37:31 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\fadonovi.dll
[2009/04/19 18:11:56 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\hizelizu.exe
[2009/04/19 18:11:54 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\rujamika.dll
[2009/04/19 18:11:54 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\fahazura.dll
[2009/04/19 17:06:18 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\hofofema.exe
[2009/04/19 17:06:17 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\zerudibo.dll
[2009/04/19 17:06:16 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\hufugido.dll
[2009/04/19 16:43:35 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\soluwale.dll
[2009/04/19 16:43:35 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\sapahore.dll
[2009/04/19 16:43:34 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\wukodovu.exe
[2009/04/19 16:20:50 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\fuhazepi.dll
[2009/04/19 16:20:48 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\vodonoma.exe
[2009/04/19 16:20:48 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\gamurade.dll
[2009/04/19 15:57:46 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\kupuruzi.dll
[2009/04/19 15:57:44 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\larapena.exe
[2009/04/19 15:57:44 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\hoseyima.dll
[2009/04/19 15:34:58 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\nedosoye.exe
[2009/04/19 15:34:56 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\duhotumi.dll
[2009/04/19 15:34:54 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\fujatoki.dll
[2009/04/19 15:12:13 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\zuyavizu.dll
[2009/04/19 15:12:11 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\mokagesi.dll
[2009/04/19 15:12:11 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\hahakege.exe
[2009/04/19 14:49:04 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\rogiwunu.dll
[2009/04/19 14:49:03 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\soyivita.dll
[2009/04/19 14:49:02 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\jivabefu.exe
[2009/04/19 14:26:21 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\sopakowo.dll
[2009/04/19 14:26:20 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\warejugo.exe
[2009/04/19 14:26:20 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\hiheteki.dll
[2009/04/19 14:03:39 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\fupilito.dll
[2009/04/19 14:03:37 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\sekanayi.exe
[2009/04/19 14:03:37 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\gesekise.dll
[2009/04/19 13:40:38 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\tugokira.dll
[2009/04/19 13:40:37 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\nuzadayi.dll
[2009/04/19 13:40:37 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\jibanehi.exe
[2009/04/19 13:17:46 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\nozidepa.dll
[2009/04/19 13:17:44 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\nubakuja.dll
[2009/04/19 13:17:44 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\kihipapo.exe
[2009/04/19 12:55:05 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\tiyanezi.dll
[2009/04/19 12:55:05 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\mahozege.dll
[2009/04/19 12:55:05 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\fuwonena.exe
[2009/04/19 12:36:20 | 00,079,360 | ---- | M] () -- C:\WINDOWS\System32\wuhahate.dll
[2009/04/19 12:36:20 | 00,052,224 | ---- | M] () -- C:\WINDOWS\System32\sisofeda.exe
[2009/04/19 12:32:18 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\zakevate.exe
[2009/04/19 12:32:18 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\silebovu.dll
[2009/04/19 12:32:18 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\hirihipo.dll
[2009/04/19 12:09:42 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\wipotazi.exe
[2009/04/19 12:07:26 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\risozope.dll
[2009/04/18 23:48:45 | 01,409,082 | -HS- | M] () -- C:\WINDOWS\System32\irurovuk.ini
[2009/04/18 23:48:12 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\teyufeve.dll
[2009/04/18 23:48:12 | 00,002,970 | -HS- | M] () -- C:\WINDOWS\System32\hilijizi.dll
[2009/04/18 23:43:16 | 00,049,152 | -HS- | M] () -- C:\WINDOWS\System32\kojizayu.dll
[2009/04/18 23:43:00 | 01,409,073 | -HS- | M] () -- C:\WINDOWS\System32\ogujegud.ini
[2009/04/18 23:20:28 | 01,409,073 | -HS- | M] () -- C:\WINDOWS\System32\umeyelij.ini
[2009/04/18 23:20:15 | 00,088,064 | -HS- | M] () -- C:\WINDOWS\System32\lavisuko.dll
[2009/04/18 23:20:15 | 00,079,360 | -HS- | M] () -- C:\WINDOWS\System32\jileyemu.dll
[2009/04/18 22:58:13 | 00,049,152 | -HS- | M] () -- C:\WINDOWS\System32\difiyulu.dll
[2009/04/18 22:57:43 | 00,088,064 | -HS- | M] () -- C:\WINDOWS\System32\garenuji.dll
[2009/04/18 22:57:43 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\geyafiki.exe
[2009/04/18 10:38:26 | 00,002,961 | -HS- | M] () -- C:\WINDOWS\System32\sabafiru.dll
[2009/04/18 10:37:57 | 00,002,964 | -HS- | M] () -- C:\WINDOWS\System32\difajowu.exe
[2009/04/18 10:37:56 | 00,002,964 | -HS- | M] () -- C:\WINDOWS\System32\fiwobifi.dll
[2009/04/16 18:17:14 | 00,002,961 | -HS- | M] () -- C:\WINDOWS\System32\laroriwa.dll
[2009/04/16 18:16:44 | 00,002,964 | -HS- | M] () -- C:\WINDOWS\System32\lijaduhi.dll
[2009/04/16 00:37:01 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\BELLS\Desktop\Windows Media Player.lnk
[2009/04/15 14:35:17 | 00,002,964 | -HS- | M] () -- C:\WINDOWS\System32\mefumudo.dll
[2009/04/15 14:35:14 | 00,002,964 | -HS- | M] () -- C:\WINDOWS\System32\yisihude.dll
[2009/04/15 14:12:43 | 00,002,964 | -HS- | M] () -- C:\WINDOWS\System32\jugamoga.dll
[2009/04/15 14:12:43 | 00,002,964 | -HS- | M] () -- C:\WINDOWS\System32\gadapobo.dll
[2009/04/15 13:50:43 | 00,002,961 | -HS- | M] () -- C:\WINDOWS\System32\heyigula.dll
[2009/04/15 13:50:13 | 00,002,964 | -HS- | M] () -- C:\WINDOWS\System32\tuzoyefo.dll
[2009/04/15 13:28:12 | 00,002,961 | -HS- | M] () -- C:\WINDOWS\System32\masekaba.dll
[2009/04/15 13:27:42 | 00,002,964 | -HS- | M] () -- C:\WINDOWS\System32\puyikuhe.dll
[2009/04/15 13:27:42 | 00,002,964 | -HS- | M] () -- C:\WINDOWS\System32\dofoferu.dll
[2009/04/15 13:05:42 | 00,002,962 | -HS- | M] () -- C:\WINDOWS\System32\vufurajo.dll
[2009/04/15 13:05:12 | 00,002,964 | -HS- | M] () -- C:\WINDOWS\System32\pigofube.dll
[2009/04/15 13:05:12 | 00,002,964 | -HS- | M] () -- C:\WINDOWS\System32\hiragege.dll
[2009/04/15 10:27:12 | 00,074,240 | ---- | M] () -- C:\WINDOWS\System32\zlib.dll
[2009/04/15 05:20:17 | 00,044,544 | ---- | M] () -- C:\WINDOWS\System32\Winset20.exe
[2009/04/15 01:05:11 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/04/15 01:05:11 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/04/15 00:45:06 | 00,002,964 | -HS- | M] () -- C:\WINDOWS\System32\pukerafe.dll
[2009/04/15 00:45:06 | 00,002,964 | -HS- | M] () -- C:\WINDOWS\System32\kelidedi.dll
[2009/04/15 00:45:06 | 00,002,822 | -HS- | M] () -- C:\WINDOWS\System32\vidaboze.exe
[2009/04/15 00:38:58 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/15 00:38:35 | 00,000,707 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/15 00:37:47 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/04/15 00:36:55 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/04/09 22:53:48 | 00,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/09 01:46:50 | 00,076,704 | ---- | M] () -- C:\Documents and Settings\BELLS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/04 00:06:52 | 00,003,140 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/04/04 00:06:52 | 00,000,088 | RHS- | M] () -- C:\WINDOWS\System32\D478770E7E.sys
[2009/04/02 22:06:10 | 00,000,870 | ---- | M] () -- C:\Documents and Settings\BELLS\Desktop\Insaniquarium Deluxe.lnk
[2009/03/30 23:06:45 | 00,338,984 | ---- | M] () -- C:\Documents and Settings\BELLS\My Documents\CBA Volleyball.docx
[2009/03/30 22:43:00 | 00,335,780 | ---- | M] () -- C:\Documents and Settings\BELLS\My Documents\Alistair.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89D63297
< End of report >

I also have the extra log if you need it

OTListIt Extras logfile created on: 4/25/2009 12:25:44 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\BELLS\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.97 Mb Total Physical Memory | 449.65 Mb Available Physical Memory | 44.00% Memory free
2.40 Gb Paging File | 1.90 Gb Available in Paging File | 79.01% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.64 Gb Total Space | 82.06 Gb Free Space | 56.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.01 Gb Total Space | 42.30 Gb Free Space | 28.39% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREG
Current User Name: BELLS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2166092130-778111604-4289639635-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/04/07 13:07:34 | 00,496,752 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
[2004/04/07 13:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
[2004/09/01 12:56:56 | 00,259,184 | ---- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/04/07 13:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
[2004/04/07 13:07:34 | 00,496,752 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
[2004/09/01 12:56:56 | 00,259,184 | ---- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2004/08/04 06:00:00 | 00,240,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard
[2009/01/29 14:08:45 | 00,139,776 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2006/10/27 16:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2006/11/03 03:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/10/21 13:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/03/12 20:56:54 | 13,498,664 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2006/08/21 11:31:20 | 06,033,408 | ---- | M] (Yahoo!) -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
[2004/08/04 06:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService
[2006/09/04 21:54:44 | 00,880,722 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe:*:Enabled:PcCtlCom
[2009/04/20 19:05:30 | 00,015,001 | -H-- | M] () -- C:\WINDOWS\Temp\ibhr562nz.exe:*:Enabled:ibhr562nz

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}" = Trend Micro PC-cillin Internet Security 12
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7C49EA42-5647-4051-84C2-E6404F25A931}" = Yahoo! Music Jukebox
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87885939-F824-42bf-B790-231B1E8EF2BB}" = dj_sf_software
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{99041921-18B5-4d36-9729-BE5A671B1932}" = D4200
"{9FE94C17-25AD-4142-A012-E0BBE923C711}" = D4200_Help
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F5936267-D467-4e7b-8940-A7D9F0398EF3}" = HP Deskjet Printer Driver Software 9.0
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"AIMTunes" = AIMTunes
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"AVS Audio Editor_is1" = AVS Audio Editor version 4.2
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Game Console" = Dell Game Console
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Insaniquarium® Deluxe" = Insaniquarium® Deluxe
"LimeWire" = LimeWire 5.0.11
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PROPLUS" = Microsoft Office Professional Plus 2007
"prunnet" = Advertisement Service
"RealPlayer 6.0" = RealPlayer Basic
"SearchAssist" = SearchAssist
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"digifast" = digi-fast.com

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2166092130-778111604-4289639635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"digifast" = digi-fast.com

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/20/2009 6:55:52 PM | Computer Name = GREG | Source = Application Error | ID = 1000
Description = Faulting application wmiprvse.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x0001888f.

Error - 4/21/2009 4:50:36 PM | Computer Name = GREG | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Windows Application,
SystemIndex Catalog

Error - 4/21/2009 4:52:29 PM | Computer Name = GREG | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3372, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/21/2009 5:07:33 PM | Computer Name = GREG | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3372, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/21/2009 7:44:02 PM | Computer Name = GREG | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3372, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/22/2009 10:28:47 PM | Computer Name = GREG | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3384, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/25/2009 12:10:40 AM | Computer Name = GREG | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.14.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/25/2009 12:14:07 AM | Computer Name = GREG | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.14.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/25/2009 12:16:48 AM | Computer Name = GREG | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.14.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/25/2009 12:20:43 AM | Computer Name = GREG | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.14.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/19/2009 1:48:44 AM | Computer Name = GREG | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/19/2009 1:48:47 AM | Computer Name = GREG | Source = DCOM | ID = 10010
Description = The server {0EF242C6-6ECD-476E-9859-076503985F8E} did not register
with DCOM within the required timeout.

Error - 4/19/2009 1:55:29 AM | Computer Name = GREG | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/19/2009 1:55:32 AM | Computer Name = GREG | Source = DCOM | ID = 10010
Description = The server {0EF242C6-6ECD-476E-9859-076503985F8E} did not register
with DCOM within the required timeout.

Error - 4/19/2009 1:58:44 AM | Computer Name = GREG | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/19/2009 1:58:46 AM | Computer Name = GREG | Source = DCOM | ID = 10010
Description = The server {0EF242C6-6ECD-476E-9859-076503985F8E} did not register
with DCOM within the required timeout.

Error - 4/19/2009 2:08:44 AM | Computer Name = GREG | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/19/2009 2:08:47 AM | Computer Name = GREG | Source = DCOM | ID = 10010
Description = The server {0EF242C6-6ECD-476E-9859-076503985F8E} did not register
with DCOM within the required timeout.

Error - 4/19/2009 3:04:00 AM | Computer Name = GREG | Source = Service Control Manager | ID = 7034
Description = The HTTP SSL service terminated unexpectedly. It has done this 5
time(s).

Error - 4/19/2009 3:11:24 AM | Computer Name = GREG | Source = DCOM | ID = 10010
Description = The server {0EF242C6-6ECD-476E-9859-076503985F8E} did not register
with DCOM within the required timeout.


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:57 PM

Posted 25 April 2009 - 08:56 AM

You're loaded with nasty stuff here.
We need to run Combofix.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 soccergb19

soccergb19
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 25 April 2009 - 11:39 PM

Alright here's the ComboFix log

ComboFix 09-04-25.A3 - BELLS 04/26/2009 0:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.665 [GMT -4:00]
Running from: c:\documents and settings\BELLS\Desktop\ComboFix.exe
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled*
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\BELLS\Application Data\twain\Twain.exe
c:\documents and settings\BELLS\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\IE4 Error Log.txt
c:\windows\system32\ak1.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\begajetu.exe
c:\windows\system32\deginosu.dll
c:\windows\system32\depopuho.dll
c:\windows\system32\difajowu.exe
c:\windows\system32\difiyulu.dll
c:\windows\system32\dofoferu.dll
c:\windows\system32\drivers\ovfsthvjnawvodlraodjwqwoufyyoylseqpgkx.sys
c:\windows\system32\duhotumi.dll
c:\windows\system32\eumtykjo.ini
c:\windows\system32\fadonovi.dll
c:\windows\system32\fahazura.dll
c:\windows\system32\fijiveni.dll
c:\windows\system32\fiwobifi.dll
c:\windows\system32\fuhazepi.dll
c:\windows\system32\fujatoki.dll
c:\windows\system32\fupilito.dll
c:\windows\system32\fuwonena.exe
c:\windows\system32\gadapobo.dll
c:\windows\system32\gamurade.dll
c:\windows\system32\garenuji.dll
c:\windows\system32\gesekise.dll
c:\windows\system32\gibefige.dll
c:\windows\system32\giwohide.exe
c:\windows\system32\guyeroso.dll
c:\windows\system32\haditapo.exe
c:\windows\system32\hahakege.exe
c:\windows\system32\hedafatu.dll
c:\windows\system32\heyigula.dll
c:\windows\system32\hiheteki.dll
c:\windows\system32\hilijizi.dll
c:\windows\system32\hiragege.dll
c:\windows\system32\hirihipo.dll
c:\windows\system32\hizelizu.exe
c:\windows\system32\hofofema.exe
c:\windows\system32\hogayapu.dll
c:\windows\system32\hoseyima.dll
c:\windows\system32\hufugido.dll
c:\windows\system32\irurovuk.ini
c:\windows\system32\japanupa.dll
c:\windows\system32\jesuvaya.dll
c:\windows\system32\jibanehi.exe
c:\windows\system32\jileyemu.dll
c:\windows\system32\jivabefu.exe
c:\windows\system32\jugamoga.dll
c:\windows\system32\kelidedi.dll
c:\windows\system32\kemaniwu.dll
c:\windows\system32\kihipapo.exe
c:\windows\system32\kojizayu.dll
c:\windows\system32\kupuruzi.dll
c:\windows\system32\kuvimulo.exe
c:\windows\system32\larapena.exe
c:\windows\system32\laroriwa.dll
c:\windows\system32\lavisuko.dll
c:\windows\system32\lijaduhi.dll
c:\windows\system32\mahozege.dll
c:\windows\system32\masekaba.dll
c:\windows\system32\mefumudo.dll
c:\windows\system32\mokagesi.dll
c:\windows\system32\nazurugu.dll
c:\windows\system32\nedosoye.exe
c:\windows\system32\nezebuka.dll
c:\windows\system32\nozidepa.dll
c:\windows\system32\nubakuja.dll
c:\windows\system32\nuzadayi.dll
c:\windows\system32\ogujegud.ini
c:\windows\system32\ovfsthlbfrfuajxnejsyymaiiixfouuphhwpnr.dat
c:\windows\system32\ovfsthqduwnayyytsushurynnuwmaptknbkbka.dll
c:\windows\system32\ovfsthqfeabuoktoppebygmtavqomckqhijwry.dat
c:\windows\system32\ovfsthxofguavreydwmfeexlrrncbqkltqbjrk.dll
c:\windows\system32\ovfsthyybapveuveolahgpokdnxowtjuydeeal.dll
c:\windows\system32\p2hhr.bat
c:\windows\system32\pigofube.dll
c:\windows\system32\PpoUDJjl.ini
c:\windows\system32\PpoUDJjl.ini2
c:\windows\system32\pukerafe.dll
c:\windows\system32\puyikuhe.dll
c:\windows\system32\risozope.dll
c:\windows\system32\rogiwunu.dll
c:\windows\system32\rugalilu.dll
c:\windows\system32\rujamika.dll
c:\windows\system32\sabafiru.dll
c:\windows\system32\sapahore.dll
c:\windows\system32\sekanayi.exe
c:\windows\system32\silebovu.dll
c:\windows\system32\soluwale.dll
c:\windows\system32\sopakowo.dll
c:\windows\system32\soyivita.dll
c:\windows\system32\teyufeve.dll
c:\windows\system32\tifunalo.dll
c:\windows\system32\tisitora.dll
c:\windows\system32\tiyanezi.dll
c:\windows\system32\tugokira.dll
c:\windows\system32\tuzoyefo.dll
c:\windows\system32\uguruzan.ini
c:\windows\system32\umeyelij.ini
c:\windows\system32\usoniged.ini
c:\windows\system32\uwinamek.ini
c:\windows\system32\vidaboze.exe
c:\windows\system32\vodonoma.exe
c:\windows\system32\vufurajo.dll
c:\windows\system32\warejugo.exe
c:\windows\system32\Winset20.exe
c:\windows\system32\wipotazi.exe
c:\windows\system32\wuhahate.dll
c:\windows\system32\wukodovu.exe
c:\windows\system32\yisihude.dll
c:\windows\system32\yiwuyipa.exe
c:\windows\system32\zakevate.exe
c:\windows\system32\zerudibo.dll
c:\windows\system32\zoyageze.dll
c:\windows\system32\zuyavizu.dll
C:\xcrashdump.dat
E:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://82.98.235.205
Infected copy of c:\windows\system32\sfcfiles.dll was found and disinfected
Restored copy from - c:\i386\sfcfiles.dll


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthctrhsrhkaiwxbtaqodgvadxrvcsxhdku
-------\Legacy_SFC
-------\Service_sfc


((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.

2009-04-23 21:56 . 2009-04-23 21:56 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-23 21:56 . 2009-04-23 21:56 84045 ----a-w c:\windows\system32\ftp_non_crp.exe
2009-04-23 21:41 . 2009-04-23 21:41 39424 ----a-w c:\windows\system32\winglsetup.exe
2009-04-21 20:44 . 2009-04-21 20:44 -------- d-----w c:\documents and settings\DAD\Local Settings\Application Data\Mozilla
2009-04-21 20:43 . 2009-04-21 20:43 -------- d-----w c:\documents and settings\DAD\Local Settings\Application Data\Identities
2009-04-21 20:43 . 2009-04-21 20:43 -------- d-----w c:\documents and settings\DAD\Application Data\Windows Desktop Search
2009-04-19 16:00 . 2009-04-19 16:36 52224 ----a-w c:\windows\system32\sisofeda.exe
2009-04-16 05:16 . 2009-04-26 04:25 -------- d-----w c:\documents and settings\BELLS\Application Data\digifast
2009-04-16 05:11 . 2009-04-26 04:26 -------- d-----w c:\documents and settings\BELLS\Application Data\Twain
2009-04-16 05:06 . 2009-04-16 23:20 -------- d-----w c:\program files\WWShow
2009-04-16 05:01 . 2009-04-16 23:20 -------- d-----w c:\program files\Jcore
2009-04-16 04:12 . 2009-04-16 04:12 -------- d-----w c:\windows\SxsCaPendDel
2009-04-15 14:27 . 2009-04-15 14:27 74240 ----a-w c:\windows\system32\zlib.dll
2009-04-15 04:54 . 2009-04-26 04:25 -------- d-----w c:\documents and settings\BELLS\Application Data\pidle
2009-04-15 04:39 . 2006-10-04 14:06 1197294 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 04:39 . 2006-10-04 14:06 764868 ------w c:\windows\system32\dllcache\apph_sp.sdb
2009-04-15 04:39 . 2006-10-04 14:06 217118 ------w c:\windows\system32\dllcache\apphelp.sdb
2009-04-15 04:38 . 2009-04-15 04:38 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-15 04:36 . 2009-04-15 04:37 -------- d-----w C:\48c9cea7e48d6b4929
2009-04-15 04:36 . 2009-04-15 04:37 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-15 04:36 . 2009-04-15 04:36 -------- d-----w C:\6f41b3aada9fbbd4a7b08051a615f7a8
2009-04-09 05:47 . 2009-04-09 05:47 -------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-04-09 05:46 . 2009-04-09 05:46 -------- d-----w c:\documents and settings\BELLS\Application Data\AVS4YOU
2009-04-09 05:46 . 2009-04-09 05:46 -------- d-----w c:\program files\Common Files\AVSMedia
2009-04-09 05:46 . 2003-05-21 16:50 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-04-09 05:46 . 2009-04-16 03:55 -------- d-----w c:\program files\AVS4YOU
2009-04-03 02:15 . 2009-04-03 02:15 -------- d-----w c:\documents and settings\BELLS\Application Data\HP
2009-04-03 02:05 . 2009-04-03 02:06 -------- d-----w c:\program files\Shockwave.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 21:25 . 2009-01-25 21:25 50688 --sha-w c:\windows\system32\ravoruna.exe
2009-04-25 04:02 . 2009-01-25 04:02 52224 --sha-w c:\windows\system32\dukeyiwa.exe
2009-04-24 02:16 . 2009-03-19 02:47 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-23 21:44 . 2006-11-15 17:30 -------- d-----w c:\program files\Trend Micro
2009-04-22 02:34 . 2009-02-06 00:42 -------- d-----w c:\documents and settings\BELLS\Application Data\LimeWire
2009-04-22 00:19 . 2009-02-06 00:41 -------- d-----w c:\program files\LimeWire
2009-04-21 10:51 . 2009-01-21 10:51 50688 --sha-w c:\windows\system32\yamijoja.exe
2009-04-19 02:57 . 2009-01-19 02:57 52224 --sha-w c:\windows\system32\geyafiki.exe
2009-04-17 04:12 . 2006-11-15 17:20 -------- d-----w c:\program files\Java
2009-04-09 05:46 . 2009-02-04 00:33 76704 ----a-w c:\documents and settings\BELLS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 23:46 . 2009-03-12 23:22 -------- d-----w c:\program files\AIMTunes
2009-04-06 02:44 . 2009-02-05 23:51 -------- d-----w c:\documents and settings\BELLS\Application Data\Vso
2009-04-05 03:21 . 2009-02-28 19:03 34 ----a-w c:\documents and settings\BELLS\jagex_runescape_preferences.dat
2009-04-04 04:06 . 2009-02-12 01:48 3140 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-04 04:06 . 2009-02-08 04:57 -------- d-----w c:\documents and settings\BELLS\Application Data\Corel
2009-03-22 19:56 . 2006-11-15 17:28 2231 ---ha-w C:\IPH.PH
2009-03-22 03:21 . 2009-03-22 03:21 -------- d-----w c:\documents and settings\BELLS\Application Data\acccore
2009-03-22 03:21 . 2009-03-22 03:17 -------- d-----w c:\program files\AIM6
2009-03-22 03:21 . 2006-11-15 17:29 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-22 03:21 . 2009-03-22 03:21 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-03-22 03:20 . 2006-11-15 17:28 -------- d-----w c:\program files\Common Files\AOL
2009-03-19 02:47 . 2009-03-19 02:47 -------- d-----w c:\documents and settings\BELLS\Application Data\URSoft
2009-03-17 23:56 . 2009-03-17 23:55 -------- d-----w c:\program files\iTunes
2009-03-17 23:56 . 2009-03-17 23:55 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-17 23:55 . 2009-03-17 23:55 -------- d-----w c:\program files\iPod
2009-03-17 23:55 . 2009-02-04 01:08 -------- d-----w c:\program files\Common Files\Apple
2009-03-17 23:54 . 2009-03-17 23:54 -------- d-----w c:\program files\Bonjour
2009-03-12 23:23 . 2009-03-12 23:21 -------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2009-03-12 23:22 . 2009-03-12 23:22 -------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2009-03-12 23:22 . 2009-03-12 23:22 -------- d-----w c:\program files\Common Files\Software Update Utility
2009-03-12 23:22 . 2009-03-12 23:22 -------- d-----w c:\program files\AIM Toolbar
2009-03-12 23:22 . 2009-03-12 23:22 -------- d-----w c:\documents and settings\All Users\Application Data\AIM Toolbar
2009-03-12 23:21 . 2009-03-12 23:21 -------- d-----w c:\program files\AIM Search
2009-03-12 23:21 . 2006-11-15 17:29 -------- d-----w c:\program files\Viewpoint
2009-03-12 23:21 . 2006-11-15 17:28 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-03-09 09:19 . 2009-02-06 00:42 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 03:59 . 2009-03-17 23:52 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2009-02-04 01:08 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-01 05:09 . 2009-03-01 05:09 -------- d-----w c:\documents and settings\BELLS\Application Data\AdobeUM
2009-02-19 01:17 . 2009-02-19 01:03 137623 ----a-w c:\windows\HPHins15.dat
2009-02-14 18:20 . 2009-02-14 18:20 128 ----a-w c:\documents and settings\BELLS\Local Settings\Application Data\fusioncache.dat
2009-02-04 00:29 . 2009-02-04 00:29 4128 ----a-w C:\INFCACHE.1
2009-04-16 05:2009-04-16 05:17 17:10 . c:\program files\mozilla firefox\components\dfff.dll
2009-01-19 03:09 . 2009-01-19 03:09 49152 --sha-w c:\windows\system32\soyitajo.dll.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-03-09 09:18 35840 ----a-w c:\program files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-03-09 09:18 73728 ----a-w c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-12 176201]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-11-15 169984]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-15 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ li

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\system32\\searchindexer.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 12\\PcCtlCom.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 12\\TmPfw.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=

R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-15 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2008-11-26 205328]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2008-11-26 36368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{D7BF4552-94F1-42BD-F434-3604812C856D} - c:\windows\system32\jh9fgo4ksdgf.dll
HKCU-Run-prunnet - c:\windows\system32\prunnet.exe
HKCU-Run-3F - c:\documents and settings\BELLS\Application Data\Microsoft\Windows\gnnkgj.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-prunnet - c:\windows\system32\prunnet.exe
HKU-Default-Run-Windows Resurections - c:\windows\TEMP\ibhr562nz.exe
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\2499015080.exe
HKU-Default-Run-A00FE5138.exe - c:\windows\TEMP\_A00FE5138.exe
SharedTaskScheduler-{8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
SharedTaskScheduler-{D7BF4552-94F1-42BD-F434-3604812C856D} - c:\windows\system32\jh9fgo4ksdgf.dll
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rugalilu.dll
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
SSODL-WebCheck-{E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\system32\webcheck.dll
Notify-__c00DB04 - c:\windows\system32\__c00DB04.dat


.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com/
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
IE: {{92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\MI1933~1\Office12\REFIEBAR.DLL
IE: {{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - c:\progra~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
FF - ProfilePath - c:\documents and settings\BELLS\Application Data\Mozilla\Firefox\Profiles\icb3y7gj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - component: c:\program files\Mozilla Firefox\components\dfff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 00:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3180)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\searchindexer.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-04-26 0:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-26 04:34

Pre-Run: 90,882,916,352 bytes free
Post-Run: 91,439,685,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

410 --- E O F --- 2009-02-17 22:18

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:57 PM

Posted 26 April 2009 - 10:39 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
c:\windows\system32\SelfDel.bat
c:\windows\system32\ftp_non_crp.exe
c:\windows\system32\winglsetup.exe
c:\windows\system32\sisofeda.exe
c:\windows\system32\ravoruna.exe
c:\windows\system32\dukeyiwa.exe
c:\windows\system32\yamijoja.exe
c:\windows\system32\geyafiki.exe
c:\windows\system32\soyitajo.dll.tmp
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 soccergb19

soccergb19
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 26 April 2009 - 02:49 PM

Here's the ComboFix log. I haven't run the Anti-Marlware program yet but i'll do it now

ComboFix 09-04-25.A3 - BELLS 04/26/2009 15:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.549 [GMT -4:00]
Running from: c:\documents and settings\BELLS\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\BELLS\Desktop\CFScript.txt
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.

2009-04-26 06:40 . 2009-03-06 14:00 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-26 06:40 . 2009-02-09 10:01 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-26 06:40 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-26 06:40 . 2005-07-26 04:20 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-26 06:40 . 2009-02-09 10:01 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-26 06:40 . 2009-02-06 10:22 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-26 06:40 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-26 06:40 . 2009-02-09 10:01 728576 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-26 06:40 . 2009-02-09 10:01 617984 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-26 06:40 . 2009-02-09 10:01 715264 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-26 04:41 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-26 04:32 . 2008-10-16 18:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-26 04:32 . 2008-10-16 18:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-26 04:32 . 2008-10-16 18:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-23 21:56 . 2009-04-23 21:56 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-23 21:56 . 2009-04-23 21:56 84045 ----a-w c:\windows\system32\ftp_non_crp.exe
2009-04-23 21:41 . 2009-04-23 21:41 39424 ----a-w c:\windows\system32\winglsetup.exe
2009-04-21 20:44 . 2009-04-21 20:44 -------- d-----w c:\documents and settings\DAD\Local Settings\Application Data\Mozilla
2009-04-21 20:43 . 2009-04-21 20:43 -------- d-----w c:\documents and settings\DAD\Local Settings\Application Data\Identities
2009-04-21 20:43 . 2009-04-21 20:43 -------- d-----w c:\documents and settings\DAD\Application Data\Windows Desktop Search
2009-04-19 16:00 . 2009-04-19 16:36 52224 ----a-w c:\windows\system32\sisofeda.exe
2009-04-16 05:16 . 2009-04-26 04:25 -------- d-----w c:\documents and settings\BELLS\Application Data\digifast
2009-04-16 05:11 . 2009-04-26 04:26 -------- d-----w c:\documents and settings\BELLS\Application Data\Twain
2009-04-16 05:06 . 2009-04-16 23:20 -------- d-----w c:\program files\WWShow
2009-04-16 05:01 . 2009-04-16 23:20 -------- d-----w c:\program files\Jcore
2009-04-16 04:12 . 2009-04-16 04:12 -------- d-----w c:\windows\SxsCaPendDel
2009-04-15 14:27 . 2009-04-15 14:27 74240 ----a-w c:\windows\system32\zlib.dll
2009-04-15 04:54 . 2009-04-26 04:25 -------- d-----w c:\documents and settings\BELLS\Application Data\pidle
2009-04-15 04:39 . 2009-03-27 07:09 1193414 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 04:39 . 2006-10-04 14:06 764868 ------w c:\windows\system32\dllcache\apph_sp.sdb
2009-04-15 04:39 . 2006-10-04 14:06 217118 ------w c:\windows\system32\dllcache\apphelp.sdb
2009-04-15 04:38 . 2009-04-15 04:38 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-15 04:36 . 2009-04-15 04:37 -------- d-----w C:\48c9cea7e48d6b4929
2009-04-15 04:36 . 2009-04-15 04:37 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-15 04:36 . 2009-04-15 04:36 -------- d-----w C:\6f41b3aada9fbbd4a7b08051a615f7a8
2009-04-09 05:47 . 2009-04-09 05:47 -------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-04-09 05:46 . 2009-04-09 05:46 -------- d-----w c:\documents and settings\BELLS\Application Data\AVS4YOU
2009-04-09 05:46 . 2009-04-09 05:46 -------- d-----w c:\program files\Common Files\AVSMedia
2009-04-09 05:46 . 2003-05-21 16:50 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-04-09 05:46 . 2009-04-16 03:55 -------- d-----w c:\program files\AVS4YOU
2009-04-03 02:15 . 2009-04-03 02:15 -------- d-----w c:\documents and settings\BELLS\Application Data\HP
2009-04-03 02:05 . 2009-04-03 02:06 -------- d-----w c:\program files\Shockwave.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 14:10 . 2009-02-17 23:27 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-26 06:39 . 2006-11-15 17:33 -------- d-----w c:\program files\Microsoft Works
2009-04-26 06:36 . 2009-02-06 00:42 -------- d-----w c:\documents and settings\BELLS\Application Data\LimeWire
2009-04-25 21:25 . 2009-01-25 21:25 50688 --sha-w c:\windows\system32\ravoruna.exe
2009-04-25 04:02 . 2009-01-25 04:02 52224 --sha-w c:\windows\system32\dukeyiwa.exe
2009-04-24 02:16 . 2009-03-19 02:47 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-23 21:44 . 2006-11-15 17:30 -------- d-----w c:\program files\Trend Micro
2009-04-22 00:19 . 2009-02-06 00:41 -------- d-----w c:\program files\LimeWire
2009-04-21 10:51 . 2009-01-21 10:51 50688 --sha-w c:\windows\system32\yamijoja.exe
2009-04-19 02:57 . 2009-01-19 02:57 52224 --sha-w c:\windows\system32\geyafiki.exe
2009-04-17 04:12 . 2006-11-15 17:20 -------- d-----w c:\program files\Java
2009-04-09 05:46 . 2009-02-04 00:33 76704 ----a-w c:\documents and settings\BELLS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 23:46 . 2009-03-12 23:22 -------- d-----w c:\program files\AIMTunes
2009-04-06 02:44 . 2009-02-05 23:51 -------- d-----w c:\documents and settings\BELLS\Application Data\Vso
2009-04-05 03:21 . 2009-02-28 19:03 34 ----a-w c:\documents and settings\BELLS\jagex_runescape_preferences.dat
2009-04-04 04:06 . 2009-02-12 01:48 3140 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-04 04:06 . 2009-02-08 04:57 -------- d-----w c:\documents and settings\BELLS\Application Data\Corel
2009-03-22 19:56 . 2006-11-15 17:28 2231 ---ha-w C:\IPH.PH
2009-03-22 03:21 . 2009-03-22 03:21 -------- d-----w c:\documents and settings\BELLS\Application Data\acccore
2009-03-22 03:21 . 2009-03-22 03:17 -------- d-----w c:\program files\AIM6
2009-03-22 03:21 . 2006-11-15 17:29 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-22 03:21 . 2009-03-22 03:21 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-03-22 03:20 . 2006-11-15 17:28 -------- d-----w c:\program files\Common Files\AOL
2009-03-21 14:18 . 2009-03-21 14:18 986112 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-19 02:47 . 2009-03-19 02:47 -------- d-----w c:\documents and settings\BELLS\Application Data\URSoft
2009-03-17 23:56 . 2009-03-17 23:55 -------- d-----w c:\program files\iTunes
2009-03-17 23:56 . 2009-03-17 23:55 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-17 23:55 . 2009-03-17 23:55 -------- d-----w c:\program files\iPod
2009-03-17 23:55 . 2009-02-04 01:08 -------- d-----w c:\program files\Common Files\Apple
2009-03-17 23:54 . 2009-03-17 23:54 -------- d-----w c:\program files\Bonjour
2009-03-12 23:23 . 2009-03-12 23:21 -------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2009-03-12 23:22 . 2009-03-12 23:22 -------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2009-03-12 23:22 . 2009-03-12 23:22 -------- d-----w c:\program files\Common Files\Software Update Utility
2009-03-12 23:22 . 2009-03-12 23:22 -------- d-----w c:\program files\AIM Toolbar
2009-03-12 23:22 . 2009-03-12 23:22 -------- d-----w c:\documents and settings\All Users\Application Data\AIM Toolbar
2009-03-12 23:21 . 2009-03-12 23:21 -------- d-----w c:\program files\AIM Search
2009-03-12 23:21 . 2006-11-15 17:29 -------- d-----w c:\program files\Viewpoint
2009-03-12 23:21 . 2006-11-15 17:28 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-03-09 09:19 . 2009-02-06 00:42 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:00 . 2004-08-11 22:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-17 23:52 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2009-02-04 01:08 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-02 23:27 . 2006-11-15 17:21 1499136 ------w c:\windows\system32\dllcache\shdocvw.dll
2009-03-01 05:09 . 2009-03-01 05:09 -------- d-----w c:\documents and settings\BELLS\Application Data\AdobeUM
2009-02-20 21:44 . 2006-05-19 13:08 3067904 ------w c:\windows\system32\dllcache\mshtml.dll
2009-02-19 09:50 . 2006-11-15 17:21 18432 ------w c:\windows\system32\dllcache\iedw.exe
2009-02-19 01:17 . 2009-02-19 01:03 137623 ----a-w c:\windows\HPHins15.dat
2009-02-14 18:20 . 2009-02-14 18:20 128 ----a-w c:\documents and settings\BELLS\Local Settings\Application Data\fusioncache.dat
2009-02-10 22:31 . 2009-02-10 22:31 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 10:19 . 2009-02-05 22:20 1846272 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 10:19 . 2004-08-11 22:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2004-08-11 22:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2004-08-11 22:00 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2004-08-11 22:00 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2004-08-11 22:00 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:32 . 2009-02-05 22:09 2186112 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 10:29 . 2009-02-05 22:10 2142720 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 10:29 . 2004-08-11 22:00 2142720 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2004-08-11 22:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2004-08-11 22:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2009-02-05 22:09 2020864 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 09:49 . 2004-08-04 03:59 2020864 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 09:49 . 2009-02-05 22:09 2062976 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-04 00:29 . 2009-02-04 00:29 4128 ----a-w C:\INFCACHE.1
2009-02-03 20:08 . 2009-02-03 20:08 55808 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 20:08 . 2004-08-11 22:00 55808 ----a-w c:\windows\system32\secur32.dll
2009-04-16 05:2009-04-16 05:17 17:10 . c:\program files\mozilla firefox\components\dfff.dll
2009-01-19 03:09 . 2009-01-19 03:09 49152 --sha-w c:\windows\system32\soyitajo.dll.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-04-26_04.31.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-15 17:25 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2009-04-15 04:38 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2004-08-11 22:00 . 2008-10-16 10:20 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-11 22:00 . 2009-02-20 08:14 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-11 22:00 . 2009-04-26 18:25 60490 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2009-03-10 21:53 60490 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:11 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-11 22:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2004-08-11 22:00 . 2004-08-04 10:00 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-11 22:11 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2004-08-11 22:11 . 2004-08-04 10:00 58880 c:\windows\system32\msdtclog.dll
- 2004-08-11 22:00 . 2008-10-16 10:20 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-11 22:00 . 2009-02-20 08:14 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-11 22:00 . 2009-02-20 08:14 96256 c:\windows\system32\inseng.dll
- 2004-08-11 22:00 . 2008-10-16 10:20 96256 c:\windows\system32\inseng.dll
+ 2004-08-11 22:00 . 2009-02-20 08:14 81920 c:\windows\system32\ieencode.dll
- 2004-08-11 22:00 . 2004-08-04 10:00 81920 c:\windows\system32\ieencode.dll
+ 2004-08-11 22:00 . 2009-02-20 08:14 55808 c:\windows\system32\extmgr.dll
- 2004-08-11 22:00 . 2008-10-16 10:20 55808 c:\windows\system32\extmgr.dll
- 2006-11-15 17:21 . 2008-10-16 10:20 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-11-15 17:21 . 2009-02-20 08:14 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2006-11-15 17:21 . 2009-02-20 08:14 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-11-15 17:21 . 2008-10-16 10:20 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-11-15 17:21 . 2009-02-20 08:14 96256 c:\windows\system32\dllcache\inseng.dll
- 2006-11-15 17:21 . 2008-10-16 10:20 96256 c:\windows\system32\dllcache\inseng.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 81920 c:\windows\system32\dllcache\ieencode.dll
- 2006-11-15 17:21 . 2008-10-16 10:20 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2006-11-15 17:21 . 2009-02-20 08:14 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-11 22:11 . 2005-07-26 04:20 60416 c:\windows\system32\colbact.dll
+ 2009-02-17 23:36 . 2009-04-26 14:10 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-02-17 23:36 . 2009-02-17 23:36 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-02-17 23:36 . 2009-02-17 23:36 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-17 23:36 . 2009-04-26 14:10 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-02-17 23:36 . 2009-02-17 23:36 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-17 23:36 . 2009-04-26 14:10 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2006-11-15 17:34 . 2006-11-15 17:34 17534 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\gtngstrtd.exe
+ 2006-11-15 17:34 . 2009-04-26 06:40 17534 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\gtngstrtd.exe
+ 2006-11-15 17:34 . 2009-04-26 06:40 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_B8B1511D9331_467C_9B1B_E8204012E95B.exe
- 2006-11-15 17:34 . 2006-11-15 17:34 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_B8B1511D9331_467C_9B1B_E8204012E95B.exe
- 2006-11-15 17:34 . 2006-11-15 17:34 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_630CEEA9B210_4765_A2B1_FC24596048D7.exe
+ 2006-11-15 17:34 . 2009-04-26 06:40 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_630CEEA9B210_4765_A2B1_FC24596048D7.exe
+ 2006-11-15 17:34 . 2009-04-26 06:40 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe
- 2006-11-15 17:34 . 2006-11-15 17:34 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe
+ 2006-10-27 02:17 . 2006-10-27 02:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-27 20:11 . 2006-10-27 20:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 20:16 . 2006-10-27 20:16 46864 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 87344 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DLGSETP.DLL
- 2006-11-15 17:34 . 2006-11-15 17:34 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\WSBico.exe
+ 2006-11-15 17:34 . 2009-04-26 06:40 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\WSBico.exe
- 2006-11-15 17:34 . 2006-11-15 17:34 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\Win2Kico.exe
+ 2006-11-15 17:34 . 2009-04-26 06:40 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\Win2Kico.exe
- 2006-11-15 17:19 . 2008-10-15 14:00 351744 c:\windows\system32\xpsp3res.dll
+ 2006-11-15 17:19 . 2009-02-19 09:47 351744 c:\windows\system32\xpsp3res.dll
+ 2006-10-19 01:47 . 2008-06-24 22:12 295936 c:\windows\system32\wmpeffects.dll
- 2006-10-19 01:47 . 2006-10-19 01:47 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-11 22:00 . 2008-06-18 09:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2004-08-11 22:00 . 2007-10-27 21:40 222720 c:\windows\system32\wmasf.dll
+ 2004-08-11 22:00 . 2009-02-20 08:14 668160 c:\windows\system32\wininet.dll
+ 2004-08-11 22:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2004-08-11 22:00 . 2004-08-04 10:00 351232 c:\windows\system32\winhttp.dll
+ 2004-08-11 22:11 . 2009-02-06 09:41 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-11 22:11 . 2009-02-10 22:31 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-11 22:11 . 2009-02-09 10:01 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-11 22:00 . 2009-02-20 08:14 619520 c:\windows\system32\urlmon.dll
+ 2004-08-11 22:00 . 2009-02-20 08:14 474112 c:\windows\system32\shlwapi.dll
- 2004-08-11 22:00 . 2008-10-16 10:20 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-11 22:00 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
- 2004-08-11 22:00 . 2004-08-04 10:00 144896 c:\windows\system32\schannel.dll
- 2004-08-11 22:00 . 2009-03-10 21:53 402736 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2009-04-26 18:25 402736 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2009-02-20 08:14 532480 c:\windows\system32\mstime.dll
- 2004-08-11 22:00 . 2008-10-16 10:20 532480 c:\windows\system32\mstime.dll
+ 2004-08-11 22:00 . 2006-12-04 20:21 414720 c:\windows\system32\msscp.dll
+ 2004-08-11 22:00 . 2009-02-20 08:14 146432 c:\windows\system32\msrating.dll
- 2004-08-11 22:00 . 2008-10-16 10:20 146432 c:\windows\system32\msrating.dll
+ 2004-08-11 22:00 . 2009-02-20 08:14 449024 c:\windows\system32\mshtmled.dll
- 2004-08-11 22:00 . 2008-10-16 10:20 449024 c:\windows\system32\mshtmled.dll
+ 2004-08-11 22:11 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-11 22:11 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-11 22:11 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
- 2004-08-11 22:00 . 2006-10-19 00:03 100864 c:\windows\system32\logagent.exe
+ 2004-08-11 22:00 . 2008-06-18 05:09 100864 c:\windows\system32\logagent.exe
+ 2004-08-11 22:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
- 2004-08-11 22:00 . 2008-10-16 10:20 251904 c:\windows\system32\iepeers.dll
+ 2004-08-11 22:00 . 2009-02-20 08:14 251904 c:\windows\system32\iepeers.dll
+ 2004-08-11 22:06 . 2009-04-26 18:21 288496 c:\windows\system32\FNTCACHE.DAT
- 2004-08-11 22:06 . 2009-04-10 02:53 288496 c:\windows\system32\FNTCACHE.DAT
- 2004-08-11 22:00 . 2008-10-16 10:20 205312 c:\windows\system32\dxtrans.dll
+ 2004-08-11 22:00 . 2009-02-20 08:14 205312 c:\windows\system32\dxtrans.dll
- 2004-08-11 22:00 . 2008-10-16 10:20 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-11 22:00 . 2009-02-20 08:14 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-11 22:00 . 2008-06-18 09:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-11 22:00 . 2007-10-27 21:40 222720 c:\windows\system32\dllcache\wmasf.dll
+ 2006-11-15 17:21 . 2009-02-20 08:14 668160 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2006-11-15 17:21 . 2009-02-20 08:14 619520 c:\windows\system32\dllcache\urlmon.dll
- 2006-11-15 17:21 . 2008-10-16 10:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-11-15 17:21 . 2009-02-20 08:14 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-12-05 07:12 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
+ 2006-11-15 17:21 . 2009-02-20 08:14 532480 c:\windows\system32\dllcache\mstime.dll
- 2006-11-15 17:21 . 2008-10-16 10:20 532480 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-11 22:00 . 2006-12-04 20:21 414720 c:\windows\system32\dllcache\msscp.dll
- 2006-11-15 17:21 . 2008-10-16 10:20 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-11-15 17:21 . 2009-02-20 08:14 146432 c:\windows\system32\dllcache\msrating.dll
- 2006-11-15 17:21 . 2008-10-16 10:20 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-11-15 17:21 . 2009-02-20 08:14 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2004-08-11 22:00 . 2006-10-19 00:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-11 22:00 . 2008-06-18 05:09 100864 c:\windows\system32\dllcache\logagent.exe
- 2006-11-15 17:21 . 2008-10-16 10:20 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2006-11-15 17:21 . 2009-02-20 08:14 251904 c:\windows\system32\dllcache\iepeers.dll
- 2006-11-15 17:21 . 2008-10-16 10:20 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-11-15 17:21 . 2009-02-20 08:14 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-11-15 17:21 . 2009-02-20 08:14 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-11-15 17:21 . 2008-10-16 10:20 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-11-15 17:21 . 2009-02-20 08:14 151040 c:\windows\system32\dllcache\cdfview.dll
- 2006-11-15 17:21 . 2008-10-16 10:20 151040 c:\windows\system32\dllcache\cdfview.dll
- 2004-08-11 22:00 . 2008-10-16 10:20 151040 c:\windows\system32\cdfview.dll
+ 2004-08-11 22:00 . 2009-02-20 08:14 151040 c:\windows\system32\cdfview.dll
- 2009-02-17 23:36 . 2009-02-17 23:36 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-17 23:36 . 2009-04-26 14:10 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-02-17 23:36 . 2009-02-17 23:36 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-17 23:36 . 2009-04-26 14:10 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-17 23:36 . 2009-04-26 14:10 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2009-02-17 23:36 . 2009-02-17 23:36 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2009-02-17 23:36 . 2009-02-17 23:36 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-17 23:36 . 2009-04-26 14:10 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2009-02-17 23:36 . 2009-02-17 23:36 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-17 23:36 . 2009-04-26 14:10 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2009-02-17 23:36 . 2009-02-17 23:36 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-17 23:36 . 2009-04-26 14:10 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2006-11-15 17:34 . 2009-04-26 06:40 184320 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
- 2006-11-15 17:34 . 2006-11-15 17:34 184320 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
+ 2006-06-04 23:20 . 2006-06-04 23:20 225280 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20963_wkssole.dll
+ 2006-10-27 20:23 . 2006-10-27 20:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-27 01:55 . 2006-10-27 01:55 272744 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 263520 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-27 01:09 . 2006-10-27 01:09 590144 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-27 20:04 . 2006-10-27 20:04 624456 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 413472 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 01:09 . 2006-10-27 01:09 136008 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2009-02-17 23:33 . 2009-02-17 23:33 248632 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-27 20:04 . 2006-10-27 20:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 20:16 . 2006-10-27 20:16 176976 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 20:16 . 2006-10-27 20:16 594256 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 01:34 . 2006-10-27 01:34 192848 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-27 01:34 . 2006-10-27 01:34 660792 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-27 20:04 . 2006-10-27 20:04 497504 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 340248 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 138024 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 20:16 . 2006-10-27 20:16 133936 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2009-04-26 06:41 . 2009-04-26 06:41 250928 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2004-08-11 22:00 . 2008-06-18 09:03 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-11 22:00 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
+ 2004-08-11 22:00 . 2009-03-02 23:27 1499136 c:\windows\system32\shdocvw.dll
- 2004-08-11 22:00 . 2008-10-16 10:20 1499136 c:\windows\system32\shdocvw.dll
- 2004-08-11 22:00 . 2008-05-07 05:18 1287680 c:\windows\system32\quartz.dll
+ 2004-08-11 22:00 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
+ 2004-08-11 22:00 . 2009-02-20 21:44 3067904 c:\windows\system32\mshtml.dll
+ 2004-08-11 22:00 . 2008-06-18 09:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-07-03 13:16 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2008-05-07 05:18 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
- 2008-05-07 05:18 . 2008-05-07 05:18 1287680 c:\windows\system32\dllcache\quartz.dll
- 2006-11-15 17:21 . 2008-10-16 10:20 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-11-15 17:21 . 2009-02-20 08:14 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-11-15 17:21 . 2009-02-20 08:14 1024000 c:\windows\system32\dllcache\browseui.dll
- 2006-11-15 17:21 . 2008-10-16 10:20 1024000 c:\windows\system32\dllcache\browseui.dll
- 2004-08-11 22:00 . 2008-10-16 10:20 1054208 c:\windows\system32\danim.dll
+ 2004-08-11 22:00 . 2009-02-20 08:14 1054208 c:\windows\system32\danim.dll
- 2004-08-11 22:00 . 2008-10-16 10:20 1024000 c:\windows\system32\browseui.dll
+ 2004-08-11 22:00 . 2009-02-20 08:14 1024000 c:\windows\system32\browseui.dll
- 2009-02-17 23:36 . 2009-02-17 23:36 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-17 23:36 . 2009-04-26 14:10 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-17 23:36 . 2009-04-26 14:10 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2009-02-17 23:36 . 2009-02-17 23:36 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-06-04 23:20 . 2006-06-04 23:20 2023424 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F22194_wksssdb.dll
+ 2006-06-04 23:20 . 2006-06-04 23:20 1712128 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20954_gdiplus.dll
+ 2006-10-27 20:11 . 2006-10-27 20:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 20:04 . 2006-10-27 20:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-09-15 21:25 . 2006-09-15 21:25 3611416 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 20:16 . 2006-10-27 20:16 2939704 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-27 20:18 . 2006-10-27 20:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 01:42 . 2006-10-27 01:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-27 20:04 . 2006-10-27 20:04 9581360 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2009-02-05 22:09 . 2009-02-06 10:32 2186112 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2006-11-15 17:22 . 2008-08-14 09:18 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2006-11-15 17:22 . 2009-02-06 09:49 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-05 22:09 . 2009-02-06 09:49 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-05 22:09 . 2008-08-14 09:18 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2006-11-15 17:22 . 2008-08-14 09:55 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2006-11-15 17:22 . 2009-02-06 10:29 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2004-08-11 22:00 . 2008-11-11 22:34 10838016 c:\windows\system32\wmp.dll
+ 2009-04-26 14:07 . 2009-04-06 11:57 24921544 c:\windows\system32\MRT.exe
+ 2004-08-11 22:00 . 2008-11-11 22:34 10838016 c:\windows\system32\dllcache\wmp.dll
+ 2006-10-27 02:13 . 2006-10-27 02:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 20:23 . 2006-10-27 20:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 20:16 . 2006-10-27 20:16 12813096 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 20:26 . 2006-10-27 20:26 16870712 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 20:07 . 2006-10-27 20:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\EXCEL.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-12 176201]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-11-15 169984]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-15 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ li

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\system32\\searchindexer.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 12\\PcCtlCom.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 12\\TmPfw.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=

R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-15 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2008-11-26 205328]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2008-11-26 36368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com/
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\BELLS\Application Data\Mozilla\Firefox\Profiles\icb3y7gj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - component: c:\program files\Mozilla Firefox\components\dfff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 15:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(4064)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\searchindexer.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-04-26 15:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-26 19:46
ComboFix2.txt 2009-04-26 04:35

Pre-Run: 89,720,111,104 bytes free
Post-Run: 89,725,267,968 bytes free

479 --- E O F --- 2009-04-26 14:10

#8 soccergb19

soccergb19
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 26 April 2009 - 02:59 PM

Here's the Malwarebytes' log. My computer seems to be working much better now

Malwarebytes' Anti-Malware 1.36
Database version: 2045
Windows 5.1.2600 Service Pack 2

4/26/2009 3:57:16 PM
mbam-log-2009-04-26 (15-57-16).txt

Scan type: Quick Scan
Objects scanned: 86559
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Mozilla Firefox\components\dfff.dll (Trojan.Agent.V) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\BELLS\Application Data\digifast (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WWShow (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\BELLS\Application Data\pidle (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Jcore (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Mozilla Firefox\components\dfff.dll (Trojan.Agent.V) -> Delete on reboot.
C:\WINDOWS\system32\geyafiki.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sisofeda.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ravoruna.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ftp_non_crp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\BELLS\Application Data\digifast\config.cfg (Trojan.Agent) -> Quarantined and deleted successfully.

#9 soccergb19

soccergb19
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 26 April 2009 - 09:32 PM

Everything seems to be working except links on google seem to take me to advertisements and every 3rd time i click the link i finally get to my destination. Also my CD Drive is having some troubles. It won't eject now and I can't erase files off of a rewritable CD.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:57 PM

Posted 27 April 2009 - 05:16 PM

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.


Also post a new log from OTListIt.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 soccergb19

soccergb19
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 28 April 2009 - 05:18 PM

OTListIt logfile created on: 4/28/2009 6:12:33 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\BELLS\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.97 Mb Total Physical Memory | 555.85 Mb Available Physical Memory | 54.39% Memory free
2.40 Gb Paging File | 1.89 Gb Available in Paging File | 78.85% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.64 Gb Total Space | 83.02 Gb Free Space | 57.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.01 Gb Total Space | 41.34 Gb Free Space | 27.74% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREG
Current User Name: BELLS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2004/04/07 13:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/07/06 08:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2006/06/16 09:39:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/09/04 21:54:44 | 00,880,722 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe
PRC - [2005/08/30 10:47:46 | 00,290,889 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/08/30 10:47:46 | 00,585,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe
PRC - [2005/08/30 10:47:38 | 00,823,362 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
PRC - [2004/08/04 06:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/07/24 11:20:00 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 08:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
PRC - [2005/10/05 04:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 06:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 17:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/11/15 13:32:04 | 00,169,984 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2007/03/11 22:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/11/15 13:32:04 | 00,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2006/04/11 20:39:22 | 00,176,201 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
PRC - [2006/07/16 22:29:54 | 00,389,120 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2009/01/15 17:17:36 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2007/03/11 22:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/02/05 16:40:46 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/03/11 22:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2006/08/21 11:34:34 | 00,049,152 | ---- | M] () -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
PRC - [2004/07/27 17:50:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005/08/30 10:47:46 | 00,262,215 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe
PRC - [2004/07/27 17:50:04 | 00,503,808 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2009/03/12 20:56:54 | 13,498,664 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2009/04/25 00:06:38 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BELLS\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/04/07 13:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2004/08/04 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/03/11 22:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/03/11 23:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2006/07/06 08:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2006/06/16 09:39:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/09/04 21:54:44 | 00,880,722 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe -- (PcCtlCom [Auto | Running])
SRV - [2005/08/30 10:47:46 | 00,290,889 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe -- (Tmntsrv [Auto | Running])
SRV - [2005/08/30 10:47:46 | 00,585,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe -- (TmPfw [Auto | Running])
SRV - [2005/08/30 10:47:46 | 00,262,215 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe -- (tmproxy [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2006/11/15 13:29:17 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/09/08 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/09/08 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/09/08 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/09/08 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/09/08 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/01/10 13:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2006/07/24 13:03:04 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/08/12 18:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2006/07/06 07:59:42 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor [Boot | Running])
DRV - [2003/04/09 12:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2006/06/16 09:39:00 | 03,581,888 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/08/24 06:33:36 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2009/01/15 17:17:40 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/01/15 17:17:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/01/15 17:17:38 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2004/06/09 10:29:56 | 00,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2 [On_Demand | Stopped])
DRV - [2004/08/04 06:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2006/07/24 11:20:00 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2008/11/26 18:42:42 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\TmXPFlt.sys -- (Tmfilter [Auto | Running])
DRV - [2008/11/26 18:42:40 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\Tmpreflt.sys -- (Tmpreflt [Auto | Running])
DRV - [2005/08/30 10:47:52 | 00,038,528 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\Drivers\tmtdi.sys -- (tmtdi [System | Running])
DRV - [2005/08/30 10:47:50 | 01,884,585 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\Drivers\tm_cfw.sys -- (tm_cfw [Auto | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/04 06:00:00 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Running])
DRV - [2008/11/26 18:39:56 | 01,195,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\Vsapint.sys -- (Vsapint [Auto | Running])
DRV - [2003/01/10 17:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
IE - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\S-1-5-21-2166092130-778111604-4289639635-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\S-1-5-21-2166092130-778111604-4289639635-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E0D45314-21DA-4232-8015-091009582804}:1.0
FF - prefs.js..extensions.enabledItems: {0D240211-7F74-4C8D-B3D3-87A6885478B1}:1.0
FF - prefs.js..extensions.enabledItems: {314095F4-ECD3-4D4F-B588-E76E7FBB3AEA}:1.0
FF - prefs.js..extensions.enabledItems: {D3C05630-93C6-445D-B43F-07A497DE697A}:1.0
FF - prefs.js..extensions.enabledItems: {F9FDF0A6-DCE5-4998-9E65-AB02D07A5165}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/05 20:42:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/27 19:41:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/27 19:41:06 | 00,000,000 | ---D | M]

[2009/02/05 20:42:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BELLS\Application Data\mozilla\Extensions
[2009/02/03 21:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BELLS\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/05 20:42:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BELLS\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/03/12 19:23:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BELLS\Application Data\mozilla\Firefox\Profiles\icb3y7gj.default\extensions
[2009/03/12 19:23:18 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\BELLS\Application Data\Mozilla\FireFox\Profiles\icb3y7gj.default\searchplugins\aim-search.xml
[2009/04/27 18:52:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/20 21:37:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{0D240211-7F74-4C8D-B3D3-87A6885478B1}
[2009/04/21 16:49:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{314095F4-ECD3-4D4F-B588-E76E7FBB3AEA}
[2009/04/27 19:41:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/05 20:42:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/17 00:12:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/21 16:56:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{D3C05630-93C6-445D-B43F-07A497DE697A}
[2009/04/15 00:40:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{E0D45314-21DA-4232-8015-091009582804}
[2009/04/21 16:43:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{F9FDF0A6-DCE5-4998-9E65-AB02D07A5165}
[2009/04/27 19:40:56 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/27 19:40:56 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/19 19:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 19:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/19 19:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 19:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 19:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/19 19:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 19:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" (Trend Micro Incorporated.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (Trend Micro Inc.)
O4 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2166092130-778111604-4289639635-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html (Google Inc.)
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html (Google Inc.)
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html (Google Inc.)
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html (Google Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/03/03 08:41:46 | 00,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/28 18:04:53 | 00,094,208 | ---- | C] () -- C:\Documents and Settings\BELLS\Desktop\GooredFix.exe
[2009/04/26 21:48:35 | 09,241,088 | ---- | C] () -- C:\Documents and Settings\BELLS\Desktop\Marlboro News Network Presentation.ppt
[2009/04/26 15:53:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BELLS\Application Data\Malwarebytes
[2009/04/26 15:53:18 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/26 15:53:18 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/26 15:53:16 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/26 15:53:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/26 15:53:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/26 15:51:46 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\BELLS\Desktop\mbam-setup.exe
[2009/04/26 15:50:43 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/26 10:07:39 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/26 02:40:43 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/26 02:40:43 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/26 02:40:43 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/26 02:40:43 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/26 02:40:42 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/26 02:40:42 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/26 02:40:42 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/26 02:40:41 | 00,728,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/26 02:40:41 | 00,715,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/26 02:40:41 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/26 00:41:35 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/26 00:32:04 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/04/26 00:32:03 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/04/26 00:32:03 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/04/25 18:52:43 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/04/25 18:52:42 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/04/25 18:52:40 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/25 17:28:43 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/25 17:28:43 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/25 17:28:43 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/25 17:28:43 | 00,111,104 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/25 17:28:43 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/25 17:28:43 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/25 17:28:43 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/25 17:28:43 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/25 17:28:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/25 17:28:32 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/25 17:27:16 | 03,006,230 | R--- | C] () -- C:\Documents and Settings\BELLS\Desktop\ComboFix.exe
[2009/04/25 00:06:37 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BELLS\Desktop\OTListIt2.exe
[2009/04/23 17:56:56 | 00,000,155 | ---- | C] () -- C:\WINDOWS\System32\SelfDel.bat
[2009/04/23 17:44:50 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\BELLS\Desktop\HijackThis.lnk
[2009/04/23 17:41:33 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\winglsetup.exe
[2009/04/16 01:11:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BELLS\Application Data\Twain
[2009/04/16 00:12:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/04/15 10:27:12 | 00,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2009/04/15 00:39:00 | 01,193,414 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 00:39:00 | 00,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2009/04/15 00:39:00 | 00,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2009/04/15 00:38:56 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/04/15 00:38:25 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/04/15 00:36:57 | 00,000,000 | ---D | C] -- C:\48c9cea7e48d6b4929
[2009/04/15 00:36:55 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/04/15 00:36:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/04/15 00:36:19 | 00,000,000 | ---D | C] -- C:\6f41b3aada9fbbd4a7b08051a615f7a8
[2009/04/09 01:47:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/04/09 01:46:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BELLS\Application Data\AVS4YOU
[2009/04/09 01:46:17 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2009/04/09 01:46:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009/04/09 01:46:06 | 00,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009/04/02 22:15:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BELLS\Application Data\HP
[2009/04/02 22:06:10 | 00,000,870 | ---- | C] () -- C:\Documents and Settings\BELLS\Desktop\Insaniquarium Deluxe.lnk
[2009/04/02 22:05:58 | 00,000,000 | ---D | C] -- C:\Program Files\Shockwave.com
[2009/03/30 23:06:45 | 00,338,984 | ---- | C] () -- C:\Documents and Settings\BELLS\My Documents\CBA Volleyball.docx
[2009/03/30 22:43:00 | 00,335,780 | ---- | C] () -- C:\Documents and Settings\BELLS\My Documents\Alistair.docx
[2009/03/12 19:22:26 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/03/02 00:47:20 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/11 21:48:41 | 00,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/02/11 21:48:41 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\D478770E7E.sys
[2009/02/03 20:35:04 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/01/03 12:24:36 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 12:22:46 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 12:22:14 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/15 13:42:13 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/15 13:36:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/15 13:30:55 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/15 13:04:32 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/11/15 13:02:59 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 02:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:00:37 | 00,000,707 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 18:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/11 18:00:30 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[2009/04/28 18:04:53 | 00,094,208 | ---- | M] () -- C:\Documents and Settings\BELLS\Desktop\GooredFix.exe
[2009/04/28 17:57:11 | 00,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/28 17:57:11 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/28 17:56:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/28 17:56:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/28 17:56:48 | 10,716,85632 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/27 22:09:38 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/26 22:54:32 | 00,000,707 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/26 16:48:06 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\BELLS\Desktop\Microsoft Office Word 2007.lnk
[2009/04/26 15:53:18 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/26 15:52:03 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\BELLS\Desktop\mbam-setup.exe
[2009/04/26 15:44:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/26 15:43:07 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/26 14:25:23 | 00,470,848 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/26 14:25:23 | 00,402,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/26 14:25:23 | 00,060,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/26 14:21:10 | 00,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/26 10:10:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/26 01:53:04 | 00,142,848 | ---- | M] () -- C:\Documents and Settings\BELLS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/26 00:25:36 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\fosomati
[2009/04/25 18:52:43 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/04/25 17:27:18 | 03,006,230 | R--- | M] () -- C:\Documents and Settings\BELLS\Desktop\ComboFix.exe
[2009/04/25 13:59:03 | 00,111,104 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/25 00:06:38 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BELLS\Desktop\OTListIt2.exe
[2009/04/25 00:02:26 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\dukeyiwa.exe
[2009/04/23 17:56:56 | 00,000,155 | ---- | M] () -- C:\WINDOWS\System32\SelfDel.bat
[2009/04/23 17:44:50 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\BELLS\Desktop\HijackThis.lnk
[2009/04/23 17:41:38 | 00,039,424 | ---- | M] () -- C:\WINDOWS\System32\winglsetup.exe
[2009/04/21 20:43:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/21 06:51:03 | 00,050,688 | -HS- | M] () -- C:\WINDOWS\System32\yamijoja.exe
[2009/04/16 00:37:01 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\BELLS\Desktop\Windows Media Player.lnk
[2009/04/15 10:27:12 | 00,074,240 | ---- | M] () -- C:\WINDOWS\System32\zlib.dll
[2009/04/15 01:05:11 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/04/15 01:05:11 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/04/15 00:37:47 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/04/15 00:36:55 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/04/09 01:46:50 | 00,076,704 | ---- | M] () -- C:\Documents and Settings\BELLS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/04 00:06:52 | 00,003,140 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/04/04 00:06:52 | 00,000,088 | RHS- | M] () -- C:\WINDOWS\System32\D478770E7E.sys
[2009/04/02 22:06:10 | 00,000,870 | ---- | M] () -- C:\Documents and Settings\BELLS\Desktop\Insaniquarium Deluxe.lnk
[2009/03/30 23:06:45 | 00,338,984 | ---- | M] () -- C:\Documents and Settings\BELLS\My Documents\CBA Volleyball.docx
[2009/03/30 22:43:00 | 00,335,780 | ---- | M] () -- C:\Documents and Settings\BELLS\My Documents\Alistair.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89D63297
< End of report >



Here's the Goored log

GooredFix v1.92 by jpshortstuff
Log created at 18:05 on 28/04/2009 running Option #1 (BELLS)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{F9FDF0A6-DCE5-4998-9E65-AB02D07A5165}

C:\Program Files\Mozilla Firefox\extensions\{E0D45314-21DA-4232-8015-091009582804}

C:\Program Files\Mozilla Firefox\extensions\{D3C05630-93C6-445D-B43F-07A497DE697A}

C:\Program Files\Mozilla Firefox\extensions\{314095F4-ECD3-4D4F-B588-E76E7FBB3AEA}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:57 PM

Posted 29 April 2009 - 01:37 PM

Please double-click Goored.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 soccergb19

soccergb19
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 29 April 2009 - 03:28 PM

GooredFix v1.92 by jpshortstuff
Log created at 16:27 on 29/04/2009 running Option #2 (BELLS)
Firefox version 3.0.10 (en-US)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{F9FDF0A6-DCE5-4998-9E65-AB02D07A5165}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{E0D45314-21DA-4232-8015-091009582804}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{D3C05630-93C6-445D-B43F-07A497DE697A}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{314095F4-ECD3-4D4F-B588-E76E7FBB3AEA}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:57 PM

Posted 30 April 2009 - 12:14 PM

Are you still being redirected on your searches?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 soccergb19

soccergb19
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 30 April 2009 - 05:37 PM

No i'm not being redirected anymore. Thanks. I think the disk problem is just something with my CD burner. I think it's just a coincidence that it occured at the same time




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users