Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis log, need help getting rid of this malware


  • This topic is locked This topic is locked
12 replies to this topic

#1 dudeman79

dudeman79

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 23 April 2009 - 08:40 PM

Hi, been having a bunch of problems lately. Seem to have links in the title bar's of my browers to cheap pharmaceuticals. Now aim doesn't work, system running real slow. Ran malawarebyte's, doesn't seem to be helping, this file - acroiehelpe.dll - keeps popping up.

Now I'm posting this hijackthis log in hopes someone could help me out. Thanks in advance for any help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:37 PM, on 4/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\java\jre6\bin\jusched.exe
c:\windows\system32\rundll32.exe
c:\program files\microsoft intellipoint\ipoint.exe
c:\windows\rthdcpl.exe
c:\program files\hp\hpcoretech\hpcmpmgr.exe
c:\program files\hewlett-packard\hp software update\hpwuschd2.exe
c:\program files\cyberlink\powerdvd\pdvdserv.exe
c:\program files\adobe\reader 8.0\reader\reader_sl.exe
c:\program files\itunes\ituneshelper.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\program files\common files\logishrd\lcommgr\communications_helper.exe
c:\windows\system32\qgcrn1j0er4p.exe
c:\program files\common files\ahead\lib\nmbgmonitor.exe
c:\windows\system32\ctfmon.exe
c:\documents and settings\chris\local settings\application data\google\update\googleupdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\logitech\mouseware\system\em_exec.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb10 .exe
c:\program files\internet explorer\iexplore.exe
c:\program files\viewpoint\viewpoint manager\viewmgr.exe
C:\Documents and Settings\chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Reader Link Helper - {B42BF63C-5354-4c5c-A789-66EFEEC5E1B0} - c:\windows\system32\AcroIEHelpe3.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [rgctn1j0er4p] c:\windows\system32\qgcrn1j0er4p.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [sigirameho] Rundll32.exe "C:\WINDOWS\system32\huzivewe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sigirameho] Rundll32.exe "C:\WINDOWS\system32\huzivewe.dll",s (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx
O20 - AppInit_DLLs: c:\windows\system32\tatuvisa.dll ehyuvg.dll
O21 - SSODL: pBotni - {303D014E-9A97-ABE4-0DC1-ADFC61B48379} - C:\WINDOWS\system32\smba.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10985 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:46 PM

Posted 24 April 2009 - 10:58 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 dudeman79

dudeman79
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 25 April 2009 - 08:52 AM

Thanks for the help, here's the log otlistit gave me:

OTListIt logfile created on: 4/25/2009 9:50:05 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = c:\documents and settings\chris\desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.48 Mb Total Physical Memory | 191.80 Mb Available Physical Memory | 21.44% Memory free
2.12 Gb Paging File | 1.25 Gb Available in Paging File | 59.23% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.20 Gb Total Space | 2.08 Gb Free Space | 0.92% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 7.67 Gb Total Space | 0.27 Gb Free Space | 3.52% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: bleep-AAB170ABCD
Current User Name: chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/05/11 18:30:50 | 00,133,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/12/29 01:20:40 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- c:\program files\java\jre6\bin\jusched.exe
PRC - [2007/02/05 15:52:12 | 00,849,280 | ---- | M] (Microsoft Corporation) -- c:\program files\microsoft intellipoint\ipoint.exe
PRC - [2007/02/26 15:03:02 | 16,125,440 | ---- | M] (Realtek Semiconductor Corp.) -- c:\windows\rthdcpl.exe
PRC - [2003/12/22 08:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- c:\program files\hp\hpcoretech\hpcmpmgr.exe
PRC - [2005/07/22 23:25:04 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- c:\program files\hewlett-packard\hp software update\hpwuschd2.exe
PRC - [2007/03/14 21:01:30 | 00,071,216 | ---- | M] (Cyberlink Corp.) -- c:\program files\cyberlink\powerdvd\pdvdserv.exe
PRC - [2007/12/11 13:10:26 | 00,267,048 | ---- | M] (Apple Inc.) -- c:\program files\itunes\ituneshelper.exe
PRC - [2007/05/17 11:52:04 | 00,505,368 | ---- | M] (Logitech Inc.) -- c:\program files\common files\logishrd\lcommgr\communications_helper.exe
PRC - [2009/04/23 21:31:29 | 00,023,052 | ---- | M] () -- c:\windows\system32\qgcrn1j0er4p.exe
PRC - [2007/03/12 13:49:26 | 00,153,136 | ---- | M] (Nero AG) -- c:\program files\common files\ahead\lib\nmbgmonitor.exe
PRC - [2008/09/02 20:46:53 | 00,133,104 | ---- | M] (Google Inc.) -- c:\documents and settings\chris\local settings\application data\google\update\googleupdate.exe
PRC - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2003/11/14 10:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- c:\program files\logitech\mouseware\system\em_exec.exe
PRC - [2006/04/03 18:04:02 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
PRC - [2008/12/29 01:20:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/05/11 18:28:56 | 00,187,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2006/04/03 18:04:02 | 00,020,543 | ---- | M] (Apache Software Foundation) -- c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe
PRC - [2006/07/13 16:59:32 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/05/14 11:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/07/13 16:59:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2007/03/12 13:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007/12/11 13:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/03/12 13:49:46 | 01,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/05/11 18:28:56 | 00,187,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2004/08/03 18:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/05/17 11:51:30 | 00,232,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2005/07/22 23:25:06 | 00,172,032 | ---- | M] (HP) -- c:\windows\system32\spool\drivers\w32x86\3\hpztsb10 .exe
PRC - [2008/10/15 03:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- c:\program files\internet explorer\iexplore.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- c:\program files\viewpoint\viewpoint manager\viewmgr.exe
PRC - [2009/04/23 20:39:40 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- c:\program files\trend micro\hijackthis\hijackthis.exe
PRC - [2007/05/03 21:36:43 | 05,895,680 | ---- | M] (Adobe Systems, Incorporated) -- c:\program files\adobe\audition 1.5\audition.exe
PRC - [2007/10/04 00:00:08 | 01,246,720 | ---- | M] (Nullsoft) -- c:\program files\winamp\winamp.exe
PRC - [2007/06/13 06:23:07 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/04/24 00:52:59 | 00,307,704 | ---- | M] (Mozilla Corporation) -- c:\program files\mozilla firefox\firefox.exe
PRC - [2008/09/02 08:30:55 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/24 17:55:30 | 00,083,440 | ---- | M] (Google) -- C:\Documents and Settings\chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2009/04/25 09:47:22 | 00,501,248 | ---- | M] (OldTimer Tools) -- c:\documents and settings\chris\desktop\otlistit2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/06/17 12:02:23 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/09/06 01:54:52 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2006/04/03 18:04:02 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface [Auto | Running])
SRV - [2004/08/03 18:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/12/11 13:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/12/29 01:20:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/05/11 18:28:56 | 00,187,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
SRV - [2007/05/11 18:30:50 | 00,133,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2007/05/11 18:32:22 | 00,142,112 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2007/03/14 19:19:10 | 00,779,824 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2007/03/12 13:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2006/07/13 16:59:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])
SRV - [2006/07/13 16:59:32 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])
SRV - [2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/05/14 11:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/02/27 13:49:00 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt [System | Running])
DRV - [2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/03/01 17:27:26 | 04,484,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2003/11/07 05:50:00 | 00,025,502 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2 [On_Demand | Running])
DRV - [2003/11/07 05:50:00 | 00,037,884 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LHidUsb.Sys -- (LHidUsb [On_Demand | Running])
DRV - [2003/11/07 05:50:00 | 00,070,798 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])
DRV - [2007/05/11 18:27:58 | 02,107,808 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys -- (LVcKap [On_Demand | Stopped])
DRV - [2007/05/11 18:29:54 | 02,142,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Stopped])
DRV - [2007/05/11 18:30:16 | 00,025,888 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2007/10/11 22:00:42 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2006/10/22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/08/14 13:51:28 | 00,105,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2006/07/11 20:38:28 | 00,057,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006/07/11 20:38:30 | 00,020,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2008/05/23 02:17:13 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Running])
DRV - [2007/05/10 00:46:46 | 00,014,112 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Running])
DRV - [2004/04/01 16:30:46 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2007/05/10 00:46:58 | 01,276,832 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Running])
DRV - [2006/11/07 23:02:36 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\point32.sys -- (Point32 [On_Demand | Stopped])
DRV - [2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/07/26 19:06:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/04/09 08:27:07 | 00,031,548 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/10/31 15:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2006/11/02 16:51:58 | 00,013,560 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B} [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1343024091-2052111302-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1343024091-2052111302-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1343024091-2052111302-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-1343024091-2052111302-682003330-1003\S-1-5-21-1343024091-2052111302-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1343024091-2052111302-682003330-1003\S-1-5-21-1343024091-2052111302-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/29 01:20:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/24 00:53:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/24 00:53:05 | 00,000,000 | ---D | M]

[2008/11/04 01:33:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chris\Application Data\mozilla\Extensions
[2008/11/04 01:33:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chris\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/24 21:53:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chris\Application Data\mozilla\Firefox\Profiles\54e0o2wz.default\extensions
[2008/12/12 10:05:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chris\Application Data\mozilla\Firefox\Profiles\54e0o2wz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/24 21:53:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/05/03 02:04:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/24 00:53:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/05/03 16:13:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/22 23:18:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/11/29 04:54:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/02 16:01:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/11/30 21:22:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/29 01:20:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/24 00:52:59 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:52:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/05 23:10:01 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/05 23:10:01 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/05 23:10:01 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/05 23:10:01 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/05 23:10:01 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/05 23:10:01 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/05 23:10:01 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (290977 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10046 more lines...
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {B42BF63C-5354-4c5c-A789-66EFEEC5E1B0} - c:\windows\system32\AcroIEHelpe3.dll (Adobe Systems, Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKU\S-1-5-21-1343024091-2052111302-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe ()
O4 - HKLM..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" ()
O4 - HKLM..\Run: [Logitech Utility] Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE ()
O4 - HKLM..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [rgctn1j0er4p] c:\windows\system32\qgcrn1j0er4p.exe ()
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKU\S-1-5-19..\Run: [sigirameho] Rundll32.exe "C:\WINDOWS\system32\huzivewe.dll",s File not found
O4 - HKU\S-1-5-20..\Run: [sigirameho] Rundll32.exe "C:\WINDOWS\system32\huzivewe.dll",s File not found
O4 - HKU\S-1-5-21-1343024091-2052111302-682003330-1003..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
O4 - HKU\S-1-5-21-1343024091-2052111302-682003330-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKU\S-1-5-21-1343024091-2052111302-682003330-1003..\Run: [Google Update] "C:\Documents and Settings\chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKU\S-1-5-21-1343024091-2052111302-682003330-1003..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1343024091-2052111302-682003330-1003..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background (Orb Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe File not found
O4 - Startup: C:\Documents and Settings\chris\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-2052111302-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-2052111302-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-21-1343024091-2052111302-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-1343024091-2052111302-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1343024091-2052111302-682003330-1003\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} https://www.play.net/components/activex/AXSAL.ocx (Launcher Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\tatuvisa.dll) - c:\windows\system32\tatuvisa.dll File not found
O20 - AppInit_DLLs: (ehyuvg.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O21 - SSODL: pBotni - {303D014E-9A97-ABE4-0DC1-ADFC61B48379} - C:\WINDOWS\system32\smba.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/02 19:08:03 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\system32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[13 C:\WINDOWS\System32\*.tmp files]
[2009/04/25 09:47:22 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\chris\Desktop\OTListIt2.exe
[2009/04/25 01:10:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\Desktop\BigAssLatina
[2009/04/25 01:10:25 | 00,012,447 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\BigAssLatina.torrent
[2009/04/24 09:31:06 | 02,137,861 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\rf - nostradaums.mp3
[2009/04/24 00:50:21 | 00,201,143 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\lit corner intro.mp3
[2009/04/24 00:47:44 | 00,203,755 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\lit corner outro.mp3
[2009/04/24 00:25:12 | 02,137,861 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\cosa nostradamus.mp3
[2009/04/23 21:54:07 | 00,000,020 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
[2009/04/23 21:30:45 | 00,081,184 | ---- | C] (Adobe Systems, Incorporated) -- C:\WINDOWS\System32\AcroIEHelpe3.dll
[2009/04/23 21:30:41 | 00,004,759 | ---- | C] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/04/23 21:07:05 | 00,000,708 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/23 20:38:12 | 01,064,736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\chris\Desktop\VB6.0-KB290887-X86.exe
[2009/04/23 20:31:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\Application Data\Uniblue
[2009/04/23 20:30:45 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2009/04/23 20:30:45 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/04/23 20:30:37 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2009/04/23 20:27:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\Desktop\msvbvm60
[2009/04/23 20:26:42 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\HijackThis.lnk
[2009/04/23 20:26:41 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/23 19:55:02 | 09,758,200 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\xul.dll
[2009/04/23 19:55:02 | 00,017,912 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\xpcom.dll
[2009/04/23 19:55:02 | 00,000,862 | ---- | C] () -- C:\WINDOWS\System32\updater.ini
[2009/04/23 19:55:01 | 00,395,768 | ---- | C] (sqlite.org) -- C:\WINDOWS\System32\sqlite3.dll
[2009/04/23 19:55:01 | 00,242,168 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\updater.exe
[2009/04/23 19:55:01 | 00,151,552 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\softokn3.dll
[2009/04/23 19:55:01 | 00,136,696 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\ssl3.dll
[2009/04/23 19:55:01 | 00,103,928 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\smime3.dll
[2009/04/23 19:55:01 | 00,000,478 | ---- | C] () -- C:\WINDOWS\System32\softokn3.chk
[2009/04/23 19:55:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\uninstall
[2009/04/23 19:55:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2009/04/23 19:54:59 | 00,718,328 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\nss3.dll
[2009/04/23 19:54:59 | 00,710,136 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\mozcrt19.dll
[2009/04/23 19:54:59 | 00,292,344 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\nssckbi.dll
[2009/04/23 19:54:59 | 00,198,136 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\nspr4.dll
[2009/04/23 19:54:59 | 00,103,928 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\nssdbm3.dll
[2009/04/23 19:54:59 | 00,087,544 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\nssutil3.dll
[2009/04/23 19:54:59 | 00,020,472 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\plc4.dll
[2009/04/23 19:54:59 | 00,017,400 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\plds4.dll
[2009/04/23 19:54:59 | 00,015,884 | ---- | C] () -- C:\WINDOWS\System32\removed-files
[2009/04/23 19:54:59 | 00,000,112 | ---- | C] () -- C:\WINDOWS\System32\old-homepage-default.properties
[2009/04/23 19:54:59 | 00,000,048 | ---- | C] () -- C:\WINDOWS\System32\platform.ini
[2009/04/23 19:54:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\res
[2009/04/23 19:54:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\plugins
[2009/04/23 19:54:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\modules
[2009/04/23 19:54:58 | 00,697,848 | ---- | C] (Netscape Communications Corporation) -- C:\WINDOWS\System32\js3250.dll
[2009/04/23 19:54:58 | 00,307,704 | ---- | C] (Mozilla Corporation) -- C:\WINDOWS\System32\firefox.exe
[2009/04/23 19:54:58 | 00,233,472 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\freebl3.dll
[2009/04/23 19:54:58 | 00,185,848 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\crashreporter.exe
[2009/04/23 19:54:58 | 00,003,558 | ---- | C] () -- C:\WINDOWS\System32\crashreporter.ini
[2009/04/23 19:54:58 | 00,000,583 | ---- | C] () -- C:\WINDOWS\System32\crashreporter-override.ini
[2009/04/23 19:54:58 | 00,000,478 | ---- | C] () -- C:\WINDOWS\System32\freebl3.chk
[2009/04/23 19:54:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\greprefs
[2009/04/23 19:54:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dictionaries
[2009/04/23 19:54:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\defaults
[2009/04/23 19:54:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\components
[2009/04/23 19:54:56 | 00,031,393 | ---- | C] () -- C:\WINDOWS\System32\LICENSE
[2009/04/23 19:54:56 | 00,017,400 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\AccessibleMarshal.dll
[2009/04/23 19:54:56 | 00,002,067 | ---- | C] () -- C:\WINDOWS\System32\blocklist.xml
[2009/04/23 19:54:56 | 00,002,035 | ---- | C] () -- C:\WINDOWS\System32\application.ini
[2009/04/23 19:54:56 | 00,000,232 | ---- | C] () -- C:\WINDOWS\System32\browserconfig.properties
[2009/04/23 19:54:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\chrome
[2009/04/23 19:54:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\.autoreg
[2009/04/23 00:50:04 | 00,000,000 | ---D | C] -- C:\Program Files\Trillian
[2009/04/22 23:44:25 | 04,658,598 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\RF Opener - Manson Helterskelter.mp3
[2009/04/22 09:01:09 | 04,961,176 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\rf - shooter.mp3
[2009/04/22 01:05:04 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\allxclub19 copy.doc
[2009/04/22 00:05:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\Desktop\HTVOD.Howie.Mandel.1-08-09-iWIN
[2009/04/21 22:54:33 | 00,102,745 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\Hidden_Howie__True_Stories_from_the_Private_Life_of_a_Public_Nuisance.pdf
[2009/04/21 03:20:37 | 73,303,2448 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\Dogtown_and_ZBoys.avi
[2009/04/21 01:29:40 | 01,168,196 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\ant4.mp3
[2009/04/21 01:29:24 | 01,209,992 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\ant3.mp3
[2009/04/21 01:29:17 | 01,086,171 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\ant2.mp3
[2009/04/21 01:29:08 | 00,571,037 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\ant1.mp3
[2009/04/21 00:48:30 | 05,338,001 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\StormFrontBeta1.0.1.25.exe
[2009/04/21 00:42:07 | 00,705,768 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\Liam_vs_Opie.mp3
[2009/04/21 00:42:04 | 01,167,451 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\Liam_vs_Dave_New.mp3
[2009/04/20 20:04:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\Desktop\Quinne
[2009/04/20 00:56:27 | 06,142,433 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\rf - cheeba.mp3
[2009/04/20 00:22:55 | 06,244,352 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\18. Smokin' Cheeba Cheeba (Harlem Underground Band).mp3
[2009/04/19 23:39:11 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\Anvil Plug.doc
[2009/04/19 23:23:53 | 05,905,241 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\rf- 420 open.mp3
[2009/04/19 20:20:46 | 32,727,6350 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\btra2854500k.wmv
[2009/04/19 19:56:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\Desktop\Lindsey Meadows
[2009/04/19 12:49:24 | 04,449,698 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\rf - magic number open.mp3
[2009/04/19 12:40:38 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\James Toback Bio.doc
[2009/04/19 12:37:23 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\Ron Copy.doc
[2009/04/19 12:14:36 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\James Toback Plug.doc
[2009/04/19 04:57:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2009/04/19 04:57:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2009/04/19 04:57:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\cock
[2009/04/19 04:24:52 | 00,019,269 | ---- | C] () -- C:\WINDOWS\System32\wincode.dat
[2009/04/19 04:24:52 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\osysp.dat
[2009/04/19 04:24:52 | 00,006,407 | ---- | C] () -- C:\WINDOWS\System32\krncode.dat
[2009/04/19 04:24:52 | 00,001,575 | ---- | C] () -- C:\WINDOWS\System32\pwrcode.dat
[2009/04/19 04:24:51 | 00,988,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nsysk.ini
[2009/04/19 04:24:51 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\osysk.dat
[2009/04/19 04:24:51 | 00,830,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nsysw.ini
[2009/04/19 04:24:51 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\osysw.dat
[2009/04/19 04:24:51 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nsysp.ini
[2009/04/19 04:24:49 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\sgcvn1j0er4p.dll
[2009/04/19 04:24:48 | 00,080,191 | ---- | C] () -- C:\WINDOWS\System32\qgcrn1j0er4p.exe3868428987
[2009/04/19 04:24:48 | 00,080,191 | ---- | C] () -- C:\WINDOWS\System32\qgcrn1j0er4p.exe2376809316
[2009/04/19 04:24:48 | 00,080,191 | ---- | C] () -- C:\WINDOWS\System32\qgcrn1j0er4p.exe2060360908
[2009/04/19 04:24:48 | 00,080,191 | ---- | C] () -- C:\WINDOWS\System32\qgcrn1j0er4p .exe
[2009/04/19 04:24:48 | 00,023,052 | ---- | C] () -- C:\WINDOWS\System32\qgcrn1j0er4p.exe972202152
[2009/04/19 04:24:48 | 00,023,052 | ---- | C] () -- C:\WINDOWS\System32\qgcrn1j0er4p.exe398566067
[2009/04/19 04:24:48 | 00,023,052 | ---- | C] () -- C:\WINDOWS\System32\qgcrn1j0er4p.exe3889238756
[2009/04/19 04:24:48 | 00,023,052 | ---- | C] () -- C:\WINDOWS\System32\qgcrn1j0er4p.exe1363517927
[2009/04/19 04:24:48 | 00,023,052 | ---- | C] () -- C:\WINDOWS\System32\qgcrn1j0er4p.exe
[2009/04/19 04:24:46 | 00,042,192 | ---- | C] () -- C:\WINDOWS\System32\ldshyf1.old
[2009/04/19 02:57:05 | 35,582,5848 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\eva_karera_MGB.wmv
[2009/04/19 02:07:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\Desktop\DJ.Green.Lantern.&.Nas-The.bleep.Tape-2008-[NoFS]
[2009/04/19 02:04:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\Desktop\2Pac Discography [2007]
[2009/04/17 21:03:55 | 14,917,9550 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\Amia Moretti - Scene From Barely Legal 93.avi
[2009/04/17 02:06:07 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\Fez.doc
[2009/04/16 22:39:21 | 03,216,196 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\rf - tyson rejoin.mp3
[2009/04/16 20:40:24 | 73,374,1056 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\Tyson.2009.DvdRip.Xvid.MegaGun.avi
[2009/04/15 22:58:41 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\rons slices 04_15_2009.doc
[2009/04/15 20:22:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\Desktop\Dirty.Rotten.Mother.bleepers.3
[2009/04/14 23:14:09 | 02,352,065 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\chris stanley.mp3
[2009/04/14 23:04:40 | 75,876,718 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\2009-04-14 R&F cf64k.mp3
[2009/04/14 22:12:13 | 07,421,910 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\rf - three kings black steel.mp3
[2009/04/13 23:16:56 | 15,576,4522 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\jb2652500k.wmv
[2009/04/12 14:55:32 | 03,073,045 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\rf - boxxy rejoin.mp3
[2009/04/12 14:16:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\Desktop\KJ-Hardcore
[2009/04/10 02:03:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\Desktop\fxk_VCop2
[2009/04/08 13:14:38 | 05,881,756 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\TheToast.mp3
[2009/04/02 23:55:51 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\LaurenHakkerResume.doc
[2009/03/30 22:13:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\Application Data\SmartFTP
[2009/03/30 22:11:31 | 00,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2009/03/30 22:10:27 | 00,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 3.0 Setup Files
[2009/03/28 09:44:58 | 10,476,377 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\allmaps.zip
[2009/03/27 11:43:14 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\RonFez Carbonite copy points 3.16-3.29.doc
[2009/01/28 02:58:53 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\onuyatez.ini
[2009/01/27 01:58:17 | 00,140,878 | -HS- | C] () -- C:\WINDOWS\System32\rrsgzj.dll
[2009/01/26 13:57:57 | 00,141,973 | -HS- | C] () -- C:\WINDOWS\System32\hqkprx.dll
[2009/01/11 23:53:15 | 00,000,553 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/24 01:44:08 | 00,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/15 15:06:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AudioDVD.INI
[2008/09/06 15:43:42 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/08/18 01:11:18 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/04/16 02:02:07 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008/04/16 02:02:07 | 00,007,196 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AAC.ini
[2008/04/16 02:02:07 | 00,006,490 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PSP.ini
[2008/04/16 02:02:07 | 00,005,028 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP2_AAC.ini
[2008/04/16 02:02:07 | 00,004,296 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Zune.ini
[2008/04/16 02:02:07 | 00,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2008/04/16 02:02:07 | 00,002,956 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PMP.ini
[2008/04/16 02:02:07 | 00,002,910 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AMR.ini
[2008/04/16 02:02:07 | 00,002,516 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PPC.ini
[2008/04/16 02:02:07 | 00,002,175 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPhone.ini
[2008/04/16 02:02:07 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2008/04/16 02:02:07 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2008/04/16 02:02:07 | 00,001,878 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Xbox.ini
[2008/04/16 02:02:07 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AMR.ini
[2008/04/16 02:02:07 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AAC.ini
[2008/04/16 02:02:07 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AMR.ini
[2008/04/16 02:02:07 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AAC.ini
[2008/04/16 02:02:07 | 00,001,739 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_AppleTV.ini
[2008/04/16 02:02:07 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\INI_Add_mfra.ini
[2008/04/16 02:02:06 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/12/26 14:28:48 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/12/08 23:51:40 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/08 23:51:40 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/08/20 20:26:52 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/20 20:26:52 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/15 18:30:26 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/07/26 19:06:22 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/25 09:24:28 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/10 15:33:47 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/05/11 18:30:16 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/05/11 18:27:58 | 02,107,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2007/05/10 23:04:02 | 00,010,569 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2007/05/06 13:56:32 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/05 16:41:50 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/10 07:51:48 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/10/22 12:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/03 18:56:44 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\smba.dll
[2002/10/15 18:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/09/10 11:10:05 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2001/08/23 07:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 07:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[1900/01/01 12:00:00 | 00,141,973 | -HS- | C] () -- C:\WINDOWS\System32\tetopamu.dll
[1900/01/01 12:00:00 | 00,140,878 | -HS- | C] () -- C:\WINDOWS\System32\bolijida.dll
[1900/01/01 12:00:00 | 00,140,800 | -HS- | C] () -- C:\WINDOWS\System32\bojilale.dll
[1900/01/01 12:00:00 | 00,106,209 | -HS- | C] () -- C:\WINDOWS\System32\yiyavewe.dll
[1900/01/01 12:00:00 | 00,106,201 | -HS- | C] () -- C:\WINDOWS\System32\toyigeru.dll

========== Files - Modified Within 30 Days ==========

[13 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/04/25 09:47:22 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chris\Desktop\OTListIt2.exe
[2009/04/25 01:44:21 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-2052111302-682003330-1003.job
[2009/04/25 01:10:26 | 00,012,447 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\BigAssLatina.torrent
[2009/04/24 09:31:50 | 00,203,755 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\lit corner outro.mp3
[2009/04/24 09:31:09 | 02,137,861 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\rf - nostradaums.mp3
[2009/04/24 00:50:21 | 00,201,143 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\lit corner intro.mp3
[2009/04/24 00:25:15 | 02,137,861 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\cosa nostradamus.mp3
[2009/04/23 21:54:33 | 00,000,020 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat
[2009/04/23 21:31:29 | 00,023,052 | ---- | M] () -- C:\WINDOWS\System32\qgcrn1j0er4p.exe
[2009/04/23 21:30:45 | 00,081,184 | ---- | M] (Adobe Systems, Incorporated) -- C:\WINDOWS\System32\AcroIEHelpe3.dll
[2009/04/23 21:30:41 | 00,004,759 | ---- | M] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/04/23 21:30:23 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/23 21:30:23 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/23 21:30:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/23 21:30:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/23 21:07:05 | 00,000,708 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/23 20:47:46 | 00,023,052 | ---- | M] () -- C:\WINDOWS\System32\qgcrn1j0er4p.exe398566067
[2009/04/23 20:39:40 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\HijackThis.lnk
[2009/04/23 20:38:12 | 01,064,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\chris\Desktop\VB6.0-KB290887-X86.exe
[2009/04/23 20:30:45 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2009/04/23 19:55:05 | 09,758,200 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\xul.dll
[2009/04/23 19:55:02 | 00,242,168 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\updater.exe
[2009/04/23 19:55:02 | 00,017,912 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\xpcom.dll
[2009/04/23 19:55:02 | 00,000,862 | ---- | M] () -- C:\WINDOWS\System32\updater.ini
[2009/04/23 19:55:01 | 00,395,768 | ---- | M] (sqlite.org) -- C:\WINDOWS\System32\sqlite3.dll
[2009/04/23 19:55:01 | 00,151,552 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\softokn3.dll
[2009/04/23 19:55:01 | 00,136,696 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\ssl3.dll
[2009/04/23 19:55:01 | 00,103,928 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\smime3.dll
[2009/04/23 19:55:01 | 00,000,478 | ---- | M] () -- C:\WINDOWS\System32\softokn3.chk
[2009/04/23 19:54:59 | 00,718,328 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\nss3.dll
[2009/04/23 19:54:59 | 00,710,136 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\mozcrt19.dll
[2009/04/23 19:54:59 | 00,697,848 | ---- | M] (Netscape Communications Corporation) -- C:\WINDOWS\System32\js3250.dll
[2009/04/23 19:54:59 | 00,292,344 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\nssckbi.dll
[2009/04/23 19:54:59 | 00,198,136 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\nspr4.dll
[2009/04/23 19:54:59 | 00,103,928 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\nssdbm3.dll
[2009/04/23 19:54:59 | 00,087,544 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\nssutil3.dll
[2009/04/23 19:54:59 | 00,020,472 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\plc4.dll
[2009/04/23 19:54:59 | 00,017,400 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\plds4.dll
[2009/04/23 19:54:59 | 00,015,884 | ---- | M] () -- C:\WINDOWS\System32\removed-files
[2009/04/23 19:54:59 | 00,000,112 | ---- | M] () -- C:\WINDOWS\System32\old-homepage-default.properties
[2009/04/23 19:54:59 | 00,000,048 | ---- | M] () -- C:\WINDOWS\System32\platform.ini
[2009/04/23 19:54:58 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\WINDOWS\System32\firefox.exe
[2009/04/23 19:54:58 | 00,233,472 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\freebl3.dll
[2009/04/23 19:54:58 | 00,185,848 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\crashreporter.exe
[2009/04/23 19:54:58 | 00,003,558 | ---- | M] () -- C:\WINDOWS\System32\crashreporter.ini
[2009/04/23 19:54:58 | 00,000,583 | ---- | M] () -- C:\WINDOWS\System32\crashreporter-override.ini
[2009/04/23 19:54:58 | 00,000,478 | ---- | M] () -- C:\WINDOWS\System32\freebl3.chk
[2009/04/23 19:54:56 | 00,031,393 | ---- | M] () -- C:\WINDOWS\System32\LICENSE
[2009/04/23 19:54:56 | 00,017,400 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\AccessibleMarshal.dll
[2009/04/23 19:54:56 | 00,002,067 | ---- | M] () -- C:\WINDOWS\System32\blocklist.xml
[2009/04/23 19:54:56 | 00,002,035 | ---- | M] () -- C:\WINDOWS\System32\application.ini
[2009/04/23 19:54:56 | 00,000,232 | ---- | M] () -- C:\WINDOWS\System32\browserconfig.properties
[2009/04/23 19:54:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\.autoreg
[2009/04/23 01:16:41 | 00,988,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nsysk.ini
[2009/04/23 01:16:41 | 00,988,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2009/04/23 01:16:41 | 00,988,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009/04/23 01:16:41 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\powrprof.dll
[2009/04/23 01:16:41 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nsysp.ini
[2009/04/23 01:16:41 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powrprof.dll
[2009/04/23 01:16:41 | 00,019,269 | ---- | M] () -- C:\WINDOWS\System32\wincode.dat
[2009/04/23 01:16:41 | 00,006,407 | ---- | M] () -- C:\WINDOWS\System32\krncode.dat
[2009/04/23 01:16:41 | 00,001,575 | ---- | M] () -- C:\WINDOWS\System32\pwrcode.dat
[2009/04/23 01:16:40 | 00,830,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2009/04/23 01:16:40 | 00,830,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nsysw.ini
[2009/04/23 01:16:40 | 00,830,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/04/23 01:16:35 | 00,042,192 | ---- | M] () -- C:\WINDOWS\System32\ldshyf1.old
[2009/04/23 01:16:29 | 00,023,052 | ---- | M] () -- C:\WINDOWS\System32\qgcrn1j0er4p.exe1363517927
[2009/04/23 01:15:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/22 23:45:14 | 04,658,598 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\RF Opener - Manson Helterskelter.mp3
[2009/04/22 09:01:25 | 04,961,176 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\rf - shooter.mp3
[2009/04/22 01:05:04 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\allxclub19 copy.doc
[2009/04/21 22:54:34 | 00,102,745 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\Hidden_Howie__True_Stories_from_the_Private_Life_of_a_Public_Nuisance.pdf
[2009/04/21 09:33:44 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/21 09:33:43 | 00,233,984 | ---- | M] () -- C:\Documents and Settings\chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/21 03:47:54 | 73,303,2448 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\Dogtown_and_ZBoys.avi
[2009/04/21 01:29:43 | 01,168,196 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\ant4.mp3
[2009/04/21 01:29:28 | 01,209,992 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\ant3.mp3
[2009/04/21 01:29:20 | 01,086,171 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\ant2.mp3
[2009/04/21 01:29:11 | 00,571,037 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\ant1.mp3
[2009/04/21 00:48:30 | 05,338,001 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\StormFrontBeta1.0.1.25.exe
[2009/04/21 00:42:07 | 00,705,768 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\Liam_vs_Opie.mp3
[2009/04/21 00:42:05 | 01,167,451 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\Liam_vs_Dave_New.mp3
[2009/04/20 22:48:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/20 02:19:37 | 00,023,052 | ---- | M] () -- C:\WINDOWS\System32\qgcrn1j0er4p.exe972202152
[2009/04/20 00:56:33 | 06,142,433 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\rf - cheeba.mp3
[2009/04/20 00:23:08 | 06,244,352 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\18. Smokin' Cheeba Cheeba (Harlem Underground Band).mp3
[2009/04/19 23:39:11 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\Anvil Plug.doc
[2009/04/19 23:23:58 | 05,905,241 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\rf- 420 open.mp3
[2009/04/19 20:35:00 | 32,727,6350 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\btra2854500k.wmv
[2009/04/19 12:49:28 | 04,449,698 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\rf - magic number open.mp3
[2009/04/19 12:40:38 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\James Toback Bio.doc
[2009/04/19 12:37:23 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\Ron Copy.doc
[2009/04/19 12:14:37 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\James Toback Plug.doc
[2009/04/19 11:11:13 | 35,582,5848 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\eva_karera_MGB.wmv
[2009/04/19 04:56:00 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/04/19 04:56:00 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/04/19 04:56:00 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/04/19 04:56:00 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/04/19 04:55:27 | 03,175,818 | -H-- | M] () -- C:\Documents and Settings\chris\Local Settings\Application Data\IconCache.db
[2009/04/19 04:26:01 | 00,023,052 | ---- | M] () -- C:\WINDOWS\System32\qgcrn1j0er4p.exe3889238756
[2009/04/19 04:24:49 | 00,118,784 | ---- | M] () -- C:\WINDOWS\System32\sgcvn1j0er4p.dll
[2009/04/19 04:24:48 | 00,080,191 | ---- | M] () -- C:\WINDOWS\System32\qgcrn1j0er4p.exe3868428987
[2009/04/19 04:24:48 | 00,080,191 | ---- | M] () -- C:\WINDOWS\System32\qgcrn1j0er4p.exe2376809316
[2009/04/19 04:24:48 | 00,080,191 | ---- | M] () -- C:\WINDOWS\System32\qgcrn1j0er4p.exe2060360908
[2009/04/19 04:24:48 | 00,080,191 | ---- | M] () -- C:\WINDOWS\System32\qgcrn1j0er4p .exe
[2009/04/17 21:14:33 | 14,917,9550 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\Amia Moretti - Scene From Barely Legal 93.avi
[2009/04/17 02:06:08 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\Fez.doc
[2009/04/16 22:39:24 | 03,216,196 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\rf - tyson rejoin.mp3
[2009/04/16 21:21:37 | 73,374,1056 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\Tyson.2009.DvdRip.Xvid.MegaGun.avi
[2009/04/15 22:58:42 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\rons slices 04_15_2009.doc
[2009/04/14 23:14:13 | 02,352,065 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\chris stanley.mp3
[2009/04/14 23:09:09 | 75,876,718 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\2009-04-14 R&F cf64k.mp3
[2009/04/14 22:12:20 | 07,421,910 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\rf - three kings black steel.mp3
[2009/04/13 23:30:47 | 15,576,4522 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\jb2652500k.wmv
[2009/04/12 14:56:26 | 03,073,045 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\rf - boxxy rejoin.mp3
[2009/04/08 13:15:00 | 05,881,756 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\TheToast.mp3
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/02 23:58:19 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\LaurenHakkerResume.doc
[2009/04/02 22:46:14 | 00,001,094 | -H-- | M] () -- C:\IPH.PH
[2009/03/28 09:45:20 | 10,476,377 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\allmaps.zip
[2009/03/27 11:43:14 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\RonFez Carbonite copy points 3.16-3.29.doc
< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:46 PM

Posted 25 April 2009 - 09:08 AM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [rgctn1j0er4p] c:\windows\system32\qgcrn1j0er4p.exe ()
    O4 - HKU\S-1-5-19..\Run: [sigirameho] Rundll32.exe "C:\WINDOWS\system32\huzivewe.dll",s File not found
    O4 - HKU\S-1-5-20..\Run: [sigirameho] Rundll32.exe "C:\WINDOWS\system32\huzivewe.dll",s File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O20 - AppInit_DLLs: (c:\windows\system32\tatuvisa.dll) - c:\windows\system32\tatuvisa.dll File not found
    O20 - AppInit_DLLs: (ehyuvg.dll) - File not found
    O21 - SSODL: pBotni - {303D014E-9A97-ABE4-0DC1-ADFC61B48379} - C:\WINDOWS\system32\smba.dll ()
    
    
    
    :Files
    C:\WINDOWS\System32\onuyatez.ini
    C:\WINDOWS\System32\rrsgzj.dll
    C:\WINDOWS\System32\hqkprx.dll
    C:\WINDOWS\System32\tetopamu.dll
    C:\WINDOWS\System32\bolijida.dll
    C:\WINDOWS\System32\bojilale.dll
    C:\WINDOWS\System32\yiyavewe.dll
    C:\WINDOWS\System32\toyigeru.dll
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

==================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 dudeman79

dudeman79
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 26 April 2009 - 10:16 AM

New OTL2 Log:

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
C:\WINDOWS\ALCMTR.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rgctn1j0er4p deleted successfully.
c:\windows\system32\qgcrn1j0er4p.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\sigirameho deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\sigirameho deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\tatuvisa.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:ehyuvg.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\pBotni deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{303D014E-9A97-ABE4-0DC1-ADFC61B48379}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\smba.dll
C:\WINDOWS\system32\smba.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\smba.dll scheduled to be moved on reboot.
========== FILES ==========
C:\WINDOWS\System32\onuyatez.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\rrsgzj.dll
C:\WINDOWS\System32\rrsgzj.dll NOT unregistered.
C:\WINDOWS\System32\rrsgzj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hqkprx.dll
C:\WINDOWS\System32\hqkprx.dll NOT unregistered.
C:\WINDOWS\System32\hqkprx.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\tetopamu.dll
C:\WINDOWS\System32\tetopamu.dll NOT unregistered.
C:\WINDOWS\System32\tetopamu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\bolijida.dll
C:\WINDOWS\System32\bolijida.dll NOT unregistered.
C:\WINDOWS\System32\bolijida.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\bojilale.dll
C:\WINDOWS\System32\bojilale.dll NOT unregistered.
C:\WINDOWS\System32\bojilale.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\yiyavewe.dll
C:\WINDOWS\System32\yiyavewe.dll NOT unregistered.
C:\WINDOWS\System32\yiyavewe.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\toyigeru.dll
C:\WINDOWS\System32\toyigeru.dll NOT unregistered.
C:\WINDOWS\System32\toyigeru.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\hsperfdata_chris\460 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxD998.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxD9B7.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxD9C3.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDA0F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDA1D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDA24.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDA27.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDA2A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDA2F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDA33.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDA37.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDA3B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDA3F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDA44.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDA47.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDA49.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDA4C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDA50.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDA78.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDAB1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDAB7.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDABA.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDABE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDAC2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDADD.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDAE8.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDAED.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB09.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB0D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB11.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB17.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB1B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB1E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB23.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB28.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB30.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB35.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB3A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB3E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB46.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB57.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB67.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB70.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB85.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDB9C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDBB2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDBB9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDBC7.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDBDD.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDBED.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDBFE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDC03.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDC0B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDC2B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDC3D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDC43.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDC47.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDC4A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDC4D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\AudxDC50.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\etilqs_ykArVzabLb2aflccO2it scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temp\Perflib_Perfdata_14ac.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temporary Internet Files\Content.IE5\GZH50ITX\precheck[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temporary Internet Files\Content.IE5\892B0XA3\google_com[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_8ec.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\54e0o2wz.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\54e0o2wz.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\54e0o2wz.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\54e0o2wz.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\54e0o2wz.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04262009_004921

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\WINDOWS\system32\smba.dll
C:\WINDOWS\system32\smba.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\smba.dll scheduled to be moved on reboot.
File C:\Documents and Settings\chris\Local Settings\Temp\hsperfdata_chris\460 not found!
C:\Documents and Settings\chris\Local Settings\Temp\AudxD998.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxD9B7.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxD9C3.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDA0F.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDA1D.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDA24.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDA27.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDA2A.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDA2F.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDA33.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDA37.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDA3B.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDA3F.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDA44.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDA47.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDA49.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDA4C.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDA50.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDA78.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDAB1.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDAB7.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDABA.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDABE.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDAC2.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDADD.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDAE8.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDAED.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB09.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB0D.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB11.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB17.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB1B.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB1E.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB23.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB28.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB30.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB35.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB3A.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB3E.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB46.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB57.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB67.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB70.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB85.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDB9C.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDBB2.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDBB9.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDBC7.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDBDD.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDBED.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDBFE.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDC03.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDC0B.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDC2B.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDC3D.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDC43.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDC47.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDC4A.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDC4D.tmp moved successfully.
C:\Documents and Settings\chris\Local Settings\Temp\AudxDC50.tmp moved successfully.
File C:\Documents and Settings\chris\Local Settings\Temp\etilqs_ykArVzabLb2aflccO2it not found!
File C:\Documents and Settings\chris\Local Settings\Temp\Perflib_Perfdata_14ac.dat not found!
C:\Documents and Settings\chris\Local Settings\Temporary Internet Files\Content.IE5\GZH50ITX\precheck[1] moved successfully.
C:\Documents and Settings\chris\Local Settings\Temporary Internet Files\Content.IE5\892B0XA3\google_com[1].htm moved successfully.
C:\Documents and Settings\chris\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_8ec.dat not found!
C:\Documents and Settings\chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\54e0o2wz.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\54e0o2wz.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\54e0o2wz.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\54e0o2wz.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\54e0o2wz.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...

MBAM Log:

Malwarebytes' Anti-Malware 1.36
Database version: 2043
Windows 5.1.2600 Service Pack 2

4/26/2009 11:09:36 AM
mbam-log-2009-04-26 (11-09-36).txt

Scan type: Quick Scan
Objects scanned: 78073
Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\AcroIEHelpe4.dll (Spyware.Banker) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{967b15bc-c0b0-4a69-bfe3-2cdcd20adce4} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1c1ebef0-37cf-4408-b494-f6c000fd6ed7} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{339949fb-4a8c-4aa3-bd04-8b888d9a642a} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf3e4737-a002-49ce-8e07-3460cb177a28} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b42bf63c-5354-4c5c-a789-66efeec5e1b0} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b42bf63c-5354-4c5c-a789-66efeec5e1b0} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b42bf63c-5354-4c5c-a789-66efeec5e1b0} (Spyware.Banker) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\lodupgd.jpg (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\AcroIEHelpe3.dll (Spyware.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AcroIEHelpe4.dll (Spyware.Banker) -> Delete on reboot.
C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:46 PM

Posted 26 April 2009 - 10:55 AM

Please post a new hijackthis log.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 dudeman79

dudeman79
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 26 April 2009 - 03:18 PM

here's the new hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:54 PM, on 4/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\java\jre6\bin\jusched.exe
c:\windows\system32\rundll32.exe
c:\program files\microsoft intellipoint\ipoint.exe
c:\windows\rthdcpl.exe
c:\program files\hp\hpcoretech\hpcmpmgr.exe
c:\program files\hewlett-packard\hp software update\hpwuschd2.exe
c:\program files\cyberlink\powerdvd\pdvdserv.exe
c:\program files\itunes\ituneshelper.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\program files\common files\logishrd\lcommgr\communications_helper.exe
c:\program files\common files\ahead\lib\nmbgmonitor.exe
c:\windows\system32\ctfmon.exe
c:\documents and settings\chris\local settings\application data\google\update\googleupdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\logitech\mouseware\system\em_exec.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb10 .exe
c:\program files\internet explorer\iexplore.exe
c:\program files\viewpoint\viewpoint manager\viewmgr.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Reader Link Helper - {B42BF63C-5354-4c5c-A789-66EFEEC5E1B0} - C:\WINDOWS\system32\AcroIEHelpe4.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx
O21 - SSODL: pBotni - {303D014E-9A97-ABE4-0DC1-ADFC61B48379} - C:\WINDOWS\system32\smba.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10367 bytes

AIM still is not working. System still booting up slower than usual.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:46 PM

Posted 27 April 2009 - 04:50 PM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 dudeman79

dudeman79
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 27 April 2009 - 07:05 PM

Here's the new log:

ComboFix 09-04-27.02 - chris 04/27/2009 19:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.127 [GMT -4:00]
Running from: c:\documents and settings\chris\desktop\combofix.exe
FW: ActiveArmor Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AccessibleMarshal.dll
c:\windows\system32\AcroIEHelpe4.dll
c:\windows\system32\afmnwi.dll
c:\windows\system32\bajawupo.dll
c:\windows\system32\bohanuhi.dll
c:\windows\system32\bozilule.dll
c:\windows\system32\components
c:\windows\system32\components\aboutRights.js
c:\windows\system32\components\aboutRobots.js
c:\windows\system32\components\browser.xpt
c:\windows\system32\components\browserdirprovider.dll
c:\windows\system32\components\brwsrcmp.dll
c:\windows\system32\components\FeedConverter.js
c:\windows\system32\components\FeedProcessor.js
c:\windows\system32\components\FeedWriter.js
c:\windows\system32\components\fuelApplication.js
c:\windows\system32\components\jsconsole-clhandler.js
c:\windows\system32\components\nsAddonRepository.js
c:\windows\system32\components\nsBadCertHandler.js
c:\windows\system32\components\nsBlocklistService.js
c:\windows\system32\components\nsBrowserContentHandler.js
c:\windows\system32\components\nsBrowserGlue.js
c:\windows\system32\components\nsContentDispatchChooser.js
c:\windows\system32\components\nsContentPrefService.js
c:\windows\system32\components\nsDefaultCLH.js
c:\windows\system32\components\nsDownloadManagerUI.js
c:\windows\system32\components\nsExtensionManager.js
c:\windows\system32\components\nsHandlerService.js
c:\windows\system32\components\nsHelperAppDlg.js
c:\windows\system32\components\nsLivemarkService.js
c:\windows\system32\components\nsLoginInfo.js
c:\windows\system32\components\nsLoginManager.js
c:\windows\system32\components\nsLoginManagerPrompter.js
c:\windows\system32\components\nsMicrosummaryService.js
c:\windows\system32\components\nsPlacesTransactionsService.js
c:\windows\system32\components\nsPostUpdateWin.js
c:\windows\system32\components\nsProxyAutoConfig.js
c:\windows\system32\components\nsSafebrowsingApplication.js
c:\windows\system32\components\nsSearchService.js
c:\windows\system32\components\nsSearchSuggestions.js
c:\windows\system32\components\nsSessionStartup.js
c:\windows\system32\components\nsSessionStore.js
c:\windows\system32\components\nsSetDefaultBrowser.js
c:\windows\system32\components\nsSidebar.js
c:\windows\system32\components\nsTaggingService.js
c:\windows\system32\components\nsTryToClose.js
c:\windows\system32\components\nsUpdateService.js
c:\windows\system32\components\nsUrlClassifierLib.js
c:\windows\system32\components\nsUrlClassifierListManager.js
c:\windows\system32\components\nsURLFormatter.js
c:\windows\system32\components\nsWebHandlerApp.js
c:\windows\system32\components\pluginGlue.js
c:\windows\system32\components\storage-Legacy.js
c:\windows\system32\components\txEXSLTRegExFunctions.js
c:\windows\system32\components\WebContentConverter.js
c:\windows\system32\dutawapa.dll
c:\windows\system32\fajodiya.dll
c:\windows\system32\fehilasi.dll
c:\windows\system32\fgjqcn.dll
c:\windows\system32\firefox.exe
c:\windows\system32\freebl3.dll
c:\windows\system32\jivipoto.dll
c:\windows\system32\jojekuya.dll
c:\windows\system32\jvvmdx.dll
c:\windows\system32\katumela.dll
c:\windows\system32\kkzjlo.dll
c:\windows\system32\mozcrt19.dll
c:\windows\system32\mujejude.dll
c:\windows\system32\napagile.dll
c:\windows\system32\nspr4.dll
c:\windows\system32\nss3.dll
c:\windows\system32\nssckbi.dll
c:\windows\system32\nssdbm3.dll
c:\windows\system32\nssutil3.dll
c:\windows\system32\ntjxwl.dll
c:\windows\system32\pepejidu.dll
c:\windows\system32\plc4.dll
c:\windows\system32\plds4.dll
c:\windows\system32\Plugins
c:\windows\system32\Plugins\npnul32.dll
c:\windows\system32\rxrcdw.dll
c:\windows\system32\rzztva.dll
c:\windows\system32\selutanu.dll
c:\windows\system32\smime3.dll
c:\windows\system32\softokn3.dll
c:\windows\system32\ssl3.dll
c:\windows\system32\tegobefo.dll
c:\windows\system32\tkgafs.dll
c:\windows\system32\tnhwtj.dll
c:\windows\system32\UAs
c:\windows\system32\UAs\AdobeUpdater_UAs001.dat
c:\windows\system32\UAs\aim_UAs001.dat
c:\windows\system32\UAs\aim_UAs002.dat
c:\windows\system32\UAs\chrome_UAs001.dat
c:\windows\system32\UAs\chrome_UAs002.dat
c:\windows\system32\UAs\chrome_UAs003.dat
c:\windows\system32\UAs\chrome_UAs004.dat
c:\windows\system32\UAs\divx player_UAs001.dat
c:\windows\system32\UAs\divx player_UAs002.dat
c:\windows\system32\UAs\Explorer_UAs001.dat
c:\windows\system32\UAs\Explorer_UAs002.dat
c:\windows\system32\UAs\firefox_UAs001.dat
c:\windows\system32\UAs\firefox_UAs002.dat
c:\windows\system32\UAs\hpwucli_UAs001.dat
c:\windows\system32\UAs\iexplore_UAs001.dat
c:\windows\system32\UAs\iexplore_UAs002.dat
c:\windows\system32\UAs\jre-6u13-windows-i586-p-iftw_UAs001.dat
c:\windows\system32\UAs\jre-6u13-windows-i586-p-iftw_UAs002.dat
c:\windows\system32\UAs\jucheck_UAs001.dat
c:\windows\system32\UAs\jusched_UAs001.dat
c:\windows\system32\UAs\mbam_UAs001.dat
c:\windows\system32\UAs\mbam_UAs002.dat
c:\windows\system32\UAs\mplayer2_UAs001.dat
c:\windows\system32\UAs\ms1240129490_UAs001.dat
c:\windows\system32\UAs\qgcrn1j0er4p_UAs001.dat
c:\windows\system32\UAs\qgcrn1j0er4p_UAs002.dat
c:\windows\system32\UAs\softwareupdate_UAs001.dat
c:\windows\system32\UAs\spoolsv_UAs001.dat
c:\windows\system32\UAs\spoolsv_UAs002.dat
c:\windows\system32\UAs\STORMFRONT_UAs001.dat
c:\windows\system32\UAs\svchost_UAs001.dat
c:\windows\system32\UAs\svchost_UAs002.dat
c:\windows\system32\UAs\trillian-v3.1.8.0_UAs001.dat
c:\windows\system32\UAs\trillian_UAs001.dat
c:\windows\system32\UAs\trillian_UAs002.dat
c:\windows\system32\UAs\Uniblue RegistryBooster_UAs001.dat
c:\windows\system32\UAs\userinit_UAs001.dat
c:\windows\system32\UAs\viewmgr_UAs001.dat
c:\windows\system32\UAs\winamp_UAs001.dat
c:\windows\system32\uniq.tll
c:\windows\system32\updater.exe
c:\windows\system32\veputate.dll
c:\windows\system32\vhvvin.dll
c:\windows\system32\vifupaji.dll
c:\windows\system32\werosere.dll
c:\windows\system32\wewidilu.dll
c:\windows\system32\wikolule.dll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\wucluy.dll
c:\windows\system32\wugolale.dll
c:\windows\system32\xpcom.dll
c:\windows\system32\yagepodo.dll
c:\windows\system32\yijulisa.dll
c:\windows\system32\yiujwl.dll
c:\windows\system32\yozagera.dll
c:\windows\system32\zenowuzo.dll
c:\windows\system32\zimizapa.dll
c:\windows\system32\zugugeni.dll

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\system32\init32.exe


c:\windows\system32\powrprof.dll . . . is infected!!

c:\windows\system32\wininet.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-26 14:52 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-26 14:52 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-26 04:49 . 2009-04-26 04:49 -------- d-----w C:\_OTListIt
2009-04-24 00:30 . 2009-04-24 00:30 -------- d-----w c:\program files\Uniblue
2009-04-24 00:30 . 2009-04-24 00:30 -------- dc-h--w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-24 00:26 . 2009-04-24 00:26 -------- d-----w c:\program files\Trend Micro
2009-04-23 23:55 . 2009-04-23 23:55 9758200 ----a-w c:\windows\system32\xul.dll
2009-04-23 23:55 . 2009-04-23 23:55 -------- d-----w c:\windows\system32\uninstall
2009-04-23 23:55 . 2009-04-23 23:55 395768 ----a-w c:\windows\system32\sqlite3.dll
2009-04-23 23:55 . 2009-04-23 23:55 -------- d-----w c:\windows\system32\searchplugins
2009-04-23 23:54 . 2009-04-23 23:55 -------- d-----w c:\windows\system32\res
2009-04-23 23:54 . 2009-04-23 23:54 -------- d-----w c:\windows\system32\modules
2009-04-23 23:54 . 2009-04-23 23:54 697848 ----a-w c:\windows\system32\js3250.dll
2009-04-23 23:54 . 2009-04-23 23:54 -------- d-----w c:\windows\system32\greprefs
2009-04-23 23:54 . 2009-04-23 23:54 -------- d-----w c:\windows\system32\dictionaries
2009-04-23 23:54 . 2009-04-23 23:54 -------- d-----w c:\windows\system32\defaults
2009-04-23 23:54 . 2009-04-23 23:54 185848 ----a-w c:\windows\system32\crashreporter.exe
2009-04-23 23:54 . 2009-04-23 23:54 -------- d-----w c:\windows\system32\chrome
2009-04-23 04:50 . 2009-04-23 04:52 -------- d-----w c:\program files\Trillian
2009-04-19 08:57 . 2009-04-24 01:24 -------- d-----w c:\windows\system32\cock
2009-04-19 08:57 . 2009-04-26 19:48 -------- d-----w c:\windows\system32\xmldm
2009-04-19 08:24 . 2009-04-26 14:47 6407 ----a-w c:\windows\system32\krncode.dat
2009-04-19 08:24 . 2009-04-26 14:47 1575 ----a-w c:\windows\system32\pwrcode.dat
2009-04-19 08:24 . 2009-04-26 14:47 19269 ----a-w c:\windows\system32\wincode.dat
2009-04-19 08:24 . 2004-08-03 22:56 17408 ----a-w c:\windows\system32\osysp.dat
2009-04-19 08:24 . 2007-04-16 15:52 984576 ----a-w c:\windows\system32\osysk.dat
2009-04-19 08:24 . 2008-10-16 20:38 826368 ----a-w c:\windows\system32\osysw.dat
2009-04-19 08:24 . 2009-04-19 08:24 118784 ----a-w c:\windows\system32\sgcvn1j0er4p.dll
2009-04-19 08:24 . 2009-04-19 08:24 80191 ----a-w c:\windows\system32\qgcrn1j0er4p .exe
2009-03-31 02:11 . 2009-03-31 02:11 -------- d-----w c:\program files\SmartFTP Client
2009-03-31 02:10 . 2009-03-31 02:10 -------- d-----w c:\program files\SmartFTP Client 3.0 Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 20:16 . 2007-05-03 06:02 -------- d-----w c:\program files\AIM
2009-04-26 20:15 . 2009-02-23 23:59 -------- d-----w c:\program files\Common Files\AOL
2009-04-26 14:52 . 2009-01-29 01:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-26 14:48 . 2007-05-04 02:19 -------- d-----w c:\program files\PowerISO
2009-04-26 14:47 . 2004-08-03 22:56 830464 ----a-w c:\windows\system32\wininet.dll
2009-04-26 14:47 . 2004-08-03 22:56 21504 ----a-w c:\windows\system32\powrprof.dll
2009-04-23 05:16 . 2004-08-03 22:56 21504 ----a-w c:\windows\system32\sysp.tmp
2009-04-23 05:16 . 2004-08-03 22:56 988672 ----a-w c:\windows\system32\sysk.tmp
2009-04-23 05:16 . 2004-08-03 22:56 830464 ----a-w c:\windows\system32\sysw.tmp
2009-04-20 05:56 . 2009-02-08 08:06 -------- d-----w c:\program files\SIMU
2009-04-20 05:53 . 2008-10-16 03:50 -------- d-----w c:\program files\Amorous Professor Cherry
2009-04-20 05:52 . 2009-01-28 03:54 -------- d-----w c:\program files\Encore
2009-04-19 08:57 . 2009-04-19 08:57 112 ----a-w c:\windows\system32\srvblck2.tmp
2009-04-19 08:56 . 2009-01-27 05:21 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-19 08:56 . 2009-01-27 05:21 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-19 08:56 . 2009-01-27 05:21 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-19 08:56 . 2009-01-27 05:21 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-29 23:33 . 2007-05-04 02:18 -------- d-----w c:\program files\Winamp
1601-01-01 00:12 . 1601-01-01 00:12 71821 --sha-w c:\windows\system32\depijafi.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 63811 --sha-w c:\windows\system32\geyebada.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 63811 --sha-w c:\windows\system32\mabituki.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 63099 --sha-w c:\windows\system32\mekopigo.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 71821 --sha-w c:\windows\system32\rozenemi.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 63099 --sha-w c:\windows\system32\sodiguso.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 71821 --sha-w c:\windows\system32\teyudilu.dll.tmp
1601-01-01 00:12 . 1601-01-01 00:12 63811 --sha-w c:\windows\system32\zohogere.dll.tmp
.

------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-03 22:56 17408 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\svchost.exe

[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$NtUninstallKB931768$\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$NtUninstallKB933566$\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$NtUninstallKB937143$\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$NtUninstallKB939653$\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\$NtUninstallKB939653_0$\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\ie7\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\system32\wininet.dll
[-] 2009-04-27 23:51 830464 0854EA7E469B726A5D9EE1DA19DCC621 c:\windows\system32\dllcache\wininet.dll

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-03 22:56 506368 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\winlogon.exe

[-] 2007-06-13 10:23 1035776 D41D8CD98F00B204E9800998ECF8427E c:\windows\explorer.exe
[7] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-03 22:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[-] 2004-08-03 22:56 110592 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\services.exe

[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-03 22:56 14848 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\lsass.exe

[7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[7] 2004-08-03 22:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[-] 2005-06-10 23:53 58880 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\spoolsv.exe

[-] 2009-04-27 23:51 988672 4B0AFF6F0F0CFE90C36A385FD6A80D0F c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2009-04-27 23:51 988672 4B0AFF6F0F0CFE90C36A385FD6A80D0F c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-04-27 23:51 988672 4B0AFF6F0F0CFE90C36A385FD6A80D0F c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2009-04-27 23:51 988672 4B0AFF6F0F0CFE90C36A385FD6A80D0F c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2009-04-27 23:51 988672 4B0AFF6F0F0CFE90C36A385FD6A80D0F c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[-] 2009-04-27 23:51 988672 4B0AFF6F0F0CFE90C36A385FD6A80D0F c:\windows\system32\kernel32.dll
[-] 2009-04-27 23:51 988672 4B0AFF6F0F0CFE90C36A385FD6A80D0F c:\windows\system32\dllcache\kernel32.dll

[-] 2009-04-27 23:51 21504 C5CD0F6CD1181ED0CD5A6966B42013BD c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2009-04-27 23:51 21504 C5CD0F6CD1181ED0CD5A6966B42013BD c:\windows\system32\powrprof.dll
[-] 2009-04-27 23:51 21504 C5CD0F6CD1181ED0CD5A6966B42013BD c:\windows\system32\dllcache\powrprof.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B42BF63C-5354-4c5c-A789-66EFEEC5E1B0}]
2009-04-27 23:51 86816 ----a-w c:\windows\system32\AcroIEHelpe5.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2007-10-23 360448]
"Google Update"="c:\documents and settings\chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-04-27 23052]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2009-04-27 23052]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2009-04-26 23052]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-07-23 49152]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-04 36352]
"QuickTime Task"="c:\program files\quicktime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-02 185896]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 780312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pBotni"= {303D014E-9A97-ABE4-0DC1-ADFC61B48379} - c:\windows\system32\smba.dll [2007-04-16 32768]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 20:51 13560]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

.
Contents of the 'Scheduled Tasks' folder

2009-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-2052111302-682003330-1003.job
- c:\documents and settings\chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:46]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - hxxps://www.play.net/components/activex/AXSAL.ocx
FF - ProfilePath - c:\documents and settings\chris\Application Data\Mozilla\Firefox\Profiles\54e0o2wz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.google.com/ig
FF - plugin: c:\documents and settings\chris\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\chris\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 19:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\lodupgd.jpg 42192 bytes executable
c:\windows\system32\AcroIEHelpe5.dll 86816 bytes executable
c:\windows\system32\AcroIEHelpe5.txt 59 bytes
c:\windows\system32\UAs


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(6988)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\ctfmon.exe2595146907NMBGMONITOR.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb10 .exe
c:\program files\PowerISO\pwrisovm .exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\lodupgd.jpg
c:\windows\SoftwareDistribution\Download\3385b5e709509d6e2e40ffe6fcdd8ec9\update\update.exe
.
**************************************************************************
.
Completion time: 2009-04-27 19:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-27 23:58

Pre-Run: 3,073,228,800 bytes free
Post-Run: 2,821,787,648 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

436 --- E O F --- 2008-12-18 08:00

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:46 PM

Posted 28 April 2009 - 03:34 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
c:\windows\system32\UAs

File::
c:\windows\system32\crashreporter.exe
c:\windows\system32\krncode.dat
c:\windows\system32\pwrcode.dat
c:\windows\system32\wincode.dat
c:\windows\system32\osysp.dat
c:\windows\system32\osysk.dat
c:\windows\system32\osysw.dat
c:\windows\system32\sgcvn1j0er4p.dll
c:\windows\system32\qgcrn1j0er4p .exe
c:\windows\system32\sysp.tmp
c:\windows\system32\sysk.tmp
c:\windows\system32\sysw.tmp
c:\windows\system32\srvblck2.tmp
c:\windows\system32\depijafi.dll.tmp
c:\windows\system32\geyebada.dll.tmp
c:\windows\system32\mabituki.dll.tmp
c:\windows\system32\mekopigo.dll.tmp
c:\windows\system32\rozenemi.dll.tmp
c:\windows\system32\sodiguso.dll.tmp
c:\windows\system32\teyudilu.dll.tmp
c:\windows\system32\zohogere.dll.tmp
c:\windows\system32\smba.dll
c:\windows\system32\lodupgd.jpg 
c:\windows\system32\AcroIEHelpe5.dll 
c:\windows\system32\AcroIEHelpe5.txt
c:\windows\system32\nsysk.ini 
c:\windows\system32\nsysp.ini 
c:\windows\system32\nsysw.ini

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B42BF63C-5354-4c5c-A789-66EFEEC5E1B0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pBotni"= {303D014E-9A97-ABE4-0DC1-ADFC61B48379}=-
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


================


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Please post the contents of the log from DrWeb and the new combofix log in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 dudeman79

dudeman79
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 28 April 2009 - 10:19 PM

new logs:

Combofix:

ComboFix 09-04-28.02 - chris 04/28/2009 19:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.192 [GMT -4:00]
Running from: c:\documents and settings\chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\chris\Desktop\CFScript.txt
FW: ActiveArmor Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\AcroIEHelpe5.dll
c:\windows\system32\AcroIEHelpe5.txt
c:\windows\system32\crashreporter.exe
c:\windows\system32\depijafi.dll.tmp
c:\windows\system32\geyebada.dll.tmp
c:\windows\system32\krncode.dat
c:\windows\system32\lodupgd.jpg
c:\windows\system32\mabituki.dll.tmp
c:\windows\system32\mekopigo.dll.tmp
c:\windows\system32\nsysk.ini
c:\windows\system32\nsysp.ini
c:\windows\system32\nsysw.ini
c:\windows\system32\osysk.dat
c:\windows\system32\osysp.dat
c:\windows\system32\osysw.dat
c:\windows\system32\pwrcode.dat
c:\windows\system32\qgcrn1j0er4p .exe
c:\windows\system32\rozenemi.dll.tmp
c:\windows\system32\sgcvn1j0er4p.dll
c:\windows\system32\smba.dll
c:\windows\system32\sodiguso.dll.tmp
c:\windows\system32\srvblck2.tmp
c:\windows\system32\sysk.tmp
c:\windows\system32\sysp.tmp
c:\windows\system32\sysw.tmp
c:\windows\system32\teyudilu.dll.tmp
c:\windows\system32\wincode.dat
c:\windows\system32\zohogere.dll.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\chris\Application Data\inst.exe
c:\windows\system32\AcroIEHelpe5.dll
c:\windows\system32\AcroIEHelpe5.txt
c:\windows\system32\crashreporter.exe
c:\windows\system32\depijafi.dll.tmp
c:\windows\system32\geyebada.dll.tmp
c:\windows\system32\krncode.dat
c:\windows\system32\mabituki.dll.tmp
c:\windows\system32\mekopigo.dll.tmp
c:\windows\system32\nsysk.ini
c:\windows\system32\nsysp.ini
c:\windows\system32\nsysw.ini
c:\windows\system32\osysk.dat
c:\windows\system32\osysp.dat
c:\windows\system32\osysw.dat
c:\windows\system32\pwrcode.dat
c:\windows\system32\qgcrn1j0er4p .exe
c:\windows\system32\rozenemi.dll.tmp
c:\windows\system32\sgcvn1j0er4p.dll
c:\windows\system32\smba.dll
c:\windows\system32\sodiguso.dll.tmp
c:\windows\system32\srvblck2.tmp
c:\windows\system32\sysk.tmp
c:\windows\system32\sysp.tmp
c:\windows\system32\sysw.tmp
c:\windows\system32\teyudilu.dll.tmp
c:\windows\system32\UAs
c:\windows\system32\UAs\iexplore_UAs001.dat
c:\windows\system32\UAs\iexplore_UAs002.dat
c:\windows\system32\UAs\iexplore_UAs003.dat
c:\windows\system32\UAs\install_Paltalk_UAs001.dat
c:\windows\system32\UAs\mplayer2_UAs001.dat
c:\windows\system32\UAs\paltalk_UAs001.dat
c:\windows\system32\UAs\softwareupdate_UAs001.dat
c:\windows\system32\UAs\STORMFRONT_UAs001.dat
c:\windows\system32\UAs\winamp_UAs001.dat
c:\windows\system32\UAs\winlogon_UAs001.dat
c:\windows\system32\UAs\winlogon_UAs002.dat
c:\windows\system32\wincode.dat
c:\windows\system32\zohogere.dll.tmp

c:\windows\system32\powrprof.dll . . . is infected!!

c:\windows\system32\wininet.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.

2009-04-26 14:52 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-26 14:52 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-26 04:49 . 2009-04-26 04:49 -------- d-----w C:\_OTListIt
2009-04-24 00:31 . 2009-04-24 00:31 -------- d-----w c:\documents and settings\chris\Application Data\Uniblue
2009-04-24 00:30 . 2009-04-24 00:30 -------- d-----w c:\program files\Uniblue
2009-04-24 00:30 . 2009-04-24 00:30 -------- dc-h--w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-24 00:26 . 2009-04-24 00:26 -------- d-----w c:\program files\Trend Micro
2009-04-23 23:55 . 2009-04-23 23:55 9758200 ----a-w c:\windows\system32\xul.dll
2009-04-23 23:55 . 2009-04-23 23:55 -------- d-----w c:\windows\system32\uninstall
2009-04-23 23:55 . 2009-04-23 23:55 395768 ----a-w c:\windows\system32\sqlite3.dll
2009-04-23 23:55 . 2009-04-23 23:55 -------- d-----w c:\windows\system32\searchplugins
2009-04-23 23:54 . 2009-04-23 23:55 -------- d-----w c:\windows\system32\res
2009-04-23 23:54 . 2009-04-23 23:54 -------- d-----w c:\windows\system32\modules
2009-04-23 23:54 . 2009-04-23 23:54 697848 ----a-w c:\windows\system32\js3250.dll
2009-04-23 23:54 . 2009-04-23 23:54 -------- d-----w c:\windows\system32\greprefs
2009-04-23 23:54 . 2009-04-23 23:54 -------- d-----w c:\windows\system32\dictionaries
2009-04-23 23:54 . 2009-04-23 23:54 -------- d-----w c:\windows\system32\defaults
2009-04-23 23:54 . 2009-04-23 23:54 -------- d-----w c:\windows\system32\chrome
2009-04-23 04:50 . 2009-04-23 04:52 -------- d-----w c:\program files\Trillian
2009-04-19 08:57 . 2009-04-24 01:24 -------- d-----w c:\windows\system32\cock
2009-04-19 08:57 . 2009-04-28 02:48 -------- d-----w c:\windows\system32\xmldm
2009-03-31 02:13 . 2009-03-31 02:13 -------- d-----w c:\documents and settings\chris\Application Data\SmartFTP
2009-03-31 02:11 . 2009-03-31 02:11 -------- d-----w c:\program files\SmartFTP Client
2009-03-31 02:10 . 2009-03-31 02:10 -------- d-----w c:\program files\SmartFTP Client 3.0 Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 07:09 . 2004-08-03 22:56 21504 ----a-w c:\windows\system32\powrprof.dll
2009-04-28 07:09 . 2004-08-03 22:56 830464 ----a-w c:\windows\system32\wininet.dll
2009-04-28 02:10 . 2007-12-22 07:20 -------- d-----w c:\program files\Paltalk Messenger
2009-04-27 23:51 . 2007-05-04 02:19 -------- d-----w c:\program files\PowerISO
2009-04-26 20:16 . 2007-05-03 06:02 -------- d-----w c:\program files\AIM
2009-04-26 20:15 . 2009-02-23 23:59 -------- d-----w c:\program files\Common Files\AOL
2009-04-26 14:52 . 2009-01-29 01:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 05:56 . 2009-02-08 08:06 -------- d-----w c:\program files\SIMU
2009-04-20 05:53 . 2008-10-16 03:50 -------- d-----w c:\program files\Amorous Professor Cherry
2009-04-20 05:52 . 2009-01-28 03:54 -------- d-----w c:\program files\Encore
2009-04-19 08:56 . 2009-01-27 05:21 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-19 08:56 . 2009-01-27 05:21 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-19 08:56 . 2009-01-27 05:21 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-19 08:56 . 2009-01-27 05:21 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-29 23:33 . 2007-05-04 02:18 -------- d-----w c:\program files\Winamp
2009-02-20 18:09 . 2004-08-03 22:56 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:19 . 2004-08-03 21:17 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-03 20:08 . 2004-08-03 22:56 55808 ----a-w c:\windows\system32\secur32.dll
.

------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-03 22:56 17408 70989D7E5E8F7EBBAE9E4E009040CB98 c:\windows\system32\svchost.exe

[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$NtUninstallKB931768$\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$NtUninstallKB933566$\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$NtUninstallKB937143$\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$NtUninstallKB939653$\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\$NtUninstallKB939653_0$\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\ie7\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3gdr\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3qfe\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\system32\wininet.dll
[-] 2009-04-28 07:09 830464 00191412D893C0AE966160F04CD23D98 c:\windows\system32\dllcache\wininet.dll

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-03 22:56 506368 F1C92A563F8015D4D0C43E561FF42524 c:\windows\system32\winlogon.exe

[-] 2007-06-13 10:23 1035776 2B524FDEC0D2AD5EEF92A7060A453431 c:\windows\explorer.exe
[7] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-03 22:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

[-] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[-] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[-] 2004-08-03 22:56 110592 5ACB4C3AA7EA5B078F25C602F42EC93C c:\windows\system32\services.exe

[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-03 22:56 14848 2E7F5DAD25517271EBB1C390366EE016 c:\windows\system32\lsass.exe

[7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[7] 2004-08-03 22:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[-] 2005-06-10 23:53 58880 6CE41B21CA6053D3F013136CAF88CA98 c:\windows\system32\spoolsv.exe

[-] 2009-04-28 07:09 990208 AF53D3067769C3A6562F8410DAF8C24A c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2009-04-28 07:09 990208 AF53D3067769C3A6562F8410DAF8C24A c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-04-28 07:09 990208 AF53D3067769C3A6562F8410DAF8C24A c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2009-04-28 07:09 990208 AF53D3067769C3A6562F8410DAF8C24A c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-04-28 07:09 990208 AF53D3067769C3A6562F8410DAF8C24A c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-04-28 07:09 990208 AF53D3067769C3A6562F8410DAF8C24A c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2009-04-28 07:09 990208 AF53D3067769C3A6562F8410DAF8C24A c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2009-04-28 07:09 990208 AF53D3067769C3A6562F8410DAF8C24A c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2009-04-28 07:09 990208 AF53D3067769C3A6562F8410DAF8C24A c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2gdr\kernel32.dll
[-] 2009-04-28 07:09 990208 AF53D3067769C3A6562F8410DAF8C24A c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2qfe\kernel32.dll
[-] 2009-04-28 07:09 990208 AF53D3067769C3A6562F8410DAF8C24A c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[-] 2009-04-28 07:09 990208 AF53D3067769C3A6562F8410DAF8C24A c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[-] 2009-04-28 07:09 990208 AF53D3067769C3A6562F8410DAF8C24A c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[-] 2009-04-28 07:09 990208 AF53D3067769C3A6562F8410DAF8C24A c:\windows\system32\kernel32.dll
[-] 2009-04-28 07:09 990208 AF53D3067769C3A6562F8410DAF8C24A c:\windows\system32\dllcache\kernel32.dll

[-] 2009-04-28 07:09 21504 C5CD0F6CD1181ED0CD5A6966B42013BD c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2009-04-28 07:09 21504 C5CD0F6CD1181ED0CD5A6966B42013BD c:\windows\system32\powrprof.dll
[-] 2009-04-28 07:09 21504 C5CD0F6CD1181ED0CD5A6966B42013BD c:\windows\system32\dllcache\powrprof.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-27_23.50.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-28 23:58 . 2009-04-28 23:58 16384 c:\windows\Temp\Perflib_Perfdata_288.dat
- 2009-04-19 08:25 . 2009-04-26 19:59 23052 c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
+ 2009-04-19 08:25 . 2009-04-28 07:10 23052 c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
+ 2007-05-04 07:00 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
+ 2007-05-02 23:04 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-03 22:56 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2004-08-03 22:56 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
- 2007-08-13 22:54 . 2008-10-16 20:38 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 22:54 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-05-02 23:04 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2007-05-02 23:04 . 2004-08-03 22:56 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 22:39 . 2008-10-16 13:11 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 22:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-03 22:56 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 44544 c:\windows\system32\iernonce.dll
+ 2004-08-03 22:56 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-03 22:56 . 2008-10-16 13:11 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 22:36 . 2008-10-16 20:38 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 22:36 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
+ 2004-08-03 22:56 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
- 2004-08-03 22:56 . 2004-08-03 22:56 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-05-02 23:04 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
- 2004-08-03 22:56 . 2006-03-01 19:42 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2004-08-03 22:56 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2007-10-13 18:30 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-10-13 18:30 . 2008-10-16 20:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-02 23:04 . 2004-08-03 22:56 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2007-05-02 23:04 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-10-13 18:30 . 2008-10-16 13:11 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-10-13 18:30 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-03 22:56 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-03 22:56 . 2007-08-13 22:45 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-03 22:56 . 2008-10-16 13:11 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-03 22:56 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-10-13 18:30 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-10-13 18:30 . 2008-10-16 20:38 63488 c:\windows\system32\dllcache\icardie.dll
+ 2004-08-03 22:56 . 2004-08-03 22:56 15360 c:\windows\system32\ctfmon.exe
- 2007-05-02 23:11 . 2009-04-23 05:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-05-02 23:11 . 2009-04-28 07:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-05-02 23:11 . 2009-04-23 05:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-05-02 23:11 . 2009-04-28 07:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-05-02 23:11 . 2009-04-28 07:09 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-05-02 23:11 . 2009-04-23 05:15 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-28 07:02 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-04-28 07:02 . 2008-10-16 20:38 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-04-28 07:02 . 2008-10-16 20:38 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-04-28 07:02 . 2008-10-16 13:11 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-04-28 07:02 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-04-28 07:02 . 2007-08-13 22:45 78336 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-04-28 07:02 . 2008-10-16 13:11 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-04-28 07:02 . 2008-10-16 20:38 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
+ 2007-01-04 10:25 . 2008-02-15 09:06 351744 c:\windows\system32\xpsp3res.dll
+ 2004-08-03 22:56 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2004-08-03 22:56 . 2004-08-03 22:56 351232 c:\windows\system32\winhttp.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 233472 c:\windows\system32\webcheck.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 105984 c:\windows\system32\url.dll
- 2004-08-03 22:56 . 2007-04-25 14:21 144896 c:\windows\system32\schannel.dll
+ 2004-08-03 22:56 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 102912 c:\windows\system32\occache.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 671232 c:\windows\system32\mstime.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 193024 c:\windows\system32\msrating.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 22:54 . 2008-10-16 20:38 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 22:54 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
+ 2007-05-02 23:04 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2007-05-02 23:04 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2007-05-02 23:04 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2007-08-13 22:34 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 16:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
- 2007-07-11 16:27 . 2008-10-16 20:38 383488 c:\windows\system32\ieapfltr.dll
+ 2001-08-23 11:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
- 2001-08-23 11:00 . 2008-10-15 07:04 161792 c:\windows\system32\ieakui.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
- 2007-05-02 18:58 . 2008-10-16 07:07 121336 c:\windows\system32\FNTCACHE.DAT
+ 2007-05-02 18:58 . 2009-04-28 07:09 121336 c:\windows\system32\FNTCACHE.DAT
- 2004-08-03 22:56 . 2008-10-16 20:38 133120 c:\windows\system32\extmgr.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-03 21:14 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2007-05-02 23:04 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
- 2004-08-03 22:56 . 2004-08-03 22:56 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-03 22:56 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-03 21:14 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
+ 2004-08-03 22:56 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
- 2004-08-03 22:56 . 2007-04-25 14:21 144896 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-10-13 18:30 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2007-10-13 18:30 . 2008-10-16 20:38 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-02 23:04 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2007-05-02 23:04 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2007-05-02 23:04 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2007-05-02 23:05 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe
+ 2007-10-13 18:30 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-10-13 18:30 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-10-13 18:30 . 2008-10-16 20:38 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2001-08-23 11:00 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
- 2001-08-23 11:00 . 2008-10-15 07:04 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 124928 c:\windows\system32\advpack.dll
+ 2007-12-22 07:20 . 2009-04-28 02:10 473600 c:\windows\PaltalkScene\uninstall.exe
- 2007-12-22 07:20 . 2007-12-22 07:20 473600 c:\windows\PaltalkScene\uninstall.exe
+ 2009-04-28 07:02 . 2008-10-16 20:38 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-04-28 07:02 . 2008-10-16 20:38 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-04-28 07:02 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-04-28 07:02 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-04-28 07:02 . 2008-10-16 20:38 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-04-28 07:02 . 2008-10-16 20:38 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-04-28 07:02 . 2008-10-16 20:38 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-04-28 07:02 . 2008-10-16 20:38 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-04-28 07:02 . 2008-10-16 20:38 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-04-28 07:02 . 2008-10-15 07:06 633632 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-04-28 07:02 . 2008-10-16 20:38 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-04-28 07:02 . 2008-10-16 20:38 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-04-28 07:02 . 2008-10-16 20:38 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-04-28 07:02 . 2008-10-15 07:04 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-04-28 07:02 . 2008-10-16 20:38 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-04-28 07:02 . 2008-10-16 20:38 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-04-28 07:02 . 2008-10-16 20:38 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-04-28 07:02 . 2008-10-16 20:38 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-04-28 07:02 . 2008-10-16 20:38 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-04-28 07:02 . 2008-10-16 20:38 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
+ 2007-10-10 07:00 . 2009-04-28 07:09 830464 c:\windows\$NtUninstallKB939653_0$\wininet.dll
- 2007-10-10 07:00 . 2009-04-26 14:47 830464 c:\windows\$NtUninstallKB939653_0$\wininet.dll
+ 2007-10-13 18:31 . 2009-04-28 07:09 830464 c:\windows\$NtUninstallKB939653$\wininet.dll
- 2007-10-13 18:31 . 2009-04-26 14:47 830464 c:\windows\$NtUninstallKB939653$\wininet.dll
- 2007-08-15 07:00 . 2009-04-26 14:47 830464 c:\windows\$NtUninstallKB937143$\wininet.dll
+ 2007-08-15 07:00 . 2009-04-28 07:09 830464 c:\windows\$NtUninstallKB937143$\wininet.dll
+ 2007-06-13 07:00 . 2009-04-28 07:09 990208 c:\windows\$NtUninstallKB935839$\kernel32.dll
- 2007-06-13 07:00 . 2009-04-26 14:47 830464 c:\windows\$NtUninstallKB933566$\wininet.dll
+ 2007-06-13 07:00 . 2009-04-28 07:09 830464 c:\windows\$NtUninstallKB933566$\wininet.dll
+ 2007-05-09 07:00 . 2009-04-28 07:09 830464 c:\windows\$NtUninstallKB931768$\wininet.dll
- 2007-05-09 07:00 . 2009-04-26 14:47 830464 c:\windows\$NtUninstallKB931768$\wininet.dll
- 2007-05-05 07:00 . 2009-04-26 14:47 830464 c:\windows\$NtUninstallKB928090$\wininet.dll
+ 2007-05-05 07:00 . 2009-04-28 07:09 830464 c:\windows\$NtUninstallKB928090$\wininet.dll
+ 2007-05-05 07:01 . 2009-04-28 07:09 990208 c:\windows\$NtUninstallKB917422$\kernel32.dll
+ 2008-12-12 01:49 . 2009-04-28 07:09 830464 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
- 2008-12-12 01:49 . 2009-04-26 14:47 830464 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
- 2008-08-26 09:08 . 2009-04-26 14:47 830464 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2008-08-26 09:08 . 2009-04-28 07:09 830464 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
- 2008-08-12 20:02 . 2009-04-26 14:47 830464 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
+ 2008-08-12 20:02 . 2009-04-28 07:09 830464 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
- 2008-06-11 10:57 . 2009-04-26 14:47 830464 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
+ 2008-06-11 10:57 . 2009-04-28 07:09 830464 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
+ 2008-04-08 21:39 . 2009-04-28 07:09 830464 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
- 2008-04-08 21:39 . 2009-04-26 14:47 830464 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
+ 2007-12-07 02:01 . 2009-04-28 07:09 830464 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
- 2007-12-07 02:01 . 2009-04-26 14:47 830464 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
+ 2007-10-10 23:47 . 2009-04-28 07:09 830464 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
- 2007-10-10 23:47 . 2009-04-26 14:47 830464 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
- 2007-08-22 12:55 . 2009-04-26 14:47 830464 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
+ 2007-08-22 12:55 . 2009-04-28 07:09 830464 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
- 2007-10-13 18:30 . 2009-04-26 14:47 830464 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
+ 2007-10-13 18:30 . 2009-04-28 07:09 830464 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
- 2007-06-26 14:35 . 2009-04-26 14:47 830464 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
+ 2007-06-26 14:35 . 2009-04-28 07:09 830464 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
+ 2007-04-16 16:07 . 2009-04-28 07:09 990208 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
+ 2007-04-18 12:46 . 2009-04-28 07:09 830464 c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
- 2007-04-18 12:46 . 2009-04-26 14:47 830464 c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
+ 2007-05-08 19:16 . 2009-04-28 07:09 830464 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
- 2007-05-08 19:16 . 2009-04-26 14:47 830464 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
+ 2007-01-04 14:05 . 2009-04-28 07:09 830464 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
- 2007-01-04 14:05 . 2009-04-26 14:47 830464 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
+ 2006-07-05 10:57 . 2009-04-28 07:09 990208 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
- 2004-08-03 22:56 . 2008-10-16 20:38 1160192 c:\windows\system32\urlmon.dll
+ 2004-08-03 22:56 . 2008-07-03 13:03 8460800 c:\windows\system32\shell32.dll
+ 2004-08-03 22:56 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
- 2004-08-03 22:56 . 2008-05-07 05:18 1287680 c:\windows\system32\quartz.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
- 2007-08-13 22:54 . 2008-10-16 20:38 6066176 c:\windows\system32\ieframe.dll
+ 2007-08-13 22:54 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
+ 2007-02-12 20:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
- 2007-02-12 20:10 . 2007-04-17 09:32 2455488 c:\windows\system32\ieapfltr.dat
+ 2004-08-03 21:17 . 2009-02-09 10:19 1846272 c:\windows\system32\dllcache\win32k.sys
- 2004-08-03 22:56 . 2008-10-16 20:38 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-03 22:56 . 2008-07-03 13:03 8460800 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-03 22:56 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
- 2004-08-03 22:56 . 2008-05-07 05:18 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-03 22:56 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
+ 2007-10-13 18:30 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
- 2007-10-13 18:30 . 2008-10-16 20:38 6066176 c:\windows\system32\dllcache\ieframe.dll
- 2007-10-13 18:30 . 2007-04-17 09:32 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2007-10-13 18:30 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-04-28 07:02 . 2008-10-16 20:38 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-04-28 07:02 . 2008-12-13 06:40 3593216 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-04-28 07:02 . 2008-10-16 20:38 6066176 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-04-28 07:02 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2007-10-23 360448]
"Google Update"="c:\documents and settings\chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-04-27 23052]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2009-04-29 23052]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2009-04-29 23052]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-07-23 49152]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-04 36352]
"QuickTime Task"="c:\program files\quicktime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-02 185896]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 780312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]

c:\documents and settings\chris\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-1-28 10950144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\chris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 20:51 13560]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-2052111302-682003330-1003.job
- c:\documents and settings\chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 00:46]
.
- - - - ORPHANS REMOVED - - - -

SSODL-pBotni-{303D014E-9A97-ABE4-0DC1-ADFC61B48379} - c:\windows\system32\smba.dll


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - hxxps://www.play.net/components/activex/AXSAL.ocx
FF - ProfilePath - c:\documents and settings\chris\Application Data\Mozilla\Firefox\Profiles\54e0o2wz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.google.com/ig
FF - plugin: c:\documents and settings\chris\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\chris\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 19:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\ctfmon.exe4104879527 15360 bytes executable


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ||A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2868)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\mshtml.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\ctfmon.exe4104879527NMBGMONITOR.EXE
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb10 .exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-04-28 20:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-29 00:07
ComboFix2.txt 2009-04-27 23:59

Pre-Run: 478,400,512 bytes free
Post-Run: 485,015,552 bytes free

591 --- E O F --- 2009-04-28 07:02









Cureit Log:


explorer.exe;c:\windows;Trojan.Starter.384;Cured.;
lsass.exe;c:\windows\system32;Trojan.Starter.384;Cured.;
services.exe;c:\windows\system32;Trojan.Starter.384;Cured.;
spoolsv.exe;c:\windows\system32;Trojan.Starter.384;Cured.;
svchost.exe;c:\windows\system32;Trojan.Starter.384;Cured.;
winlogon.exe;c:\windows\system32;Trojan.Starter.384;Cured.;
01 Track 1.wma;C:\Documents and Settings\chris\Shared;Trojan.DownLoader.61860;Deleted.;
another bag of bricks cute girl has orgasm on webcam.mp3;C:\Documents and Settings\chris\Shared;Trojan.WMALoader;Cured.;
Coolio - Throwdown 2000.mp3;C:\Documents and Settings\chris\Shared;Trojan.WMALoader;Cured.;
flight of valkyries.mp3;C:\Documents and Settings\chris\Shared;Trojan.WMALoader;Cured.;
Gorillaz - 12d3.wma;C:\Documents and Settings\chris\Shared;Trojan.WMALoader;Cured.;
jews for jesus - greatest hits.mp3;C:\Documents and Settings\chris\Shared;Trojan.WMALoader;Cured.;
sweet jane (unplugged version).mp3;C:\Documents and Settings\chris\Shared;Trojan.WMALoader;Cured.;
afmnwi.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
bajawupo.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;
bohanuhi.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
bozilule.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
depijafi.dll.tmp.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;
dutawapa.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
fajodiya.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1615;Deleted.;
fehilasi.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
fgjqcn.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
geyebada.dll.tmp.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;
jivipoto.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
jojekuya.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1615;Deleted.;
jvvmdx.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
katumela.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1615;Deleted.;
kkzjlo.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
mabituki.dll.tmp.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;
mekopigo.dll.tmp.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;
mujejude.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1615;Deleted.;
napagile.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1615;Deleted.;
ntjxwl.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
pepejidu.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1615;Deleted.;
qgcrn1j0er4p .exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Packed.166;Deleted.;
rozenemi.dll.tmp.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;
rxrcdw.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
rzztva.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
selutanu.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
sodiguso.dll.tmp.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;
tegobefo.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1615;Deleted.;
teyudilu.dll.tmp.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;
tkgafs.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
tnhwtj.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
userinit.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.33511;Deleted.;
veputate.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;
vhvvin.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
vifupaji.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
werosere.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;
wewidilu.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
wikolule.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
wucluy.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
wugolale.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1615;Deleted.;
yagepodo.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1615;Deleted.;
yijulisa.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
yiujwl.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
yozagera.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.;
zenowuzo.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1615;Deleted.;
zimizapa.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1615;Deleted.;
zohogere.dll.tmp.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;
zugugeni.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1615;Deleted.;
A0049101.exe;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Packed.166;Deleted.;
A0049291.exe;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Packed.166;Deleted.;
A0049340.exe;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Packed.166;Deleted.;
A0049767.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049768.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.DownLoad.12946;Deleted.;
A0049769.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049770.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049771.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049772.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Virtumod.1615;Deleted.;
A0049773.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049774.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049776.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049777.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Virtumod.1615;Deleted.;
A0049778.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049779.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Virtumod.1615;Deleted.;
A0049780.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049782.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Virtumod.1615;Deleted.;
A0049783.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Virtumod.1615;Deleted.;
A0049789.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049790.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Virtumod.1615;Deleted.;
A0049793.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049794.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049795.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049799.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Virtumod.1615;Deleted.;
A0049800.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049801.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049802.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.DownLoad.12946;Deleted.;
A0049803.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049804.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049805.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.DownLoad.12946;Deleted.;
A0049806.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049807.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049808.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049809.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Virtumod.1615;Deleted.;
A0049811.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Virtumod.1615;Deleted.;
A0049812.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049813.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049814.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Juan.80;Deleted.;
A0049815.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Virtumod.1615;Deleted.;
A0049816.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Virtumod.1615;Deleted.;
A0049817.dll;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.Virtumod.1615;Deleted.;
A0049818.exe;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.DownLoad.33511;Deleted.;
A0049819.exe;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Trojan.DownLoad.33511;Deleted.;
A0049842.EXE;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Program.PsExec.170;;
A0049955.bat;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP689;Probably BATCH.Virus;;
A0050275.bat;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP691;Probably BATCH.Virus;;
A0050348.bat;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP691;Probably BATCH.Virus;;
A0050405.exe;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP692;Trojan.Packed.166;Deleted.;
A0050432.EXE;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP692;Program.PsExec.170;;
A0050473.bat;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP692;Probably BATCH.Virus;;
A0050505.exe;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP692;Trojan.Starter.384;Cured.;
A0050506.exe;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP692;Trojan.Starter.384;Cured.;
A0050507.exe;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP692;Trojan.Starter.384;Cured.;
A0050508.exe;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP692;Trojan.Starter.384;Cured.;
A0050509.exe;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP692;Trojan.Starter.384;Cured.;
A0050510.exe;C:\System Volume Information\_restore{1959EF69-2D6A-4513-B2C2-CE23D2609624}\RP692;Trojan.Starter.384;Cured.;
hasikifi.dll;C:\WINDOWS\system32;Trojan.Siggen.568;Deleted.;
laresehe.dll;C:\WINDOWS\system32;Trojan.Siggen.568;Deleted.;
qgcrn1j0er4p.exe2060360908;C:\WINDOWS\system32;Trojan.Packed.166;Deleted.;
qgcrn1j0er4p.exe2376809316;C:\WINDOWS\system32;Trojan.Packed.166;Deleted.;
qgcrn1j0er4p.exe3868428987;C:\WINDOWS\system32;Trojan.Packed.166;Deleted.;
sefesufa.dll;C:\WINDOWS\system32;Trojan.Siggen.568;Deleted.;
sisanuza.dll;C:\WINDOWS\system32;Trojan.Siggen.568;Deleted.;
tuwineya.dll;C:\WINDOWS\system32;Trojan.Siggen.568;Deleted.;
vuzinefi.dll;C:\WINDOWS\system32;Trojan.Siggen.568;Deleted.;
yapuzoke.dll;C:\WINDOWS\system32;Trojan.Siggen.568;Deleted.;
yufiweru.dll;C:\WINDOWS\system32;Trojan.Siggen.568;Deleted.;
zirofija.dll;C:\WINDOWS\system32;Trojan.Siggen.568;Deleted.;
bojilale.dll;C:\_OTListIt\MovedFiles\04262009_004921\WINDOWS\system32;Trojan.Juan.80;Deleted.;
bolijida.dll;C:\_OTListIt\MovedFiles\04262009_004921\WINDOWS\system32;Trojan.Juan.80;Deleted.;
hqkprx.dll;C:\_OTListIt\MovedFiles\04262009_004921\WINDOWS\system32;Trojan.Juan.80;Deleted.;
rrsgzj.dll;C:\_OTListIt\MovedFiles\04262009_004921\WINDOWS\system32;Trojan.Juan.80;Deleted.;
tetopamu.dll;C:\_OTListIt\MovedFiles\04262009_004921\WINDOWS\system32;Trojan.Juan.80;Deleted.;
toyigeru.dll;C:\_OTListIt\MovedFiles\04262009_004921\WINDOWS\system32;Trojan.Virtumod.1615;Deleted.;
yiyavewe.dll;C:\_OTListIt\MovedFiles\04262009_004921\WINDOWS\system32;Trojan.Virtumod.1615;Deleted.;

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:46 PM

Posted 29 April 2009 - 02:03 PM

Well done! :thumbup2:

Please update and run a new scan with Malwarebytes.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:46 PM

Posted 24 May 2009 - 10:47 AM

Unfortunately there has been no response. :thumbup2:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users