Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit?? and Total Security 2009 infection


  • Please log in to reply
10 replies to this topic

#1 RShea

RShea

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 23 September 2009 - 12:57 PM

Have a infected computer running Windows XP Media Center. It was infected with Windows Police Pro and Total Security 2009. The system will not allow regedit, task manager (some of the time), any of the popular utilities like MalwareBytes Anti-Malware, HiJack This, any of the virus scanners, etc.

I have tried the following as last resort. Boot with UBCD4Win and go in and deleted all files created the last few days. I now can boot without the Total Security popping up and then it will boot in either safe mode or regular and fail to run.

laptop that was infected with
Windows Police Pro and others- could not run any programs that are virus or
cleaning related, could not get into task manager, could not run regedit or
other items. Well I made some progress and got the Windows Police Pro off,
but the Total Security 2009 is one tough one to get off... Nothing has
touched it and I think it is a new mutation from what I have been reading
about. There is not TSC folder in the program files - just the folder under
the All Users\Application Data\ folders and the system32 still spawns the
same files mainly a few exe files braviax.exe and Cru629 are the 2 main
ones that either will not be removed or spawn again on reboot, with some
dat and other files that are easily deleted.

The task manager when I can get into it shows nothing running out of the
ordinary, a bunch of svchosts entries and all listed are strictly
Microsoft- so it could be hiding somewhere in those files or just a rootkit
that is not showing at all. Also got into precexp.exe on this machine and
it shows clean listings too. But there are still the infections balloons
popping up in the task bar, as well as from time to time the Total Security
ransomware scan launching and even reinfection of Windows Police Pro.

Kaspersky Boot CD starts updates, starts to run then the system shuts down
part way through the scan, not sure if the infection is doing this (I read
others have had the systems power down.) First time I thought it was the
power or battery, but it was not.

Can some of the time get into msconfig and disable all start-up items but
they then come back under the same names usually.

Closest I come to getting a clean system is when I go in under dos and
delete any and all recent files created in the root folder, and folders
with new dates in the root, under Windows folder as well as the
Windows\system32 folders.

So at this point I want to figure this Total Security 2009 out and get to
the bottom of it.

MSConfig does run and it shows Rundll32.exe entries for kugeyugu.dll as one of them and the other is C:\Windows\system32\lazahuji.dll

Still no go on the regedit, most all the normal tools- malwarebytes, etc.

Procexp shows up clean still.

Any ideas on this?

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:55 AM

Posted 23 September 2009 - 11:14 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 emopants92

emopants92

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:55 AM

Posted 24 September 2009 - 01:16 AM

i am in the same boat i really need help i tried getting rid of total security tutorial removal in the malware forum but alas no luck. I cant even go into a browser and get to a website (IE, firefox, safari,etc) i am using the browser in winamp and the malware doesnt seem to be able to redirect pages in it. So any help would be good

#4 RShea

RShea
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 24 September 2009 - 02:24 PM

I have gotten the trial version of PCTools Spyware Doctor to run. I had it so the Total Security would not come up, but that did not last long. It is back and still can't do a number of things including provide any HiJackThis logs (I may try and scan it with the UBCD4Win booting and see if I can see any items there. I attempted to use Killbox to get rid of the 2 dll files and it rebooted coming back up with Total Security and the desktop warning that you are Infected....

I read through a number of threads on here about others that have no access to any exe programs, and noticed a few new tools that Random and a few others may have written. I can't provide scans with Malwarebytes, HiJackThis, ComboFix, and a number of other regular go to tools.

I have years of PC experience and this ranks right up there with the hardest of malware/viruses to rid. Thanks Orange Blossom for the referral to the I am infected section, I am sure we will all learn something on this, or I would just reformat and relaod the system.

Edited by RShea, 24 September 2009 - 02:30 PM.


#5 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:55 AM

Posted 25 September 2009 - 03:04 PM

@emopants92

Please start your own topic to avoid confusion

@ RShea:


Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report for me to review.
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 RShea

RShea
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 25 September 2009 - 04:02 PM

I will report that I have the utility already and the response from the system with Total Security infected is a cmd box opening and immediately closing and then the task bar diaglog box pops up a
red X with:
Warning! Application cannot be executed. The file Win32kDiag is infected. Please activate your antivirus software.

(This same thing pops up about 20 times with various exe files. So this infection is causing this- as some of the files are copied from a clean PC, onto a flash drive that is then write protected. If I attempt to run the same download from the flash same exact dialog box pops up from the E: drive removable storage.

I can get into msconfig and see start up items, but not any .exe, .pif and .com files (even after being renamed to .com or other tricks will work or run at all.)

Next step for suggestions- safe mode or something else?

Edited by RShea, 25 September 2009 - 04:18 PM.


#7 RShea

RShea
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 25 September 2009 - 05:17 PM

WIn32kdiag will start to run in safe mode, but the log is not created because it gets to the regedit and reports Cannot access C:\Windows\Regedit.com and sits there forever in the cmd prompt box. I will try a few more things in safe mode if nothing is suggested otherwise.

#8 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:55 AM

Posted 26 September 2009 - 04:27 PM

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#9 RShea

RShea
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 28 September 2009 - 11:29 PM

I basically could not do much at all in either safe mode and every time I boot into regular Windows. I removed the drive and scanned it attached to another PC and removed a few files (I have the report of infections from that scan- please tell me if you would like this report - Kaspersky online scanner was used.)

I then could boot again into safe mode and got the Win32kdiag.txt files and the dss logs. Here are these as stated in safe mode boot only.

Win32kdiag.txt - until the regedit.com error came up:
Running from: C:\Documents and Settings\Geoffrey\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Geoffrey\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP113.tmp\ZAP113.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15A.tmp\ZAP15A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1B.tmp\ZAP1B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22.tmp\ZAP22.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP236.tmp\ZAP236.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9A.tmp\ZAP9A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\REGEDIT.COM


And now the dds log file- again in safe mode:

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Geoffrey at 0:03:28.93 on Tue 09/29/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.129 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
svchost
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Geoffrey\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com
BHO: {3111345c-2f0d-451b-b2c0-1fbbfa5223c5} - yefapuza.dll
BHO: {43d35aef-9048-4664-998f-be7ffdf81f5f} - volosejo.dll
BHO: {b314aff7-9410-43f9-80a2-f496277a2c4d} - livulene.dll
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [13613284] c:\documents and settings\all users\application data\13613284\13613284.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [kowevemudu] Rundll32.exe "yuhasifo.dll",s
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Advanced Virus Remover] c:\program files\advancedvirusremover\PAVRM.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {6d9c7c57-1c95-4347-908b-3acc0c6abfc7} - No File
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = himu.dll firedobo.dll rumenite.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-24 206256]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-24 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-24 1097096]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-11-21 69692]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-1-25 200576]
S4 AntipPolice_;AntiPol;c:\windows\svchast.exe --> c:\windows\svchast.exe [?]
S4 AppMSVC;Application Mobile Service;"c:\windows\system32\mui\apisvc.exe" --> c:\windows\system32\mui\apisvc.exe [?]
S4 HZOBW;HZOBW;c:\docume~1\geoffrey\locals~1\temp\hzobw.exe --> c:\docume~1\geoffrey\locals~1\temp\HZOBW.exe [?]
S4 MioNet;MioNet;c:\program files\mionet\MioNetManager.exe [2007-10-10 139264]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-11-22 1174152]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]

=============== Created Last 30 ================

2009-09-24 16:04 2,206 a------- c:\windows\system32\wpa.dbl
2009-09-24 14:50 <DIR> a-d----- C:\!Submit
2009-09-24 14:00 <DIR> --d----- C:\VundoFix Backups
2009-09-24 13:44 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-24 13:44 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-24 13:44 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-24 13:44 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-24 13:44 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-24 13:44 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-24 13:43 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-24 13:43 <DIR> --d----- c:\docume~1\geoffrey\applic~1\PC Tools
2009-09-24 13:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-23 13:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\13613284
2009-09-22 15:57 <DIR> --d----- c:\windows\ERUNT
2009-09-22 15:51 58 a------- c:\windows\ppp4.dat
2009-09-22 15:51 2 a------- c:\windows\ppp3.dat
2009-09-22 15:51 <DIR> --d----- C:\SDFix
2009-09-19 14:00 13,642 a------- c:\docume~1\alluse~1\applic~1\cuga.bin
2009-09-19 14:00 14,742 a------- c:\program files\common files\febuhyjew.reg
2009-09-19 13:53 <DIR> --d----- c:\docume~1\geoffrey\applic~1\Malwarebytes
2009-09-19 13:53 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 13:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-19 13:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 13:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-19 13:44 <DIR> --d----- c:\program files\Trend Micro
2009-09-19 13:37 <DIR> --d----- C:\Tools
2009-09-19 10:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-09-17 21:16 36 a------- c:\windows\system32\sysnet.dat
2009-09-17 21:16 91 a------- c:\windows\system32\sonhelp.htm
2009-09-06 13:16 <DIR> --d----- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2009-09-28 12:24 52,736 a--sh--- c:\windows\system32\kanolalo.dll
2009-09-28 12:23 36,864 a--sh--- c:\windows\system32\jumidani.dll
2009-09-28 11:23 36,864 a--sh--- c:\windows\system32\sopejuwi.dll
2009-09-25 16:54 50,176 a--sh--- c:\windows\system32\jurunute.dll
2009-09-25 16:54 1,082,916 a--sh--- c:\windows\system32\payiziha.exe
2009-09-25 16:53 91,136 a--sh--- c:\windows\system32\wevozobo.dll
2009-09-25 16:53 44,970 a--sh--- c:\windows\system32\nazehupo.exe
2009-09-25 16:53 39,424 a--sh--- c:\windows\system32\fevahiva.dll
2009-09-24 16:03 91,648 a--sh--- c:\windows\system32\jideraye.dll
2009-09-24 16:03 39,424 a--sh--- c:\windows\system32\dukotibe.dll
2009-09-24 15:31 1,081,892 a--sh--- c:\windows\system32\fabisike.exe
2009-09-24 15:31 91,648 a--sh--- c:\windows\system32\mohoyodi.dll
2009-09-24 15:31 39,424 a--sh--- c:\windows\system32\liwadefi.dll
2009-09-24 15:26 1,081,892 a--sh--- c:\windows\system32\fomekinu.exe
2009-09-24 15:26 91,648 a--sh--- c:\windows\system32\risoyaza.dll
2009-09-24 15:26 39,424 a--sh--- c:\windows\system32\nipiluti.dll
2009-09-24 15:21 53,248 a--sh--- c:\windows\system32\yuzepijo.dll
2009-09-24 15:20 91,648 a--sh--- c:\windows\system32\rahurite.dll
2009-09-24 15:20 39,424 a--sh--- c:\windows\system32\hemokelu.dll
2009-09-24 14:21 1,081,892 a--sh--- c:\windows\system32\yemibumi.exe
2009-09-24 14:21 91,648 a--sh--- c:\windows\system32\gotehuye.dll
2009-09-24 14:21 39,424 a--sh--- c:\windows\system32\kefafoli.dll
2009-09-23 13:18 52,224 a--sh--- c:\windows\system32\nehamubu.dll
2009-09-23 13:18 1,081,892 a--sh--- c:\windows\system32\wesokaru.exe
2009-09-23 13:18 39,424 a--sh--- c:\windows\system32\pihenedo.dll
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll

============= FINISH: 0:03:46.21 ===============


I have the attach.txt which instructs to not post the info but send it as a zipped attachment. Advise if you need that.

#10 RShea

RShea
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 29 September 2009 - 01:19 AM

I attempted to try the OTL as posted in response of the 26th. It would not copy to the desktop even in safe mode. I suspected it was failing to run at all right now on this computer. Attempted it from a removable drive and it failed from there also. In regular mode it reports Error Copying File or Folder Cannot copy OTL: The file or directory is corrupted and unreadable.

If I run from the removable drive it or safe mode reports OTL.exe is not a valid Win32 application. So I redownlaoded it again on another PC to flash drive and got it copied over here is the log in safe mode again. Regular mode must be infecting this and corrupting. First time I ran it I did not see the scan all users instruction moving between the 2 systems so I ran it a second time (but looks like Spyware Doctor was running):

OTL logfile created on: 9/29/2009 1:58:12 AM - Run 2
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Geoffrey\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.23 Mb Total Physical Memory | 64.98 Mb Available Physical Memory | 14.56% Memory free
1.03 Gb Paging File | 0.66 Gb Available in Paging File | 63.80% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 49.63 Gb Free Space | 66.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 61.97 Mb Total Space | 46.44 Mb Free Space | 74.93% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SALLY
Current User Name: Geoffrey
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/07/22 22:44:50 | 01,181,064 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2004/08/10 15:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2009/09/29 01:50:32 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Geoffrey\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (AntipPolice_ [Disabled | Stopped])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
SRV - File not found -- -- (AppMSVC [Disabled | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/04/28 22:31:40 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Disabled | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Stopped])
SRV - [2005/08/06 00:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/10 15:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - File not found -- -- (HZOBW [Disabled | Stopped])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2005/08/06 00:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Stopped])
SRV - [2004/08/10 15:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/10/10 13:45:48 | 00,139,264 | R--- | M] () -- C:\Program Files\MioNet\MioNetManager.exe -- (MioNet [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/10/13 08:35:12 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwwks.dll -- (NWCWorkstation [Auto | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2007/07/24 21:18:47 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Disabled | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Disabled | Stopped])
SRV - [2005/02/18 01:51:22 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe -- (wltrysvc [Disabled | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/11/22 20:16:45 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Stopped])
DRV - [2004/08/10 15:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2004/08/03 19:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2004/05/08 11:21:44 | 00,035,840 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Stopped])
DRV - [2004/08/10 15:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2004/08/10 15:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2005/04/28 22:37:50 | 01,132,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2005/02/11 22:46:22 | 00,371,712 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2005/04/20 07:45:48 | 00,038,016 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Stopped])
DRV - [2005/04/20 07:46:42 | 00,350,080 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Stopped])
DRV - [2004/08/10 15:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2004/08/10 15:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2007/08/14 04:00:00 | 00,395,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Stopped])
DRV - [2001/08/17 08:10:58 | 00,069,692 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el575nd5.sys -- (el575nd5 [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/01/25 15:26:32 | 00,200,576 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys -- (HSFHWATI [On_Demand | Stopped])
DRV - [2005/01/25 15:27:14 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Stopped])
DRV - [2006/03/28 18:56:06 | 00,027,008 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Stopped])
DRV - [2006/03/28 18:55:58 | 00,069,760 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
DRV - [2004/03/17 12:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Stopped])
DRV - [2004/08/10 15:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2004/08/10 15:00:00 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Stopped])
DRV - [2004/08/10 15:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Stopped])
DRV - [2004/08/10 15:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Stopped])
DRV - [2006/10/13 06:23:15 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwrdr.sys -- (NWRDR [On_Demand | Stopped])
DRV - [2009/08/24 14:05:06 | 00,206,256 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2004/08/10 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/10 15:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2004/08/10 15:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2004/08/10 15:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2006/06/30 16:10:56 | 00,026,752 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
DRV - [2004/08/10 15:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/03 19:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2004/08/10 15:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2004/08/10 15:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2004/08/10 15:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2006/11/22 18:43:41 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Stopped])
DRV - [2004/08/10 15:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2004/08/10 15:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2004/10/08 15:33:46 | 00,185,824 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2005/09/21 00:30:56 | 00,162,432 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Stopped])
DRV - [2004/08/10 15:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/01/25 15:26:28 | 00,703,616 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])
DRV - [2005/04/18 08:26:00 | 00,230,912 | ---- | M] (Marvell) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3376016157-2784447087-3412551159-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3376016157-2784447087-3412551159-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3376016157-2784447087-3412551159-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3376016157-2784447087-3412551159-1006\S-1-5-21-3376016157-2784447087-3412551159-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.sru.edu/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07051001
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 08:58:47 | 00,000,000 | ---D | M]

[2008/12/21 16:29:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geoffrey\Application Data\mozilla\Extensions
[2008/12/21 16:29:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geoffrey\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/03 15:29:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geoffrey\Application Data\mozilla\Firefox\Profiles\l9ux1e4t.default\extensions
[2009/09/03 15:29:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geoffrey\Application Data\mozilla\Firefox\Profiles\l9ux1e4t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/12/21 16:29:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geoffrey\Application Data\mozilla\Firefox\Profiles\l9ux1e4t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2007/05/27 13:56:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geoffrey\Application Data\mozilla\Firefox\Profiles\l9ux1e4t.default\extensions\moveplayer@movenetworks.com
[2009/09/04 11:40:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/05/22 11:14:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2008/01/29 13:07:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2006/09/03 13:12:48 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2007/04/22 20:03:13 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/01/09 13:03:02 | 00,658,056 | ---- | M] (Move Networks) -- C:\Program Files\mozilla firefox\plugins\npmnqmp07010901.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/07/29 22:21:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/29 22:21:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/29 22:21:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/29 22:21:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/29 22:21:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/29 22:21:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/29 22:21:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2007/05/16 08:22:00 | 00,151,300 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0e25aae7-7bf8-49a4-8155-89e97567b384} - C:\WINDOWS\System32\rumenite.dll ()
O2 - BHO: (no name) - {3111345c-2f0d-451b-b2c0-1fbbfa5223c5} - File not found
O2 - BHO: (no name) - {43d35aef-9048-4664-998f-be7ffdf81f5f} - File not found
O2 - BHO: (no name) - {b314aff7-9410-43f9-80a2-f496277a2c4d} - C:\WINDOWS\System32\livulene.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3376016157-2784447087-3412551159-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [13613284] C:\Documents and Settings\All Users\Application Data\13613284\13613284.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [kowevemudu] C:\WINDOWS\System32\firedobo.DLL ()
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe File not found
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3376016157-2784447087-3412551159-1006..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3376016157-2784447087-3412551159-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3376016157-2784447087-3412551159-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3376016157-2784447087-3412551159-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-21-3376016157-2784447087-3412551159-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-21-3376016157-2784447087-3412551159-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-3376016157-2784447087-3412551159-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-21-3376016157-2784447087-3412551159-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-3376016157-2784447087-3412551159-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3376016157-2784447087-3412551159-1006\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O22 - SharedTaskScheduler: {6d9c7c57-1c95-4347-908b-3acc0c6abfc7} - tokatiluy - Reg Error: Key error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/23 05:00:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{13909c52-dcb2-11dc-98a6-0014a593e6fb}\Shell\AutoRun\command - "" = wd_windows_tools\WDEULA.exe
O33 - MountPoints2\{3a036230-dcd4-11dc-98ab-0014a593e6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{3a036230-dcd4-11dc-98ab-0014a593e6fb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3a036230-dcd4-11dc-98ab-0014a593e6fb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[38 C:\*.tmp files]
[2009/09/29 01:51:22 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Geoffrey\Desktop\OTL.exe
[2009/09/24 16:04:00 | 00,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/24 14:50:13 | 00,000,000 | ---D | C] -- C:\!Submit
[2009/09/24 14:49:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Geoffrey\Desktop\KillBox
[2009/09/24 14:01:42 | 00,001,638 | ---- | C] () -- C:\Documents and Settings\Geoffrey\Desktop\HijackThis.lnk
[2009/09/24 14:00:36 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/09/24 13:56:21 | 00,037,084 | ---- | C] () -- C:\Documents and Settings\Geoffrey\Desktop\KillBox.zip
[2009/09/24 13:44:34 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/09/24 13:44:22 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/09/24 13:44:22 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/09/24 13:44:22 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/09/24 13:44:09 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/09/24 13:44:06 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/09/24 13:44:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/09/24 13:43:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/09/24 13:43:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Geoffrey\Application Data\PC Tools
[2009/09/24 13:43:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/09/24 13:43:56 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/09/24 13:43:56 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/09/24 13:43:54 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/09/24 13:43:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/24 13:38:17 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/09/24 13:25:43 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Geoffrey\Desktop\avenger.zip
[2009/09/24 13:25:43 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Geoffrey\Desktop\Win32kDiag.exe
[2009/09/24 13:25:26 | 00,000,000 | ---D | C] -- C:\rsit
[2009/09/24 13:25:13 | 26,709,200 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Geoffrey\Desktop\sdsetup_aff.exe
[2009/09/24 13:25:07 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Geoffrey\Desktop\RSIT.exe
[2009/09/24 13:24:59 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Geoffrey\Desktop\dds.scr
[2009/09/24 13:24:59 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Geoffrey\Desktop\dds.pif
[2009/09/24 13:24:59 | 00,085,504 | ---- | C] () -- C:\Documents and Settings\Geoffrey\Desktop\Inherit.exe
[2009/09/24 13:24:59 | 00,046,375 | ---- | C] () -- C:\Documents and Settings\Geoffrey\Desktop\Junction.zip
[2009/09/23 13:18:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\13613284
[2009/09/23 00:28:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/09/22 16:53:23 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Geoffrey\Desktop\HijackThis2.lnk
[2009/09/22 15:57:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/09/22 15:51:46 | 00,000,058 | ---- | C] () -- C:\WINDOWS\ppp4.dat
[2009/09/22 15:51:46 | 00,000,002 | ---- | C] () -- C:\WINDOWS\ppp3.dat
[2009/09/22 15:51:37 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/09/22 15:48:38 | 03,550,592 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Geoffrey\Desktop\procexp.exe
[2009/09/22 15:45:30 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Geoffrey\Desktop\SDFix.exe
[2009/09/22 15:07:05 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Geoffrey\Desktop\Hj32.lnk
[2009/09/22 14:00:46 | 00,000,109 | ---- | C] () -- C:\Documents and Settings\Geoffrey\Desktop\fixtm.reg
[2009/09/22 14:00:46 | 00,000,075 | ---- | C] () -- C:\Documents and Settings\Geoffrey\Desktop\FixExe.reg
[2009/09/22 13:38:50 | 03,012,948 | ---- | C] () -- C:\Documents and Settings\Geoffrey\Desktop\ComboFix.com.exe
[2009/09/19 14:01:50 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/19 14:00:48 | 00,013,642 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cuga.bin
[2009/09/19 14:00:47 | 00,014,742 | ---- | C] () -- C:\Program Files\Common Files\febuhyjew.reg
[2009/09/19 13:53:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Geoffrey\Application Data\Malwarebytes
[2009/09/19 13:53:20 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/19 13:53:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/19 13:53:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/19 13:53:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/19 13:53:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/19 13:44:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/19 13:37:41 | 00,000,000 | ---D | C] -- C:\Tools
[2009/09/19 10:08:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/09/17 21:16:56 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\sysnet.dat
[2009/09/17 21:16:49 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/09/13 20:49:33 | 00,067,742 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\lena_headey_06.jpg
[2009/09/12 17:19:09 | 00,062,510 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\9.jpg
[2009/09/12 17:18:56 | 00,060,874 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\8.jpg
[2009/09/12 17:18:44 | 00,061,323 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\7.jpg
[2009/09/12 17:18:32 | 00,061,682 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\6.jpg
[2009/09/12 17:18:20 | 00,060,520 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\5.jpg
[2009/09/12 17:18:08 | 00,065,214 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\4.jpg
[2009/09/12 17:17:55 | 00,057,991 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\3.jpg
[2009/09/12 17:17:42 | 00,065,267 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\2.jpg
[2009/09/12 17:16:36 | 00,062,360 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\1.jpg
[2009/09/12 17:16:21 | 00,165,230 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\05.jpg
[2009/09/12 17:15:50 | 00,028,560 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina.jpg
[2009/09/12 17:15:36 | 00,026,298 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (9).jpg
[2009/09/12 17:15:17 | 00,023,391 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (8).jpg
[2009/09/12 17:14:55 | 00,026,206 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (7).jpg
[2009/09/12 17:14:40 | 00,025,915 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (6).jpg
[2009/09/12 17:14:25 | 00,027,882 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (5).jpg
[2009/09/12 17:14:12 | 00,025,300 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (4).jpg
[2009/09/12 17:13:52 | 00,133,287 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (3).jpg
[2009/09/12 17:13:36 | 00,030,968 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (26).jpg
[2009/09/12 17:13:23 | 00,029,064 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (25).jpg
[2009/09/12 17:12:56 | 00,026,975 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (24).jpg
[2009/09/12 17:12:21 | 00,037,430 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (23).jpg
[2009/09/12 17:12:07 | 00,039,443 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (22).jpg
[2009/09/12 17:11:47 | 00,032,912 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (21).jpg
[2009/09/12 17:11:19 | 00,031,698 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (20).jpg
[2009/09/12 17:11:00 | 00,026,799 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (2).jpg
[2009/09/12 17:10:28 | 00,029,678 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (19).jpg
[2009/09/12 17:10:09 | 00,016,827 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (18).jpg
[2009/09/12 17:09:54 | 00,018,917 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (17).jpg
[2009/09/12 17:09:35 | 00,022,160 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (16).jpg
[2009/09/12 17:09:09 | 00,021,762 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (15).jpg
[2009/09/12 17:08:49 | 00,021,983 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (14).jpg
[2009/09/12 17:08:33 | 00,019,255 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (13).jpg
[2009/09/12 17:08:06 | 00,037,598 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (12).jpg
[2009/09/12 17:07:47 | 00,027,549 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (11).jpg
[2009/09/12 17:07:03 | 00,030,414 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina%20(10).jpg
[2009/09/12 17:06:35 | 00,174,557 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina%20(1)[1].JPG
[2009/09/06 15:48:28 | 00,212,936 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Bring Me To Life.zip
[2009/09/06 15:48:28 | 00,058,162 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\Ever and a Raven.zip
[2009/09/06 15:48:28 | 00,034,488 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\A Rose by Any Other Name.zip
[2009/09/03 09:10:51 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\hp fics.doc
[2009/09/01 17:51:37 | 01,839,856 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\alouette.mp3
[2009/09/01 17:44:03 | 00,045,210 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\abcfr.mp3
[2009/09/01 17:39:24 | 00,147,201 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\jacques.mp3
[2009/09/01 17:39:14 | 00,552,022 | ---- | C] () -- C:\Documents and Settings\Geoffrey\My Documents\frere_jacques_moc.mp3
[2009/06/28 12:24:23 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\yuhasifo.dll
[2009/06/28 12:24:23 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\rumenite.dll
[2009/06/28 12:24:23 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\livulene.dll
[2009/06/28 12:23:50 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\kanolalo.dll
[2009/06/28 12:23:50 | 00,036,864 | -HS- | C] () -- C:\WINDOWS\System32\jumidani.dll
[2009/06/28 11:23:27 | 00,044,032 | -HS- | C] () -- C:\WINDOWS\System32\yefajamu.dll
[2009/06/28 11:23:27 | 00,036,864 | -HS- | C] () -- C:\WINDOWS\System32\sopejuwi.dll
[2009/06/28 11:23:27 | 00,034,816 | -HS- | C] () -- C:\WINDOWS\System32\howenuze.dll
[2009/06/25 16:54:32 | 00,050,176 | -HS- | C] () -- C:\WINDOWS\System32\firedobo.dll
[2009/06/25 16:53:58 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\wevozobo.dll
[2009/06/25 16:53:58 | 00,050,176 | -HS- | C] () -- C:\WINDOWS\System32\jurunute.dll
[2009/06/25 16:53:58 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fevahiva.dll
[2009/06/24 16:03:00 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\jideraye.dll
[2009/06/24 16:03:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\dukotibe.dll
[2009/06/24 15:31:23 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\mohoyodi.dll
[2009/06/24 15:31:23 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\liwadefi.dll
[2009/06/24 15:26:47 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\risoyaza.dll
[2009/06/24 15:26:47 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\nipiluti.dll
[2009/06/24 15:20:44 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\rahurite.dll
[2009/06/24 15:20:44 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\hemokelu.dll
[2009/06/24 15:20:43 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\yuzepijo.dll
[2009/06/24 14:21:07 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\gotehuye.dll
[2009/06/24 14:21:07 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kefafoli.dll
[2009/06/23 13:18:53 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\vakuhimu.dll
[2009/06/23 13:18:53 | 00,052,224 | ---- | C] () -- C:\WINDOWS\System32\kugeyugu.dll
[2009/06/23 13:18:19 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\nehamubu.dll
[2009/06/23 13:18:19 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\pihenedo.dll
[2009/06/22 15:20:51 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\damorume.dll
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/05 01:01:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\UNIVMGR.INI
[2007/11/25 10:16:32 | 00,000,294 | -HS- | C] () -- C:\WINDOWS\System32\cftqjaht.ini
[2007/11/24 23:07:41 | 00,000,294 | -HS- | C] () -- C:\WINDOWS\System32\iavimluf.ini
[2007/11/24 20:23:51 | 00,847,178 | -HS- | C] () -- C:\WINDOWS\System32\vwhydnep.ini
[2007/11/24 01:46:11 | 00,000,534 | -HS- | C] () -- C:\WINDOWS\System32\efwejytm.ini
[2007/11/23 21:11:23 | 00,775,852 | -HS- | C] () -- C:\WINDOWS\System32\jeponsbv.ini
[2007/11/23 20:40:10 | 00,864,881 | -HS- | C] () -- C:\WINDOWS\System32\rbwlpoyb.ini
[2007/11/12 15:40:02 | 00,374,187 | -HS- | C] () -- C:\WINDOWS\System32\heaftrrq.ini
[2007/11/11 15:42:43 | 00,364,152 | -HS- | C] () -- C:\WINDOWS\System32\hnohhrfr.ini
[2007/11/11 12:57:19 | 00,364,092 | -HS- | C] () -- C:\WINDOWS\System32\ylubbuwm.ini
[2007/11/11 00:51:14 | 00,363,972 | -HS- | C] () -- C:\WINDOWS\System32\ptupqykd.ini
[2007/11/10 14:43:25 | 00,363,852 | -HS- | C] () -- C:\WINDOWS\System32\bptrgxfi.ini
[2007/11/09 21:56:30 | 00,363,732 | -HS- | C] () -- C:\WINDOWS\System32\okrqnvfo.ini
[2007/11/08 21:46:33 | 00,379,322 | -HS- | C] () -- C:\WINDOWS\System32\twsawohh.ini
[2007/11/08 20:46:33 | 00,376,275 | -HS- | C] () -- C:\WINDOWS\System32\pijiylnc.ini
[2007/11/07 20:45:59 | 00,376,215 | -HS- | C] () -- C:\WINDOWS\System32\efnrllrr.ini
[2007/11/06 20:51:57 | 00,380,841 | -HS- | C] () -- C:\WINDOWS\System32\umdxlsxa.ini
[2007/11/05 20:50:37 | 00,392,204 | -HS- | C] () -- C:\WINDOWS\System32\gdbrnblq.ini
[2007/11/04 20:45:37 | 00,442,658 | -HS- | C] () -- C:\WINDOWS\System32\luhrfhdf.ini
[2007/11/04 12:22:56 | 00,399,740 | -HS- | C] () -- C:\WINDOWS\System32\kkphslhm.ini
[2007/11/03 19:05:32 | 00,399,620 | -HS- | C] () -- C:\WINDOWS\System32\chltksjm.ini
[2007/11/02 19:02:30 | 00,399,500 | -HS- | C] () -- C:\WINDOWS\System32\bbmqqaxg.ini
[2007/11/01 17:40:59 | 00,424,571 | -HS- | C] () -- C:\WINDOWS\System32\bocbjdrp.ini
[2007/10/31 17:43:57 | 00,577,027 | -HS- | C] () -- C:\WINDOWS\System32\wevfouht.ini
[2007/10/30 17:41:01 | 00,751,123 | -HS- | C] () -- C:\WINDOWS\System32\ccgdaknt.ini
[2007/10/29 17:43:49 | 00,506,474 | -HS- | C] () -- C:\WINDOWS\System32\ahqydqog.ini
[2007/10/28 17:41:02 | 00,506,414 | -HS- | C] () -- C:\WINDOWS\System32\kllmlkui.ini
[2007/10/27 17:40:51 | 00,483,942 | -HS- | C] () -- C:\WINDOWS\System32\kfrhvrpb.ini
[2007/10/26 17:43:50 | 00,479,114 | -HS- | C] () -- C:\WINDOWS\System32\epqvnikw.ini
[2007/10/25 17:41:00 | 00,479,114 | -HS- | C] () -- C:\WINDOWS\System32\weihuose.ini
[2007/10/23 08:46:20 | 00,230,712 | -HS- | C] () -- C:\WINDOWS\System32\ytkvrabn.ini
[2007/10/22 08:49:19 | 00,694,621 | -HS- | C] () -- C:\WINDOWS\System32\druoiqtj.ini
[2007/10/21 08:46:19 | 00,694,552 | -HS- | C] () -- C:\WINDOWS\System32\wydbhptt.ini
[2007/10/20 08:55:18 | 00,694,501 | -HS- | C] () -- C:\WINDOWS\System32\prhwldnq.ini
[2007/10/19 08:49:16 | 00,694,441 | -HS- | C] () -- C:\WINDOWS\System32\ixwuxvbn.ini
[2007/10/18 08:52:16 | 00,694,381 | -HS- | C] () -- C:\WINDOWS\System32\otkbitaf.ini
[2007/10/17 08:55:15 | 00,694,321 | -HS- | C] () -- C:\WINDOWS\System32\ndgriwdh.ini
[2007/10/16 08:51:11 | 00,694,261 | -HS- | C] () -- C:\WINDOWS\System32\fyncxvde.ini
[2007/10/15 08:48:10 | 00,694,192 | -HS- | C] () -- C:\WINDOWS\System32\fukoigdc.ini
[2007/10/14 14:15:07 | 00,694,141 | -HS- | C] () -- C:\WINDOWS\System32\kqssqclu.ini
[2007/10/14 09:45:19 | 00,694,021 | -HS- | C] () -- C:\WINDOWS\System32\xawefeml.ini
[2007/10/13 09:45:15 | 00,693,901 | -HS- | C] () -- C:\WINDOWS\System32\awnkaxlb.ini
[2007/10/12 09:45:13 | 00,693,832 | -HS- | C] () -- C:\WINDOWS\System32\bcxmftpn.ini
[2007/10/11 09:46:10 | 00,693,781 | -HS- | C] () -- C:\WINDOWS\System32\wvocidym.ini
[2007/10/10 09:42:58 | 00,693,712 | -HS- | C] () -- C:\WINDOWS\System32\cvtalsip.ini
[2007/10/09 16:58:37 | 00,693,670 | -HS- | C] () -- C:\WINDOWS\System32\vcahxfeg.ini
[2007/10/08 16:52:37 | 00,693,541 | -HS- | C] () -- C:\WINDOWS\System32\rdjrgtqc.ini
[2007/10/08 16:07:37 | 00,693,481 | -HS- | C] () -- C:\WINDOWS\System32\ulhiojxw.ini
[2007/10/07 15:49:47 | 00,693,421 | -HS- | C] () -- C:\WINDOWS\System32\ftioclnc.ini
[2007/10/07 01:44:41 | 00,693,541 | -HS- | C] () -- C:\WINDOWS\System32\cbbrnwae.ini
[2007/10/06 01:41:41 | 00,693,472 | -HS- | C] () -- C:\WINDOWS\System32\jjedcuyd.ini
[2007/10/05 01:41:51 | 00,693,421 | -HS- | C] () -- C:\WINDOWS\System32\kqqyvfdi.ini
[2007/10/04 20:15:16 | 00,694,727 | -HS- | C] () -- C:\WINDOWS\System32\iwvwrhjm.ini
[2007/10/03 20:24:10 | 00,694,667 | -HS- | C] () -- C:\WINDOWS\System32\ngemlobk.ini
[2007/10/02 20:12:19 | 00,694,598 | -HS- | C] () -- C:\WINDOWS\System32\evtgcepm.ini
[2007/10/01 20:12:10 | 00,694,547 | -HS- | C] () -- C:\WINDOWS\System32\ybiawebx.ini
[2007/09/30 20:12:09 | 00,694,487 | -HS- | C] () -- C:\WINDOWS\System32\oemrhdwx.ini
[2007/09/29 20:51:56 | 00,694,418 | -HS- | C] () -- C:\WINDOWS\System32\babpuccj.ini
[2007/09/28 20:45:57 | 00,694,298 | -HS- | C] () -- C:\WINDOWS\System32\uvtcdhqt.ini
[2007/09/28 20:29:42 | 00,694,238 | -HS- | C] () -- C:\WINDOWS\System32\vivfwxyv.ini
[2007/09/28 20:13:24 | 00,694,118 | -HS- | C] () -- C:\WINDOWS\System32\gicidebw.ini
[2007/09/28 16:42:33 | 00,694,007 | -HS- | C] () -- C:\WINDOWS\System32\chmwfxlm.ini
[2007/09/27 16:38:38 | 00,693,878 | -HS- | C] () -- C:\WINDOWS\System32\cyoatgxf.ini
[2007/09/26 16:38:30 | 00,693,827 | -HS- | C] () -- C:\WINDOWS\System32\ugvrqbrr.ini
[2007/09/25 16:44:36 | 00,693,767 | -HS- | C] () -- C:\WINDOWS\System32\neijhgto.ini
[2007/09/24 16:44:33 | 00,693,698 | -HS- | C] () -- C:\WINDOWS\System32\bsvequuq.ini
[2007/09/23 16:44:28 | 00,693,647 | -HS- | C] () -- C:\WINDOWS\System32\mscssank.ini
[2007/09/22 16:32:30 | 00,693,587 | -HS- | C] () -- C:\WINDOWS\System32\nrbleosa.ini
[2007/09/22 15:38:29 | 00,693,518 | -HS- | C] () -- C:\WINDOWS\System32\ebmtomae.ini
[2007/09/21 15:41:29 | 00,693,467 | -HS- | C] () -- C:\WINDOWS\System32\msvljbfl.ini
[2007/09/20 15:44:43 | 00,693,407 | -HS- | C] () -- C:\WINDOWS\System32\diqvgtme.ini
[2007/09/19 15:45:08 | 00,693,484 | -HS- | C] () -- C:\WINDOWS\System32\qxjkdjco.ini
[2007/09/17 15:35:17 | 00,514,216 | -HS- | C] () -- C:\WINDOWS\System32\qjwfjrya.ini
[2007/09/17 08:58:57 | 00,514,148 | -HS- | C] () -- C:\WINDOWS\System32\ujsiwrlm.ini
[2007/09/16 08:55:48 | 00,514,028 | -HS- | C] () -- C:\WINDOWS\System32\rtwiisty.ini
[2007/09/15 08:38:26 | 00,513,968 | -HS- | C] () -- C:\WINDOWS\System32\fmyqdgec.ini
[2007/09/14 08:30:57 | 00,513,856 | -HS- | C] () -- C:\WINDOWS\System32\ignpdvic.ini
[2007/09/14 00:42:28 | 00,513,797 | -HS- | C] () -- C:\WINDOWS\System32\qayfdlbb.ini
[2007/09/13 00:39:34 | 00,513,668 | -HS- | C] () -- C:\WINDOWS\System32\xqvsrqbe.ini
[2007/09/12 00:42:41 | 00,513,617 | -HS- | C] () -- C:\WINDOWS\System32\rwcrmmvu.ini
[2007/09/11 00:42:35 | 00,513,565 | -HS- | C] () -- C:\WINDOWS\System32\xjmhdktc.ini
[2007/09/10 00:36:55 | 00,513,487 | -HS- | C] () -- C:\WINDOWS\System32\tyscwvsp.ini
[2007/09/09 00:39:19 | 00,513,457 | -HS- | C] () -- C:\WINDOWS\System32\choloktd.ini
[2007/09/08 00:39:21 | 00,513,386 | -HS- | C] () -- C:\WINDOWS\System32\gqhopuxk.ini
[2007/09/07 00:39:26 | 00,513,317 | -HS- | C] () -- C:\WINDOWS\System32\renjgwgf.ini
[2007/09/06 15:33:20 | 00,521,576 | -HS- | C] () -- C:\WINDOWS\System32\gmuovppl.ini
[2007/09/05 15:30:29 | 00,541,013 | -HS- | C] () -- C:\WINDOWS\System32\prclimgd.ini
[2007/09/04 15:30:18 | 00,605,201 | -HS- | C] () -- C:\WINDOWS\System32\nprissdk.ini
[2007/09/03 15:27:06 | 00,605,190 | -HS- | C] () -- C:\WINDOWS\System32\vxtkfdtw.ini
[2007/09/02 15:27:07 | 01,012,943 | -HS- | C] () -- C:\WINDOWS\System32\jsdoekmp.ini
[2007/09/01 15:24:06 | 01,012,883 | -HS- | C] () -- C:\WINDOWS\System32\vkiphekw.ini
[2007/08/31 08:24:08 | 01,038,178 | -HS- | C] () -- C:\WINDOWS\System32\hehjgyqr.ini
[2007/08/30 08:21:04 | 01,079,874 | -HS- | C] () -- C:\WINDOWS\System32\mxdyfppl.ini
[2007/08/28 17:10:57 | 01,025,337 | -HS- | C] () -- C:\WINDOWS\System32\qapkmlmv.ini
[2007/08/27 17:04:42 | 01,037,559 | -HS- | C] () -- C:\WINDOWS\System32\qvglkatb.ini
[2007/08/26 17:04:36 | 01,086,976 | -HS- | C] () -- C:\WINDOWS\System32\ywooegsj.ini
[2007/08/25 23:03:34 | 01,086,915 | -HS- | C] () -- C:\WINDOWS\System32\gcprkbwt.ini
[2007/08/24 23:03:33 | 01,086,796 | -HS- | C] () -- C:\WINDOWS\System32\dcoceene.ini
[2007/08/23 23:00:22 | 01,175,636 | -HS- | C] () -- C:\WINDOWS\System32\ngwtyqww.ini
[2007/08/22 19:17:58 | 01,209,420 | -HS- | C] () -- C:\WINDOWS\System32\njwajoli.ini
[2007/08/21 19:20:59 | 01,209,310 | -HS- | C] () -- C:\WINDOWS\System32\mvmhwfqe.ini
[2007/08/20 19:17:57 | 01,209,241 | -HS- | C] () -- C:\WINDOWS\System32\yjgirsia.ini
[2007/08/19 19:14:56 | 01,246,222 | -HS- | C] () -- C:\WINDOWS\System32\iujuveve.ini
[2007/08/19 06:02:28 | 01,245,442 | -HS- | C] () -- C:\WINDOWS\System32\xlrewyyw.ini
[2007/08/18 06:02:22 | 01,245,321 | -HS- | C] () -- C:\WINDOWS\System32\huordfwi.ini
[2007/08/17 05:59:22 | 01,245,271 | -HS- | C] () -- C:\WINDOWS\System32\whnpoyoq.ini
[2007/08/16 06:05:23 | 01,242,196 | -HS- | C] () -- C:\WINDOWS\System32\trvfaxrx.ini
[2007/08/15 19:01:43 | 01,242,125 | -HS- | C] () -- C:\WINDOWS\System32\bmdbptbm.ini
[2007/08/14 18:52:46 | 01,241,996 | -HS- | C] () -- C:\WINDOWS\System32\tflfyuyt.ini
[2007/08/13 18:55:46 | 00,000,345 | -HS- | C] () -- C:\WINDOWS\System32\txgsdtbc.ini
[2007/08/13 15:52:27 | 02,432,170 | -HS- | C] () -- C:\WINDOWS\System32\aaofhmwv.ini
[2007/08/12 15:45:26 | 01,225,141 | -HS- | C] () -- C:\WINDOWS\System32\jdxnpuom.ini
[2007/08/12 15:05:27 | 01,222,554 | -HS- | C] () -- C:\WINDOWS\System32\mfpprvta.ini
[2007/08/10 15:03:12 | 01,222,374 | -HS- | C] () -- C:\WINDOWS\System32\bsxhqjhp.ini
[2007/08/09 15:03:22 | 00,000,345 | -HS- | C] () -- C:\WINDOWS\System32\cbjbxufn.ini
[2007/08/07 20:41:43 | 00,000,345 | -HS- | C] () -- C:\WINDOWS\System32\rrpxhxfl.ini
[2007/08/07 16:45:04 | 04,117,747 | -HS- | C] () -- C:\WINDOWS\System32\trygbvqw.ini
[2007/08/06 20:22:24 | 04,084,983 | -HS- | C] () -- C:\WINDOWS\System32\vdahpcld.ini
[2007/08/05 20:19:26 | 04,086,218 | -HS- | C] () -- C:\WINDOWS\System32\vlcfomnx.ini
[2007/08/04 20:19:15 | 03,663,263 | -HS- | C] () -- C:\WINDOWS\System32\wivoxuuu.ini
[2007/08/02 20:22:30 | 03,664,343 | -HS- | C] () -- C:\WINDOWS\System32\tcsyifyw.ini
[2007/08/01 20:19:15 | 02,494,096 | -HS- | C] () -- C:\WINDOWS\System32\dtsdqixf.ini
[2007/07/31 18:13:30 | 02,499,161 | -HS- | C] () -- C:\WINDOWS\System32\puydblgh.ini
[2007/07/30 18:16:21 | 01,329,899 | -HS- | C] () -- C:\WINDOWS\System32\srhkgocn.ini
[2007/07/29 18:10:35 | 01,253,816 | -HS- | C] () -- C:\WINDOWS\System32\pyvpoicn.ini
[2007/07/28 22:29:02 | 00,000,405 | -HS- | C] () -- C:\WINDOWS\System32\hrgpwbie.ini
[2007/07/27 22:32:14 | 00,000,345 | -HS- | C] () -- C:\WINDOWS\System32\dmyrlqel.ini
[2007/07/26 22:10:00 | 00,000,876 | -HS- | C] () -- C:\WINDOWS\System32\lpomfltb.ini
[2007/07/26 22:06:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\xcxlpodf.dll
[2007/07/25 22:09:59 | 01,216,094 | -HS- | C] () -- C:\WINDOWS\System32\ehttetgo.ini
[2007/07/24 18:00:42 | 00,000,805 | -HS- | C] () -- C:\WINDOWS\System32\uwdqoeqe.ini
[2007/07/23 17:56:38 | 01,216,141 | -HS- | C] () -- C:\WINDOWS\System32\yrjyavjr.ini
[2007/07/17 17:55:54 | 01,193,507 | -HS- | C] () -- C:\WINDOWS\System32\ipfacrfl.ini
[2007/07/16 17:52:43 | 01,199,438 | -HS- | C] () -- C:\WINDOWS\System32\okwopnqm.ini
[2007/07/16 10:58:49 | 01,193,418 | -HS- | C] () -- C:\WINDOWS\System32\rqnfeaka.ini
[2007/07/15 10:58:49 | 01,193,298 | -HS- | C] () -- C:\WINDOWS\System32\etaeciir.ini
[2007/07/14 14:50:16 | 01,193,239 | -HS- | C] () -- C:\WINDOWS\System32\artlochv.ini
[2007/07/14 13:44:18 | 01,193,119 | -HS- | C] () -- C:\WINDOWS\System32\esqegdqv.ini
[2007/07/13 11:42:00 | 01,193,059 | -HS- | C] () -- C:\WINDOWS\System32\vwtaajcp.ini
[2007/07/12 11:44:59 | 00,000,465 | -HS- | C] () -- C:\WINDOWS\System32\crsfgrxa.ini
[2007/07/11 11:46:17 | 00,000,405 | -HS- | C] () -- C:\WINDOWS\System32\nryscwaw.ini
[2007/07/11 03:10:42 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/12/26 13:56:37 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/22 22:33:38 | 00,000,290 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/22 18:26:48 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/23 07:14:52 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/23 03:13:49 | 00,000,461 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/11/23 03:13:49 | 00,000,378 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/23 03:12:54 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/11/23 03:12:52 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/06 01:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/27 14:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[38 C:\*.tmp files]
[11 C:\WINDOWS\System32\*.tmp files]
[2009/09/29 01:59:09 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\pomupufa
[2009/09/29 01:50:32 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Geoffrey\Desktop\OTL.exe
[2009/09/29 01:45:20 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/29 01:37:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/29 00:11:51 | 03,767,242 | -H-- | M] () -- C:\Documents and Settings\Geoffrey\Local Settings\Application Data\IconCache.db
[2009/09/28 12:24:21 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\System32\kanolalo.dll
[2009/09/28 12:23:51 | 00,036,864 | -HS- | M] () -- C:\WINDOWS\System32\jumidani.dll
[2009/09/28 11:23:28 | 00,036,864 | -HS- | M] () -- C:\WINDOWS\System32\sopejuwi.dll
[2009/09/25 16:54:29 | 00,050,176 | -HS- | M] () -- C:\WINDOWS\System32\jurunute.dll
[2009/09/25 16:54:02 | 01,082,916 | -HS- | M] () -- C:\WINDOWS\System32\payiziha.exe
[2009/09/25 16:53:59 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\wevozobo.dll
[2009/09/25 16:53:59 | 00,044,970 | -HS- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nazehupo.exe
[2009/09/25 16:53:59 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\fevahiva.dll
[2009/09/24 16:03:01 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\jideraye.dll
[2009/09/24 16:03:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\dukotibe.dll
[2009/09/24 15:31:28 | 01,081,892 | -HS- | M] () -- C:\WINDOWS\System32\fabisike.exe
[2009/09/24 15:31:24 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\mohoyodi.dll
[2009/09/24 15:31:24 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\liwadefi.dll
[2009/09/24 15:26:52 | 01,081,892 | -HS- | M] () -- C:\WINDOWS\System32\fomekinu.exe
[2009/09/24 15:26:48 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\risoyaza.dll
[2009/09/24 15:26:47 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\nipiluti.dll
[2009/09/24 15:21:14 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\System32\yuzepijo.dll
[2009/09/24 15:20:44 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\rahurite.dll
[2009/09/24 15:20:44 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\hemokelu.dll
[2009/09/24 14:21:11 | 01,081,892 | -HS- | M] () -- C:\WINDOWS\System32\yemibumi.exe
[2009/09/24 14:21:08 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\gotehuye.dll
[2009/09/24 14:21:08 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\kefafoli.dll
[2009/09/24 14:01:42 | 00,001,638 | ---- | M] () -- C:\Documents and Settings\Geoffrey\Desktop\HijackThis.lnk
[2009/09/24 13:44:09 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/09/24 13:43:56 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/09/24 13:39:48 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/24 13:39:48 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/24 13:39:48 | 00,000,197 | RHS- | M] () -- C:\boot.ini
[2009/09/23 23:25:32 | 00,085,504 | ---- | M] () -- C:\Documents and Settings\Geoffrey\Desktop\Inherit.exe
[2009/09/23 23:14:18 | 00,046,375 | ---- | M] () -- C:\Documents and Settings\Geoffrey\Desktop\Junction.zip
[2009/09/23 23:01:36 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Geoffrey\Desktop\RSIT.exe
[2009/09/23 22:59:58 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Geoffrey\Desktop\avenger.zip
[2009/09/23 22:56:24 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Geoffrey\Desktop\Win32kDiag.exe
[2009/09/23 22:17:30 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Geoffrey\Desktop\dds.pif
[2009/09/23 22:16:58 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Geoffrey\Desktop\dds.scr
[2009/09/23 13:18:50 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\nehamubu.dll
[2009/09/23 13:18:23 | 01,081,892 | -HS- | M] () -- C:\WINDOWS\System32\wesokaru.exe
[2009/09/23 13:18:19 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\pihenedo.dll
[2009/09/22 23:45:52 | 26,709,200 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Geoffrey\Desktop\sdsetup_aff.exe
[2009/09/22 16:53:35 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Geoffrey\Desktop\HijackThis2.lnk
[2009/09/22 15:56:35 | 00,000,058 | ---- | M] () -- C:\WINDOWS\ppp4.dat
[2009/09/22 15:56:35 | 00,000,002 | ---- | M] () -- C:\WINDOWS\ppp3.dat
[2009/09/22 15:36:34 | 03,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Geoffrey\Desktop\procexp.exe
[2009/09/22 15:35:32 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Geoffrey\Desktop\SDFix.exe
[2009/09/22 15:07:05 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Geoffrey\Desktop\Hj32.lnk
[2009/09/22 13:49:36 | 00,000,075 | ---- | M] () -- C:\Documents and Settings\Geoffrey\Desktop\FixExe.reg
[2009/09/22 13:10:24 | 00,000,109 | ---- | M] () -- C:\Documents and Settings\Geoffrey\Desktop\fixtm.reg
[2009/09/19 14:00:48 | 00,013,642 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cuga.bin
[2009/09/19 14:00:47 | 00,014,742 | ---- | M] () -- C:\Program Files\Common Files\febuhyjew.reg
[2009/09/19 13:53:20 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/17 21:16:56 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\sysnet.dat
[2009/09/17 21:16:49 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/09/16 22:08:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/14 21:13:29 | 00,156,672 | ---- | M] () -- C:\Documents and Settings\Geoffrey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/13 20:49:06 | 00,067,742 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\lena_headey_06.jpg
[2009/09/12 17:19:09 | 00,062,510 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\9.jpg
[2009/09/12 17:18:56 | 00,060,874 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\8.jpg
[2009/09/12 17:18:44 | 00,061,323 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\7.jpg
[2009/09/12 17:18:32 | 00,061,682 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\6.jpg
[2009/09/12 17:18:20 | 00,060,520 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\5.jpg
[2009/09/12 17:18:08 | 00,065,214 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\4.jpg
[2009/09/12 17:17:55 | 00,057,991 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\3.jpg
[2009/09/12 17:17:42 | 00,065,267 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\2.jpg
[2009/09/12 17:16:36 | 00,062,360 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\1.jpg
[2009/09/12 17:16:22 | 00,165,230 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\05.jpg
[2009/09/12 17:15:50 | 00,028,560 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina.jpg
[2009/09/12 17:15:36 | 00,026,298 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (9).jpg
[2009/09/12 17:15:17 | 00,023,391 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (8).jpg
[2009/09/12 17:14:55 | 00,026,206 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (7).jpg
[2009/09/12 17:14:40 | 00,025,915 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (6).jpg
[2009/09/12 17:14:25 | 00,027,882 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (5).jpg
[2009/09/12 17:14:12 | 00,025,300 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (4).jpg
[2009/09/12 17:13:53 | 00,133,287 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (3).jpg
[2009/09/12 17:13:36 | 00,030,968 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (26).jpg
[2009/09/12 17:13:24 | 00,029,064 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (25).jpg
[2009/09/12 17:12:56 | 00,026,975 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (24).jpg
[2009/09/12 17:12:21 | 00,037,430 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (23).jpg
[2009/09/12 17:12:07 | 00,039,443 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (22).jpg
[2009/09/12 17:11:47 | 00,032,912 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (21).jpg
[2009/09/12 17:11:19 | 00,031,698 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (20).jpg
[2009/09/12 17:11:01 | 00,026,799 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (2).jpg
[2009/09/12 17:10:28 | 00,029,678 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (19).jpg
[2009/09/12 17:10:09 | 00,016,827 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (18).jpg
[2009/09/12 17:09:54 | 00,018,917 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (17).jpg
[2009/09/12 17:09:35 | 00,022,160 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (16).jpg
[2009/09/12 17:09:09 | 00,021,762 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (15).jpg
[2009/09/12 17:08:49 | 00,021,983 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (14).jpg
[2009/09/12 17:08:33 | 00,019,255 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (13).jpg
[2009/09/12 17:08:06 | 00,037,598 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (12).jpg
[2009/09/12 17:07:47 | 00,027,549 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina (11).jpg
[2009/09/12 17:06:50 | 00,030,414 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina%20(10).jpg
[2009/09/12 17:06:36 | 00,174,557 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\Carolina%20(1)[1].JPG
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/03 09:10:52 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\hp fics.doc
[2009/09/01 20:53:00 | 00,045,210 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\abcfr.mp3
[2009/09/01 17:51:37 | 01,839,856 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\alouette.mp3
[2009/09/01 17:39:24 | 00,147,201 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\jacques.mp3
[2009/09/01 17:39:15 | 00,552,022 | ---- | M] () -- C:\Documents and Settings\Geoffrey\My Documents\frere_jacques_moc.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

and extras:

OTL Extras logfile created on: 9/29/2009 1:51:54 AM - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Geoffrey\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.23 Mb Total Physical Memory | 70.66 Mb Available Physical Memory | 15.84% Memory free
1.03 Gb Paging File | 0.64 Gb Available in Paging File | 61.79% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 49.63 Gb Free Space | 66.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 61.97 Mb Total Space | 46.44 Mb Free Space | 74.93% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SALLY
Current User Name: Geoffrey
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome ()
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 ()
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Program Files\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 ()
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" ()

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{53AF3638-DDB4-4755-B3DC-259981689DB7}" = WD Anywhere Access Powered by MioNet
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E064390A-2F64-4195-9A55-30D4B20B865A}" = WDCSAM Driver
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"8A1D0449E9CBCC93DCB0CF47934D695423632CA7" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (12/05/2006 1.0.0007.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner (remove only)
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_0300107B" = Soft Data Fax Modem with SmartCP
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"getPlus®_dll" = getPlus®_dll
"getPlus®_ocx" = getPlus®_ocx
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mp3tag" = Mp3tag v2.37a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Registry Mechanic_is1" = Registry Mechanic 8.0
"RollerCoaster Tycoon Setup" = RolllayN
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spyware Doctor" = Spyware Doctor 6.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Hope you have enough to get started on suggesting a path to fix this issue. Thank you.

#11 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:55 AM

Posted 29 September 2009 - 06:51 PM

This is as far as I can go in this particular forum


Now that you were successful in creating an OTL log you need to post it in our HJT forum:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Give a brief description and tell them that this log was all you could get to run successfully
The HJT team is extremely busy, so be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users