Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Total Security Removal Problem


  • This topic is locked This topic is locked
35 replies to this topic

#1 Paytonjrd

Paytonjrd

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Augusta, Georgia
  • Local time:05:43 PM

Posted 02 October 2009 - 09:40 AM

I was never able to save procexp.exe nor rootrepeal to my desktop; the save as or run command would never appear. All I have been able to do is run the mbam. I hope this attachments shows up. Thanks for any help. :(

Attached Files

  • Attached File  DDS.txt   23.32KB   23 downloads


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:43 AM

Posted 20 October 2009 - 12:30 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Paytonjrd

Paytonjrd
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Augusta, Georgia
  • Local time:05:43 PM

Posted 20 October 2009 - 02:19 PM

I am trying to follow the steps you mentioned, but I keep getting a message that says the website I am trying to download is unsafe and potentially filled with viruses. Do I ignore this and continue or what? Please advise. Thanks.

#4 Paytonjrd

Paytonjrd
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Augusta, Georgia
  • Local time:05:43 PM

Posted 20 October 2009 - 04:06 PM

OTL logfile created on: 10/20/2009 4:59:41 PM - Run 2
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.04 Mb Total Physical Memory | 180.10 Mb Available Physical Memory | 40.38% Memory free
1.03 Gb Paging File | 0.88 Gb Available in Paging File | 85.36% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.31 Gb Total Space | 51.69 Gb Free Space | 74.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: User
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/20 16:59:23 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2009/08/24 16:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

========== Win32 Services (SafeList) ==========

SRV - [2009/10/14 09:44:18 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca4cd4724b8e94 [Auto | Stopped])
SRV - [2009/09/04 23:29:40 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/01/28 16:56:41 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Stopped])
SRV - [2006/02/07 20:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Stopped])
SRV - [2005/11/11 19:43:04 | 00,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService [Auto | Stopped])
SRV - [2005/10/13 22:56:16 | 00,126,976 | ---- | M] (McAfee, Inc) -- c:\program files\mcafee.com\agent\mcdetect.exe -- (McDetect.exe [Auto | Stopped])
SRV - [2005/09/26 14:22:28 | 00,036,864 | ---- | M] () -- C:\WINDOWS\System32\acs.exe -- (ACS [Auto | Stopped])
SRV - [2005/08/24 19:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe [Auto | Stopped])
SRV - [2005/08/10 14:22:02 | 00,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield [Auto | Stopped])
SRV - [2005/08/04 02:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2005/07/12 21:14:42 | 00,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr [Auto | Stopped])
SRV - [2005/07/12 21:10:18 | 00,963,072 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService [Auto | Stopped])
SRV - [2005/07/01 22:22:50 | 00,245,760 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe [On_Demand | Stopped])
SRV - [2005/01/17 20:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Stopped])
SRV - [2004/10/15 16:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Auto | Stopped])
SRV - [2004/08/28 04:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Stopped])
SRV - [2003/07/28 16:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/09/15 01:16:39 | 00,206,256 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2009/08/05 22:48:42 | 00,054,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Stopped])
DRV - [2008/07/28 18:26:30 | 00,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [On_Demand | Stopped])
DRV - [2008/07/28 18:26:30 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/04/13 10:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/10/09 15:53:13 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Stopped])
DRV - [2007/07/03 20:59:10 | 00,086,824 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdserd.sys -- (sscdserd [On_Demand | Stopped])
DRV - [2007/07/03 20:58:20 | 00,106,792 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])
DRV - [2007/07/03 20:57:24 | 00,011,944 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
DRV - [2007/07/03 20:54:24 | 00,080,552 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
DRV - [2006/10/03 13:21:48 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/04/01 00:20:38 | 00,043,776 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Stopped])
DRV - [2006/03/04 00:29:50 | 01,124,097 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Stopped])
DRV - [2006/03/02 19:46:54 | 00,191,968 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/01/18 22:41:58 | 00,080,512 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2005/12/09 19:48:40 | 04,123,136 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Stopped])
DRV - [2005/11/11 19:43:52 | 00,080,640 | ---- | M] (McAfee) -- C:\WINDOWS\System32\Drivers\MpFirewall.sys -- (MPFIREWL [System | Running])
DRV - [2005/10/20 18:03:42 | 00,006,144 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\DRIVERS\NBSMI.sys -- (TVALD [On_Demand | Stopped])
DRV - [2005/10/06 09:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Stopped])
DRV - [2005/10/06 09:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Stopped])
DRV - [2005/10/06 09:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Stopped])
DRV - [2005/10/06 09:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Stopped])
DRV - [2005/10/06 09:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Stopped])
DRV - [2005/10/06 09:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Stopped])
DRV - [2005/10/06 09:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Stopped])
DRV - [2005/09/15 03:49:52 | 00,468,768 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Running])
DRV - [2005/09/12 07:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/25 16:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/08/25 16:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/08/24 19:20:28 | 00,009,472 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\tbiosdrv.sys -- (tbiosdrv [On_Demand | Stopped])
DRV - [2005/08/12 09:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Stopped])
DRV - [2005/08/10 14:22:10 | 00,114,464 | ---- | M] (McAfee Inc.) -- C:\WINDOWS\System32\drivers\naiavf5x.sys -- (NaiAvFilter1 [On_Demand | Stopped])
DRV - [2005/08/04 02:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2005/06/02 07:33:00 | 00,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\System32\Drivers\meiudf.sys -- (meiudf [System | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/03 18:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2003/01/29 18:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Stopped])
DRV - [2003/01/10 16:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 3B 3D A2 D6 32 CA 01 [binary data]
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\S-1-5-21-1948944472-235654725-2611799722-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/07 03:00:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/12 00:19:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realplayer\browserrecord\firefox\ext [2009/10/14 09:47:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/14 09:46:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/14 09:47:03 | 00,000,000 | ---D | M]

[2009/09/24 08:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions
[2009/09/24 08:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/20 12:50:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\drlycl1z.default\extensions
[2009/09/24 09:40:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\drlycl1z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/24 08:46:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/24 08:46:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 16:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 16:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 16:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/10/14 09:46:56 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/10/14 09:47:03 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/10/14 09:46:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/08/24 14:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 14:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 14:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 14:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 14:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 14:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 14:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (145 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguardpro.microsoft.com
O1 - Hosts: 91.212.127.226 os-guardpro.com
O1 - Hosts: 91.212.127.226 www.os-guardpro.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\DLACTRLW.exe (Sonic Solutions)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vewuropod] C:\WINDOWS\System32\baguteja.DLL ()
O4 - HKLM..\Run: [VirusScan Online] c:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
O4 - HKU\.DEFAULT..\Run: [Install] C:\Documents and Settings\User\Application Data\9917130758\9917130758.bat ()
O4 - HKU\S-1-5-18..\Run: [Install] C:\Documents and Settings\User\Application Data\9917130758\9917130758.bat ()
O4 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\System32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (McAfee, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx (ArmHelper Control)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (tezojuyu.dll) - C:\WINDOWS\System32\tezojuyu.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\tumalewu.dll) - C:\WINDOWS\System32\tumalewu.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\vopegoze.dll) - C:\WINDOWS\System32\vopegoze.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\lutawudi.dll) - C:\WINDOWS\System32\lutawudi.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\yiyobuye.dll) - C:\WINDOWS\System32\yiyobuye.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\baguteja.dll) - C:\WINDOWS\System32\baguteja.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: batumutup - {4638290f-671f-4b5a-bd80-218555152df7} - C:\WINDOWS\System32\lutawudi.dll File not found
O21 - SSODL: hefemokip - {acab6f16-6b4b-48cc-b2e8-11b33a76f044} - C:\WINDOWS\System32\lutawudi.dll File not found
O21 - SSODL: hurasibop - {306954de-855c-4614-a9f9-0423ee7ea292} - C:\WINDOWS\System32\baguteja.dll ()
O21 - SSODL: nadojorud - {3736bffc-5216-45fd-b309-a400d2fe4831} - C:\WINDOWS\System32\gusogire.dll File not found
O21 - SSODL: pigidosiw - {70639040-7bd4-41dc-aed6-e019e3ce3689} - C:\WINDOWS\System32\tumalewu.dll File not found
O21 - SSODL: pusezeyed - {d67617a4-5561-4aef-90f8-4f6200a7db3a} - C:\WINDOWS\System32\kayufegi.dll File not found
O21 - SSODL: ranojolan - {3227433f-a76a-4192-a9db-aec44efc8b29} - C:\WINDOWS\System32\lutawudi.dll File not found
O21 - SSODL: sekiguwos - {84e6454f-84d1-4f3e-8eda-ebbdb0ac34fa} - C:\WINDOWS\System32\yiyobuye.dll File not found
O21 - SSODL: timobebul - {30772096-01ab-4277-8f44-3d5d00fff14b} - C:\WINDOWS\System32\gomevibi.dll File not found
O21 - SSODL: vamamazel - {5f0b3a62-4530-4f16-ae77-2d3d45014ece} - C:\WINDOWS\System32\dipagowe.dll File not found
O21 - SSODL: vawebedan - {7451d33c-7020-44bb-aa38-d95250668339} - C:\WINDOWS\System32\bosurezo.dll File not found
O21 - SSODL: vudigesig - {23cbc430-1cc0-4c11-842a-d93b5002b3e8} - C:\WINDOWS\System32\nesebaba.dll File not found
O21 - SSODL: vuwuketim - {8619ca7f-0d16-46bf-be73-bd972bc3aca4} - C:\WINDOWS\System32\navaguke.dll File not found
O21 - SSODL: yafesoker - {3a93c760-4a2d-40bd-9f4d-a176b4e7c1c0} - C:\WINDOWS\System32\gufomafe.dll File not found
O21 - SSODL: yosalubuf - {63852096-7d07-4aa8-94be-cbfcb9392cfe} - C:\WINDOWS\System32\lihujedo.dll File not found
O21 - SSODL: zowojaged - {ca268371-f8cc-4e81-bcdf-df6fa03061ad} - C:\WINDOWS\System32\lutawudi.dll File not found
O22 - SharedTaskScheduler: {23cbc430-1cc0-4c11-842a-d93b5002b3e8} - kupuhivus - C:\WINDOWS\System32\nesebaba.dll File not found
O22 - SharedTaskScheduler: {306954de-855c-4614-a9f9-0423ee7ea292} - kupuhivus - C:\WINDOWS\System32\baguteja.dll ()
O22 - SharedTaskScheduler: {30772096-01ab-4277-8f44-3d5d00fff14b} - gahurihor - C:\WINDOWS\System32\gomevibi.dll File not found
O22 - SharedTaskScheduler: {3227433f-a76a-4192-a9db-aec44efc8b29} - tokatiluy - C:\WINDOWS\System32\lutawudi.dll File not found
O22 - SharedTaskScheduler: {3736bffc-5216-45fd-b309-a400d2fe4831} - tokatiluy - C:\WINDOWS\System32\gusogire.dll File not found
O22 - SharedTaskScheduler: {3a93c760-4a2d-40bd-9f4d-a176b4e7c1c0} - tokatiluy - C:\WINDOWS\System32\gufomafe.dll File not found
O22 - SharedTaskScheduler: {4638290f-671f-4b5a-bd80-218555152df7} - tokatiluy - C:\WINDOWS\System32\lutawudi.dll File not found
O22 - SharedTaskScheduler: {5f0b3a62-4530-4f16-ae77-2d3d45014ece} - tokatiluy - C:\WINDOWS\System32\dipagowe.dll File not found
O22 - SharedTaskScheduler: {63852096-7d07-4aa8-94be-cbfcb9392cfe} - jugezatag - C:\WINDOWS\System32\lihujedo.dll File not found
O22 - SharedTaskScheduler: {70639040-7bd4-41dc-aed6-e019e3ce3689} - gahurihor - C:\WINDOWS\System32\tumalewu.dll File not found
O22 - SharedTaskScheduler: {7451d33c-7020-44bb-aa38-d95250668339} - tokatiluy - C:\WINDOWS\System32\bosurezo.dll File not found
O22 - SharedTaskScheduler: {84e6454f-84d1-4f3e-8eda-ebbdb0ac34fa} - mujuzedij - C:\WINDOWS\System32\yiyobuye.dll File not found
O22 - SharedTaskScheduler: {8619ca7f-0d16-46bf-be73-bd972bc3aca4} - kupuhivus - C:\WINDOWS\System32\navaguke.dll File not found
O22 - SharedTaskScheduler: {acab6f16-6b4b-48cc-b2e8-11b33a76f044} - mujuzedij - C:\WINDOWS\System32\lutawudi.dll File not found
O22 - SharedTaskScheduler: {ca268371-f8cc-4e81-bcdf-df6fa03061ad} - jugezatag - C:\WINDOWS\System32\lutawudi.dll File not found
O22 - SharedTaskScheduler: {d67617a4-5561-4aef-90f8-4f6200a7db3a} - kupuhivus - C:\WINDOWS\System32\kayufegi.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/20 14:09:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{07871900-9741-11de-aa42-0016e37315f4}\Shell - "" = AutoRun
O33 - MountPoints2\{07871900-9741-11de-aa42-0016e37315f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07871900-9741-11de-aa42-0016e37315f4}\Shell\AutoRun\command - "" = E:\StartClickFreeBackup.exe -- File not found
O33 - MountPoints2\{5873133c-9bc0-11de-aa45-0016e37315f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5873133c-9bc0-11de-aa45-0016e37315f4}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{5873133c-9bc0-11de-aa45-0016e37315f4}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[16 C:\WINDOWS\System32\*.tmp files]
[2009/09/24 21:17:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/14 09:46:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/10/04 09:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\2053874250
[2009/10/04 21:14:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\2279535808
[2009/10/05 09:14:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\3814167408
[2009/10/03 21:13:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\6011467302
[2009/10/05 21:14:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\6489321741
[2009/10/03 09:13:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\8966544956
[2009/09/30 16:41:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\9917130758
[2009/09/24 21:18:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2009/09/24 08:47:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Mozilla
[2009/10/14 09:46:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Real
[2009/09/24 08:47:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Mozilla
[2009/10/14 09:47:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Real
[2009/09/23 21:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\WMTools Downloaded Files
[2009/10/14 09:46:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/10/15 23:36:34 | 00,000,000 | ---D | C] -- C:\Program Files\kiviqw
[2009/09/24 21:17:55 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/14 09:46:56 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/14 09:46:51 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/14 09:46:51 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/08 20:05:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Online Schools, School Online, Online Learning @ Westwood College_files
[2009/10/07 23:40:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\schtml
[2009/09/24 21:17:57 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/24 21:17:55 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/24 08:51:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads
[2006/03/20 14:40:34 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

========== Files - Modified Within 30 Days ==========

[16 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/10/20 16:59:32 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\yagapehe
[2009/10/20 16:46:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/20 16:08:05 | 00,000,321 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Parenting With Positive Discipline Methods Alternatives to Spanking, Time-Outs, and Punishment Suite101.com.url
[2009/10/20 09:24:43 | 01,011,172 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\tatetimo.exe
[2009/10/20 09:24:40 | 00,090,624 | -HS- | M] () -- C:\WINDOWS\System32\baguteja.dll
[2009/10/20 09:24:40 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\kimuremo.dll
[2009/10/19 21:25:53 | 00,513,536 | ---- | M] () -- C:\WINDOWS\System32\pump.exe
[2009/10/19 21:25:51 | 00,000,058 | ---- | M] () -- C:\WINDOWS\wp4.dat
[2009/10/19 21:25:51 | 00,000,001 | ---- | M] () -- C:\WINDOWS\wp3.dat
[2009/10/19 21:24:16 | 01,011,401 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\lalihihe.exe
[2009/10/19 21:24:12 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\fiyusuka.dll
[2009/10/19 09:24:04 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\sovozele.dll
[2009/10/19 09:24:04 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\hufugido.dll
[2009/10/18 23:02:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/18 22:40:07 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{54C966A6-71CE-4333-9DEB-A3931F16C581}.job
[2009/10/18 22:33:03 | 00,072,928 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2009/10/18 22:30:59 | 00,000,881 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Security Tool.lnk
[2009/10/18 22:30:42 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/18 22:26:09 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/18 21:23:54 | 01,011,198 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\viriteda.exe
[2009/10/18 21:23:49 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\hivunote.dll
[2009/10/18 00:07:04 | 01,114,665 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\yajulose.exe
[2009/10/18 00:06:51 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\bijikoko.dll
[2009/10/17 10:30:27 | 00,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/10/17 09:20:14 | 01,115,745 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\soviveri.exe
[2009/10/17 09:20:10 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\jubodaso.dll
[2009/10/16 21:20:03 | 01,111,915 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\norupeze.exe
[2009/10/16 09:43:46 | 03,774,502 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/10/16 09:19:34 | 01,111,915 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\wejuwava.exe
[2009/10/16 09:19:31 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\kovihihi.dll
[2009/10/16 09:19:30 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\zukogulu.dll
[2009/10/16 08:59:49 | 00,283,136 | ---- | M] () -- C:\WINDOWS\svohost.exe
[2009/10/15 21:19:17 | 01,112,459 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\zejitune.exe
[2009/10/15 21:19:13 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\gulipame.dll
[2009/10/15 09:18:44 | 01,117,124 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\yuligugu.exe
[2009/10/15 09:18:41 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\zagubura.dll
[2009/10/15 09:18:40 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\vidomovo.dll
[2009/10/15 01:14:06 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/14 21:18:34 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\juzeziwi.dll
[2009/10/14 21:18:34 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\demojesa.dll
[2009/10/14 09:47:01 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2009/10/14 09:46:56 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/14 09:46:51 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/14 09:46:51 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/14 09:46:29 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2009/10/14 09:46:28 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2009/10/14 09:46:28 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/10/14 09:18:33 | 01,113,885 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\niludesa.exe
[2009/10/14 09:18:29 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\fotufuga.dll
[2009/10/13 21:18:23 | 01,011,606 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\dobipimo.exe
[2009/10/13 09:17:50 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\firugoti.dll
[2009/10/12 21:17:52 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\System32\kalomawu.dll
[2009/10/12 21:17:22 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\vetaweyo.dll
[2009/10/12 21:17:22 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\rigitaza.dll
[2009/10/12 20:56:06 | 00,009,728 | ---- | M] () -- C:\Documents and Settings\User\My Documents\zanrescook1.wps
[2009/10/12 20:56:06 | 00,002,512 | ---- | M] () -- C:\Documents and Settings\User\Application Data\wklnhst.dat
[2009/10/12 09:17:21 | 00,091,136 | ---- | M] () -- C:\WINDOWS\System32\yatorolo.dll
[2009/10/12 09:17:21 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\leyafapa.dll
[2009/10/11 21:17:12 | 01,011,439 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\lovafufu.exe
[2009/10/11 21:17:10 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\seweyaka.dll
[2009/10/11 21:17:09 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\rufobuwa.dll
[2009/10/11 09:17:11 | 01,011,570 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\wupesiki.exe
[2009/10/11 09:17:09 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\gakewadu.dll
[2009/10/11 09:17:08 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\vajilola.dll
[2009/10/10 21:16:58 | 01,011,128 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\tahiraga.exe
[2009/10/10 21:16:56 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\yiwosaku.dll
[2009/10/10 21:16:55 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\jedudisu.dll
[2009/10/10 09:16:46 | 01,011,260 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\tihupime.exe
[2009/10/10 09:16:44 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\biyajoze.dll
[2009/10/10 09:16:43 | 00,090,624 | -HS- | M] () -- C:\WINDOWS\System32\daletoje.dll
[2009/10/09 21:16:33 | 01,011,284 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\tanadafe.exe
[2009/10/09 21:16:31 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\hegiguve.dll
[2009/10/09 21:16:30 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\dibehaki.dll
[2009/10/09 09:16:22 | 01,011,752 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\mirevipu.exe
[2009/10/09 09:16:19 | 00,090,624 | -HS- | M] () -- C:\WINDOWS\System32\lapupayi.dll
[2009/10/09 09:16:18 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\zokemohi.dll
[2009/10/08 21:16:12 | 01,011,226 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\telodupo.exe
[2009/10/08 21:16:08 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\fironage.dll
[2009/10/08 09:15:51 | 01,011,243 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\gukowema.exe
[2009/10/08 09:15:47 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\yirumuno.dll
[2009/10/08 09:15:47 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\pitorewe.dll
[2009/10/07 23:41:16 | 00,000,058 | ---- | M] () -- C:\WINDOWS\wf4.dat
[2009/10/07 23:41:16 | 00,000,002 | ---- | M] () -- C:\WINDOWS\wf3.dat
[2009/10/07 21:15:26 | 01,050,659 | -HS- | M] () -- C:\WINDOWS\System32\bizubudu.exe
[2009/10/07 21:15:21 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\lolozima.dll
[2009/10/07 12:22:32 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\User\My Documents\zanresumeteach.wps
[2009/10/07 09:15:08 | 01,050,147 | -HS- | M] () -- C:\WINDOWS\System32\wetogasi.exe
[2009/10/07 09:15:06 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\rotapote.dll
[2009/10/07 09:15:05 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\sepowumu.dll
[2009/10/06 21:14:58 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\kapekabo.dll
[2009/10/06 09:14:52 | 00,091,136 | ---- | M] () -- C:\WINDOWS\System32\sivufayo.dll
[2009/10/06 09:14:51 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\bujiluro.dll
[2009/10/05 21:14:38 | 01,047,587 | -HS- | M] () -- C:\WINDOWS\System32\gepesiso.exe
[2009/10/05 09:14:32 | 01,048,611 | -HS- | M] () -- C:\WINDOWS\System32\vuwozisa.exe
[2009/10/05 09:14:28 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\vikewami.dll
[2009/10/04 21:14:28 | 01,048,099 | -HS- | M] () -- C:\WINDOWS\System32\norozuse.exe
[2009/10/04 21:14:20 | 00,090,624 | -HS- | M] () -- C:\WINDOWS\System32\pulasiya.dll
[2009/10/04 09:14:05 | 01,048,099 | -HS- | M] () -- C:\WINDOWS\System32\keyamemu.exe
[2009/10/04 09:14:01 | 00,090,624 | -HS- | M] () -- C:\WINDOWS\System32\mekaboge.dll
[2009/10/04 09:14:01 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\jamoyiye.dll
[2009/10/03 21:13:55 | 01,048,099 | -HS- | M] () -- C:\WINDOWS\System32\wibotelo.exe
[2009/10/03 21:13:52 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\dayatife.dll
[2009/10/03 09:13:28 | 01,048,099 | -HS- | M] () -- C:\WINDOWS\System32\muhofola.exe
[2009/10/03 09:13:26 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\madujeri.dll
[2009/10/03 09:13:26 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\numisufe.dll
[2009/10/02 21:13:35 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\panosiru.dll
[2009/10/02 21:13:05 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\petaziwe.dll
[2009/10/02 10:21:42 | 00,000,217 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to Windows Firewall.lnk
[2009/10/02 09:13:41 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\biyebafi.dll
[2009/10/01 17:14:29 | 01,048,100 | -HS- | M] () -- C:\WINDOWS\System32\pezivuja.exe
[2009/10/01 17:14:25 | 00,027,136 | -HS- | M] () -- C:\WINDOWS\System32\raveyuru.dll
[2009/10/01 17:14:24 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\disimeji.dll
[2009/10/01 08:50:46 | 00,034,872 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/01 05:18:59 | 01,047,588 | -HS- | M] () -- C:\WINDOWS\System32\vopatuse.exe
[2009/10/01 05:18:54 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\tageruzi.dll
[2009/09/30 16:41:51 | 00,050,688 | -HS- | M] () -- C:\WINDOWS\System32\biniyogi.dll
[2009/09/30 16:41:29 | 01,047,076 | -HS- | M] () -- C:\WINDOWS\System32\pigopimu.exe
[2009/09/30 16:41:20 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\bozagudu.dll
[2009/09/29 04:41:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\vobulofo.dll
[2009/09/28 16:41:30 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\zevehahu.dll
[2009/09/28 16:41:00 | 00,037,376 | -HS- | M] () -- C:\WINDOWS\System32\vemopado.dll
[2009/09/28 02:58:53 | 00,003,833 | ---- | M] () -- C:\WINDOWS\machine.ver
[2009/09/27 16:40:34 | 00,036,864 | -HS- | M] () -- C:\WINDOWS\System32\siyokume.dll
[2009/09/27 04:40:19 | 00,036,864 | -HS- | M] () -- C:\WINDOWS\System32\kodesalo.dll
[2009/09/26 16:40:17 | 00,036,864 | -HS- | M] () -- C:\WINDOWS\System32\tadeyike.dll
[2009/09/26 04:39:51 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\fosadite.dll
[2009/09/25 16:40:11 | 00,049,664 | -HS- | M] () -- C:\WINDOWS\System32\vorosuka.dll
[2009/09/24 21:18:00 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/24 16:39:20 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\rulufutu.dll
[2009/09/24 08:47:02 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/24 04:40:13 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\milufuro.dll
[2009/09/22 18:15:06 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/09/21 14:52:34 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/09/21 14:52:33 | 00,000,719 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/21 14:52:33 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

========== Files - No Company Name ==========
[2009/10/20 16:08:05 | 00,000,321 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Parenting With Positive Discipline Methods Alternatives to Spanking, Time-Outs, and Punishment Suite101.com.url
[2009/10/17 10:48:22 | 00,000,881 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Security Tool.lnk
[2009/10/17 10:21:39 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/17 10:21:25 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/16 09:43:40 | 03,774,502 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/10/16 08:59:49 | 00,283,136 | ---- | C] () -- C:\WINDOWS\svohost.exe
[2009/10/16 08:59:49 | 00,000,058 | ---- | C] () -- C:\WINDOWS\wp4.dat
[2009/10/16 08:59:49 | 00,000,001 | ---- | C] () -- C:\WINDOWS\wp3.dat
[2009/10/14 09:47:01 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2009/10/14 09:45:25 | 00,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/10/12 20:56:05 | 00,009,728 | ---- | C] () -- C:\Documents and Settings\User\My Documents\zanrescook1.wps
[2009/10/07 23:39:55 | 00,000,058 | ---- | C] () -- C:\WINDOWS\wf4.dat
[2009/10/07 23:39:55 | 00,000,002 | ---- | C] () -- C:\WINDOWS\wf3.dat
[2009/10/07 23:39:53 | 00,513,536 | ---- | C] () -- C:\WINDOWS\System32\pump.exe
[2009/10/03 01:34:02 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/02 10:21:42 | 00,000,217 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to Windows Firewall.lnk
[2009/09/24 21:18:00 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/24 08:47:02 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/15 15:51:02 | 00,018,844 | ---- | C] () -- C:\Program Files\Common Files\xarifat.exe
[2009/09/15 15:51:02 | 00,016,606 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\evujaxe._dl
[2009/09/15 15:51:02 | 00,016,069 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ydyqy._dl
[2009/09/15 15:51:02 | 00,015,809 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\azypa.scr
[2009/09/15 15:51:02 | 00,015,045 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yxon.pif
[2009/09/15 15:51:02 | 00,014,614 | ---- | C] () -- C:\Program Files\Common Files\okyrideqa.bat
[2009/09/15 15:51:02 | 00,014,121 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gijuqiceh.sys
[2009/09/15 15:51:02 | 00,012,740 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kapusu.lib
[2009/09/15 15:51:02 | 00,011,598 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ufotid.scr
[2009/09/14 19:49:23 | 00,013,833 | ---- | C] () -- C:\Documents and Settings\User\Application Data\azidahyd.pif
[2009/09/14 19:49:23 | 00,013,163 | ---- | C] () -- C:\Documents and Settings\User\Application Data\aneduhos.bin
[2009/09/14 19:49:23 | 00,011,693 | ---- | C] () -- C:\Program Files\Common Files\awyqasufak.vbs
[2009/09/14 19:49:22 | 00,019,805 | ---- | C] () -- C:\Documents and Settings\User\Application Data\uwyryse.exe
[2009/09/14 19:49:22 | 00,017,690 | ---- | C] () -- C:\Program Files\Common Files\wuxepowen.ban
[2009/09/14 19:49:22 | 00,015,773 | ---- | C] () -- C:\WINDOWS\umuh.sys
[2009/09/14 19:49:22 | 00,015,289 | ---- | C] () -- C:\Program Files\Common Files\ybikeji._sy
[2009/09/14 19:49:22 | 00,014,262 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\zasyc.vbs
[2009/09/14 19:49:22 | 00,014,192 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\nydulih.pif
[2009/09/14 19:49:22 | 00,014,139 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\gymavesor.reg
[2009/09/14 19:49:22 | 00,013,313 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ypybymade.dl
[2009/09/14 19:49:22 | 00,012,345 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\icaniz.exe
[2009/09/14 19:36:09 | 00,019,093 | ---- | C] () -- C:\Documents and Settings\User\Application Data\losugekyl.dll
[2009/09/14 19:36:09 | 00,019,043 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iquju.bat
[2009/09/14 19:36:09 | 00,019,031 | ---- | C] () -- C:\WINDOWS\edytisevav.sys
[2009/09/14 19:36:09 | 00,014,894 | ---- | C] () -- C:\WINDOWS\oqiqulixo.sys
[2009/09/14 19:36:09 | 00,014,386 | ---- | C] () -- C:\WINDOWS\zesa.sys
[2009/09/14 19:36:09 | 00,013,600 | ---- | C] () -- C:\Program Files\Common Files\ipenycazan.dat
[2009/09/14 19:36:09 | 00,013,014 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\wukax.inf
[2009/09/14 19:36:09 | 00,012,774 | ---- | C] () -- C:\Program Files\Common Files\exyhajefo.reg
[2009/09/14 19:36:09 | 00,012,475 | ---- | C] () -- C:\Documents and Settings\User\Application Data\fekunir.bat
[2009/09/14 19:36:09 | 00,011,296 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\cyqihoku.vbs
[2009/09/14 19:20:00 | 00,019,745 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ipybaso.ban
[2009/09/14 19:20:00 | 00,019,483 | ---- | C] () -- C:\Program Files\Common Files\cosam.ban
[2009/09/14 19:20:00 | 00,019,323 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\paholuh.sys
[2009/09/14 19:20:00 | 00,018,723 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vamike._dl
[2009/09/14 19:20:00 | 00,018,674 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\rizu._sy
[2009/09/14 19:20:00 | 00,018,569 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ofuvinexa.com
[2009/09/14 19:20:00 | 00,017,598 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\oluduwi.vbs
[2009/09/14 19:20:00 | 00,016,313 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ybifekow.ban
[2009/09/14 19:20:00 | 00,016,161 | ---- | C] () -- C:\Documents and Settings\User\Application Data\cyjubykam.dat
[2009/09/14 19:20:00 | 00,016,117 | ---- | C] () -- C:\Program Files\Common Files\ufocoxeq.bin
[2009/09/14 19:20:00 | 00,010,167 | ---- | C] () -- C:\Documents and Settings\User\Application Data\tyhunanas.com
[2009/09/14 19:19:59 | 00,019,458 | ---- | C] () -- C:\Documents and Settings\User\Application Data\butimy.com
[2009/09/14 19:19:59 | 00,017,635 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\facuhuh.pif
[2009/09/14 19:19:59 | 00,017,549 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bemumafop.ban
[2009/09/14 19:19:59 | 00,016,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\igileqe.inf
[2009/09/14 19:19:59 | 00,010,089 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\umoji.dl
[2009/09/14 16:19:42 | 00,013,748 | ---- | C] () -- C:\Program Files\Common Files\kelyradaq._sy
[2009/09/14 16:19:41 | 00,016,085 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jekam.db
[2009/09/14 16:19:41 | 00,011,779 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\bodajecaga.bat
[2009/09/14 15:58:35 | 00,018,834 | ---- | C] () -- C:\Program Files\Common Files\ipyhyzumow.sys
[2009/09/14 15:58:35 | 00,017,962 | ---- | C] () -- C:\Program Files\Common Files\bytecaqote.dl
[2009/09/14 15:58:35 | 00,016,715 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ykuba.dl
[2009/09/14 15:58:35 | 00,014,629 | ---- | C] () -- C:\WINDOWS\tonefe.sys
[2009/09/14 15:58:35 | 00,013,823 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\usyg.dl
[2009/09/14 15:58:35 | 00,013,234 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iniqopavy.sys
[2009/09/14 15:58:35 | 00,013,046 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\adakyvoha._dl
[2009/09/14 15:58:35 | 00,012,861 | ---- | C] () -- C:\Documents and Settings\User\Application Data\apuwyk.bin
[2009/09/14 15:58:35 | 00,011,565 | ---- | C] () -- C:\Program Files\Common Files\kagy.bat
[2009/09/14 15:58:35 | 00,010,754 | ---- | C] () -- C:\Program Files\Common Files\zuxuvibake.scr
[2009/09/13 12:41:22 | 00,019,157 | ---- | C] () -- C:\Program Files\Common Files\ezebova.db
[2009/09/13 12:41:22 | 00,018,217 | ---- | C] () -- C:\Documents and Settings\User\Application Data\susux.bin
[2009/09/13 12:41:22 | 00,016,930 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ygeziwet.bin
[2009/09/13 12:41:22 | 00,016,472 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lohid.ban
[2009/09/13 12:41:22 | 00,015,277 | ---- | C] () -- C:\WINDOWS\qocyt.dll
[2009/09/13 12:41:22 | 00,014,977 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\timo.sys
[2009/09/13 12:41:22 | 00,013,812 | ---- | C] () -- C:\Program Files\Common Files\orapyj.reg
[2009/09/13 12:41:22 | 00,013,322 | ---- | C] () -- C:\Program Files\Common Files\gotuxuk.reg
[2009/09/13 12:41:22 | 00,012,179 | ---- | C] () -- C:\Program Files\Common Files\asulace.db
[2009/09/13 12:41:22 | 00,011,746 | ---- | C] () -- C:\Documents and Settings\User\Application Data\uwuquvoty.pif
[2009/08/12 15:42:24 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/07/20 09:24:39 | 00,090,624 | -HS- | C] () -- C:\WINDOWS\System32\baguteja.dll
[2009/07/20 09:24:39 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kimuremo.dll
[2009/07/19 21:24:12 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fiyusuka.dll
[2009/07/19 09:24:04 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\sovozele.dll
[2009/07/19 09:24:04 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\hufugido.dll
[2009/07/18 21:23:49 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\hivunote.dll
[2009/07/18 00:06:50 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\bijikoko.dll
[2009/07/17 09:20:10 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jubodaso.dll
[2009/07/16 09:19:29 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\kovihihi.dll
[2009/07/16 09:19:29 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zukogulu.dll
[2009/07/15 21:19:12 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\gulipame.dll
[2009/07/15 09:18:40 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\zagubura.dll
[2009/07/15 09:18:40 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\vidomovo.dll
[2009/07/14 21:18:34 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\juzeziwi.dll
[2009/07/14 21:18:34 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\demojesa.dll
[2009/07/14 09:18:29 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fotufuga.dll
[2009/07/13 09:17:50 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\firugoti.dll
[2009/07/12 21:17:55 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\yofabutu.dll
[2009/07/12 21:17:55 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\tezojuyu.dll
[2009/07/12 21:17:55 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\tahuhabu.dll
[2009/07/12 21:17:21 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\vetaweyo.dll
[2009/07/12 21:17:21 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\kalomawu.dll
[2009/07/12 21:17:21 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\rigitaza.dll
[2009/07/12 09:17:20 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\yatorolo.dll
[2009/07/12 09:17:20 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\leyafapa.dll
[2009/07/11 21:17:09 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\rufobuwa.dll
[2009/07/11 21:17:09 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\seweyaka.dll
[2009/07/11 09:17:07 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\vajilola.dll
[2009/07/11 09:17:07 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\gakewadu.dll
[2009/07/10 21:16:54 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\yiwosaku.dll
[2009/07/10 21:16:54 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jedudisu.dll
[2009/07/10 09:16:42 | 00,090,624 | -HS- | C] () -- C:\WINDOWS\System32\daletoje.dll
[2009/07/10 09:16:42 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\biyajoze.dll
[2009/07/09 21:16:29 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\hegiguve.dll
[2009/07/09 21:16:29 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\dibehaki.dll
[2009/07/09 09:16:18 | 00,090,624 | -HS- | C] () -- C:\WINDOWS\System32\lapupayi.dll
[2009/07/09 09:16:18 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zokemohi.dll
[2009/07/08 21:16:07 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fironage.dll
[2009/07/08 09:15:46 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\yirumuno.dll
[2009/07/08 09:15:46 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\pitorewe.dll
[2009/07/07 21:15:20 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\lolozima.dll
[2009/07/07 09:15:04 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\rotapote.dll
[2009/07/07 09:15:04 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\sepowumu.dll
[2009/07/06 21:14:58 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\kapekabo.dll
[2009/07/06 09:14:51 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\sivufayo.dll
[2009/07/06 09:14:51 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\bujiluro.dll
[2009/07/05 09:14:28 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\vikewami.dll
[2009/07/04 21:14:19 | 00,090,624 | -HS- | C] () -- C:\WINDOWS\System32\pulasiya.dll
[2009/07/04 09:14:00 | 00,090,624 | -HS- | C] () -- C:\WINDOWS\System32\mekaboge.dll
[2009/07/04 09:14:00 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\jamoyiye.dll
[2009/07/03 21:13:51 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\dayatife.dll
[2009/07/03 09:13:25 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\madujeri.dll
[2009/07/03 09:13:25 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\numisufe.dll
[2009/07/02 21:13:04 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\panosiru.dll
[2009/07/02 21:13:04 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\petaziwe.dll
[2009/07/02 09:13:41 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\biyebafi.dll
[2009/07/01 17:14:24 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\disimeji.dll
[2009/07/01 17:14:24 | 00,027,136 | -HS- | C] () -- C:\WINDOWS\System32\raveyuru.dll
[2009/07/01 05:18:54 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\tageruzi.dll
[2009/06/30 16:41:19 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\bozagudu.dll
[2009/06/30 16:41:19 | 00,050,688 | -HS- | C] () -- C:\WINDOWS\System32\biniyogi.dll
[2009/06/29 04:40:59 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\vobulofo.dll
[2009/06/28 16:41:00 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\zevehahu.dll
[2009/06/28 16:41:00 | 00,037,376 | -HS- | C] () -- C:\WINDOWS\System32\vemopado.dll
[2009/06/27 16:40:34 | 00,036,864 | -HS- | C] () -- C:\WINDOWS\System32\siyokume.dll
[2009/06/27 04:40:19 | 00,036,864 | -HS- | C] () -- C:\WINDOWS\System32\kodesalo.dll
[2009/06/26 16:40:17 | 00,036,864 | -HS- | C] () -- C:\WINDOWS\System32\tadeyike.dll
[2009/06/26 04:39:51 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\fosadite.dll
[2009/06/25 16:39:40 | 00,049,664 | -HS- | C] () -- C:\WINDOWS\System32\vorosuka.dll
[2009/06/24 16:39:19 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\rulufutu.dll
[2009/06/24 04:40:13 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\milufuro.dll
[2009/05/19 09:27:48 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/02 15:04:27 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/09 15:54:15 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\User\Application Data\desktop.ini
[2007/09/21 02:14:56 | 00,002,512 | ---- | C] () -- C:\Documents and Settings\User\Application Data\wklnhst.dat
[2007/09/20 21:55:51 | 00,034,872 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/05/15 14:13:00 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/10 16:00:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/10 14:58:21 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/03/20 19:26:30 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/03/20 15:20:51 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/20 15:20:51 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/20 15:20:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/20 15:20:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/20 15:20:51 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/20 15:20:51 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/20 15:17:30 | 00,000,216 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/20 15:03:16 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/03/20 15:02:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/20 14:46:03 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/20 14:46:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/20 14:46:03 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/20 14:46:03 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/20 14:40:34 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/03/20 14:13:25 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/20 14:05:59 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/20 12:53:09 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/20 12:49:43 | 00,000,719 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/03/20 12:49:34 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/03/20 06:01:49 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/01/30 18:15:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/24 19:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/03/22 00:02:24 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\eztw32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA029835
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77248999
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 10/20/2009 4:44:37 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.04 Mb Total Physical Memory | 98.36 Mb Available Physical Memory | 22.05% Memory free
1.03 Gb Paging File | 0.70 Gb Available in Paging File | 67.63% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.31 Gb Total Space | 51.69 Gb Free Space | 74.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: User
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1142882959\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1142882959\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\1147717006\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1147717006\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- (Yahoo!)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found
"C:\Program Files\att-nap\McciBrowser.exe" = C:\Program Files\att-nap\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Documents and Settings\User\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\User\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\11233904\11233904.exe" = C:\Documents and Settings\All Users\Application Data\11233904\11233904.exe:*:Enabled:11233904 -- File not found
"C:\Program Files\Dell Video Chat\DellVideoChat.exe" = C:\Program Files\Dell Video Chat\DellVideoChat.exe:*:Enabled:Dell Video Chat -- (Dell Inc. and SightSpeed Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI/PCIe card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{117CD9C0-0F15-4633-93D7-F957B50535A5}" = Popup Blocker (Windows Live Toolbar)
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1707BF02-0F5C-4A6C-8F17-053BB73E443F}" = Tabbed Browsing (Windows Live Toolbar)
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2243C6DC-39EA-4D5E-B743-3AE510A91B3A}" = WeatherBug
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Google AFE
"{3F99D180-34C3-4151-8C6C-86FC5D7BDFBD}" = Hoyle Casino
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{97D8751D-18A4-482B-9E9C-31DAD9BEC1EC}" = MyConnect Special Offer
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A40D6757-B145-4FE7-B694-89180A9F3F64}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet NIC Driver
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}" = Windows Live Favorites for Windows Live Toolbar
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B58743-123D-4748-9FDD-F1FA0E463662}" = WAH System Verification
"{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}" = Form Fill (Windows Live Toolbar)
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{F8024EB8-5B34-46FE-B15D-20ACF26FC20E}" = Hoyle Puzzle and Board Games
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"America Online us" = America Online (Choose which version to remove)
"ATI Display Driver" = ATI Display Driver
"ATT-SST" = AT&T Self Support Tool
"ATTToolbar" = AT&T Toolbar
"Dell Video Chat" = Dell Video Chat
"Google Chrome" = Google Chrome
"Hard Disk Recovery Utilities" = Hard Disk Recovery Utilities
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstall Wizard
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monopoly Here & Now Edition" = Monopoly Here & Now Edition
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyScribe" = MyScribe
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Power Saver" = TOSHIBA Power Saver
"Product_Name" = Digital Camera Manager
"QuickTime" = QuickTime
"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 6.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT004725" = SCRABBLE
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Music Engine" = Yahoo! Music Jukebox

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/16/2009 12:49:38 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8089.726, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2009 11:27:46 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application AZVENA.scr, version 1.0.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/17/2009 9:06:53 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10a.ocx, version 10.0.12.36, fault address 0x0003eb6a.

Error - 9/17/2009 9:10:33 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10a.ocx, version 10.0.12.36, fault address 0x0003eb6a.

Error - 9/18/2009 5:02:56 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/20/2009 5:47:25 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/22/2009 9:54:41 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/23/2009 8:01:05 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application dellvideochat.exe, version 6.0.0.6564, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00028c0b.

Error - 9/23/2009 9:38:10 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/24/2009 4:46:14 AM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/18/2009 11:04:46 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

Error - 10/18/2009 11:04:46 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 10/19/2009 11:10:02 AM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/20/2009 12:32:48 AM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/20/2009 12:33:55 AM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 10/20/2009 12:33:55 AM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service ALG with arguments
"" in order to run the server: {D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error - 10/20/2009 12:33:55 AM | Computer Name = TOSHIBA-USER | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.1, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 10/20/2009 12:34:51 AM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/20/2009 12:35:21 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

Error - 10/20/2009 12:37:22 AM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:43 AM

Posted 20 October 2009 - 06:55 PM

Hi,

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 Paytonjrd

Paytonjrd
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Augusta, Georgia
  • Local time:05:43 PM

Posted 21 October 2009 - 12:37 AM

ComboFix 09-10-20.03 - User 10/20/2009 23:47.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.114 [GMT -4:00]
Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\igileqe.inf
c:\documents and settings\All Users\Application Data\iquju.bat
c:\documents and settings\All Users\Documents\arunaw.vbs
c:\documents and settings\All Users\Documents\cejuc.reg
c:\documents and settings\All Users\Documents\idynulihas.inf
c:\documents and settings\All Users\Documents\ocarubiqac.bat
c:\documents and settings\User\Application Data\2053874250
c:\documents and settings\User\Application Data\2053874250\2053874250.bat
c:\documents and settings\User\Application Data\2053874250\2053874250.cfg
c:\documents and settings\User\Application Data\2053874250\2053874250.exe




c:\documents and settings\User\Application Data\2279535808
c:\documents and settings\User\Application Data\2279535808\2279535808.bat
c:\documents and settings\User\Application Data\2279535808\2279535808.cfg
c:\documents and settings\User\Application Data\2279535808\2279535808.exe
c:\documents and settings\User\Application Data\3814167408
c:\documents and settings\User\Application Data\3814167408\3814167408.bat
c:\documents and settings\User\Application Data\3814167408\3814167408.cfg
c:\documents and settings\User\Application Data\3814167408\3814167408.exe
c:\documents and settings\User\Application Data\6011467302
c:\documents and settings\User\Application Data\6011467302\6011467302.bat
c:\documents and settings\User\Application Data\6011467302\6011467302.cfg
c:\documents and settings\User\Application Data\6011467302\6011467302.exe
c:\documents and settings\User\Application Data\6489321741
c:\documents and settings\User\Application Data\6489321741\6489321741.bat
c:\documents and settings\User\Application Data\6489321741\6489321741.cfg
c:\documents and settings\User\Application Data\6489321741\6489321741.exe
c:\documents and settings\User\Application Data\8966544956
c:\documents and settings\User\Application Data\8966544956\8966544956.bat
c:\documents and settings\User\Application Data\8966544956\8966544956.cfg
c:\documents and settings\User\Application Data\8966544956\8966544956.exe
c:\documents and settings\User\Application Data\fekunir.bat
c:\documents and settings\User\Cookies\diwerazy._dl
c:\documents and settings\User\Cookies\faner.reg
c:\documents and settings\User\Cookies\hurizis.pif
c:\documents and settings\User\Cookies\iluge.reg
c:\documents and settings\User\Cookies\iwod.ban
c:\documents and settings\User\Cookies\jiqag.inf
c:\documents and settings\User\Cookies\jyrapyjepe.vbs
c:\documents and settings\User\Cookies\ocuhebix.lib
c:\documents and settings\User\Cookies\pefisykep._sy
c:\documents and settings\User\Cookies\qybyj.reg
c:\documents and settings\User\Cookies\rapyto._sy
c:\documents and settings\User\Cookies\unasap.bin
c:\documents and settings\User\Desktop\Security Tool.lnk
c:\documents and settings\User\Local Settings\Application Data\bodajecaga.bat
c:\documents and settings\User\Local Settings\Application Data\cyqihoku.vbs
c:\documents and settings\User\Local Settings\Application Data\gymavesor.reg
c:\documents and settings\User\Local Settings\Application Data\oluduwi.vbs
c:\documents and settings\User\Local Settings\Application Data\wukax.inf
c:\documents and settings\User\Local Settings\Application Data\zasyc.vbs
c:\documents and settings\User\Local Settings\Temporary Internet Files\abyhuxevar.vbs
c:\documents and settings\User\Local Settings\Temporary Internet Files\alymewi.bat
c:\documents and settings\User\Local Settings\Temporary Internet Files\bimehyne.com
c:\documents and settings\User\Local Settings\Temporary Internet Files\dikak._dl
c:\documents and settings\User\Local Settings\Temporary Internet Files\ejezita.db
c:\documents and settings\User\Local Settings\Temporary Internet Files\evef._sy
c:\documents and settings\User\Local Settings\Temporary Internet Files\hezuwe.reg
c:\documents and settings\User\Local Settings\Temporary Internet Files\ikysawuvo.com
c:\documents and settings\User\Local Settings\Temporary Internet Files\iwonyhi.dat
c:\documents and settings\User\Local Settings\Temporary Internet Files\lerugyka.db
c:\documents and settings\User\Local Settings\Temporary Internet Files\ogiged.dat
c:\documents and settings\User\Local Settings\Temporary Internet Files\qirydil.scr
c:\documents and settings\User\Local Settings\Temporary Internet Files\xopevol.vbs
c:\documents and settings\User\Local Settings\Temporary Internet Files\ybiwedev.scr
c:\documents and settings\User\Local Settings\Temporary Internet Files\yruzopo.ban
c:\documents and settings\User\Local Settings\Temporary Internet Files\zewekehohy.inf
c:\documents and settings\User\Start Menu\Programs\Security Tool.lnk
c:\program files\Common Files\awyqasufak.vbs
c:\program files\Common Files\exyhajefo.reg
c:\program files\Common Files\gotuxuk.reg
c:\program files\Common Files\kagy.bat
c:\program files\Common Files\okyrideqa.bat
c:\program files\Common Files\orapyj.reg
c:\windows\ceseq.vbs
c:\windows\ebuqolapo.exe
c:\windows\ekikucapo.vbs
c:\windows\exiqezyl._sy
c:\windows\hazakubezu.exe
c:\windows\heda.vbs
c:\windows\Installer\2ad26be.msp
c:\windows\inuqaximuv.reg
c:\windows\iqapajuga.scr
c:\windows\nubuso.vbs
c:\windows\qocyt.dll
c:\windows\requvupit.exe
c:\windows\svohost.exe
c:\windows\system32\ahademevom.reg
c:\windows\system32\baguteja.dll
c:\windows\system32\bijikoko.dll
c:\windows\system32\biniyogi.dll
c:\windows\system32\biyajoze.dll
c:\windows\system32\biyebafi.dll
c:\windows\system32\bizubudu.exe
c:\windows\system32\bozagudu.dll
c:\windows\system32\bujiluro.dll
c:\windows\system32\daletoje.dll
c:\windows\system32\dayatife.dll
c:\windows\system32\demojesa.dll
c:\windows\system32\dibehaki.dll
c:\windows\system32\dikemude.dll.tmp
c:\windows\system32\disimeji.dll
c:\windows\system32\dobipimo.exe
c:\windows\system32\drivers\gasfkyvtcparmy.sys
c:\windows\system32\dujupesa.dll.tmp
c:\windows\system32\fironage.dll
c:\windows\system32\firugoti.dll
c:\windows\system32\fiyusuka.dll
c:\windows\system32\fosadite.dll
c:\windows\system32\fotufuga.dll
c:\windows\system32\gahiboru.dll.tmp
c:\windows\system32\gakewadu.dll
c:\windows\system32\gasfkyexpmbvoa.dll
c:\windows\system32\gasfkyhtkndgmr.dll
c:\windows\system32\gasfkykyrbfhgu.dat
c:\windows\system32\gasfkynsbpjovy.dll
c:\windows\system32\gasfkyqmulxpom.dat
c:\windows\system32\gepesiso.exe
c:\windows\system32\godojuje.dll.tmp
c:\windows\system32\gukowema.exe
c:\windows\system32\gulipame.dll
c:\windows\system32\hegiguve.dll
c:\windows\system32\hivunote.dll
c:\windows\system32\hufugido.dll
c:\windows\system32\huhugafe.dll
c:\windows\system32\jamoyiye.dll
c:\windows\system32\jedudisu.dll
c:\windows\system32\jipiluho.dll.tmp
c:\windows\system32\jubodaso.dll
c:\windows\system32\juhijudu.dll
c:\windows\system32\juzeziwi.dll
c:\windows\system32\kalomawu.dll
c:\windows\system32\kapekabo.dll
c:\windows\system32\keyamemu.exe
c:\windows\system32\kidejabe.dll.tmp
c:\windows\system32\kimuremo.dll
c:\windows\system32\kodesalo.dll
c:\windows\system32\kovihihi.dll
c:\windows\system32\lalihihe.exe
c:\windows\system32\lapupayi.dll
c:\windows\system32\leyafapa.dll
c:\windows\system32\lolozima.dll
c:\windows\system32\lovafufu.exe
c:\windows\system32\madujeri.dll
c:\windows\system32\mekaboge.dll
c:\windows\system32\meridewa.dll.tmp
c:\windows\system32\milufuro.dll
c:\windows\system32\mirevipu.exe
c:\windows\system32\muhofola.exe
c:\windows\system32\neweyoko.dll
c:\windows\system32\niludesa.exe
c:\windows\system32\norozuse.exe
c:\windows\system32\norupeze.exe
c:\windows\system32\numisufe.dll
c:\windows\system32\nurehaha.dll.tmp
c:\windows\system32\oruk.bat
c:\windows\system32\panosiru.dll
c:\windows\system32\pejolido.dll.tmp
c:\windows\system32\petaziwe.dll
c:\windows\system32\pitorewe.dll
c:\windows\system32\pulasiya.dll
c:\windows\system32\pump.exe
c:\windows\system32\raveyuru.dll
c:\windows\system32\rigitaza.dll
c:\windows\system32\rividudo.dll.tmp
c:\windows\system32\rotapote.dll
c:\windows\system32\rufobuwa.dll
c:\windows\system32\rulufutu.dll
c:\windows\system32\schtml
c:\windows\system32\schtml\dbsinit.exe
c:\windows\system32\schtml\images\i1.gif
c:\windows\system32\schtml\images\i2.gif
c:\windows\system32\schtml\images\i3.gif
c:\windows\system32\schtml\images\j1.gif
c:\windows\system32\schtml\images\j2.gif
c:\windows\system32\schtml\images\j3.gif
c:\windows\system32\schtml\images\jj1.gif
c:\windows\system32\schtml\images\jj2.gif
c:\windows\system32\schtml\images\jj3.gif
c:\windows\system32\schtml\images\l1.gif
c:\windows\system32\schtml\images\l2.gif
c:\windows\system32\schtml\images\l3.gif
c:\windows\system32\schtml\images\pix.gif
c:\windows\system32\schtml\images\t1.gif
c:\windows\system32\schtml\images\t2.gif
c:\windows\system32\schtml\images\up1.gif
c:\windows\system32\schtml\images\up2.gif
c:\windows\system32\schtml\images\w1.gif
c:\windows\system32\schtml\images\w11.gif
c:\windows\system32\schtml\images\w2.gif
c:\windows\system32\schtml\images\w3.gif
c:\windows\system32\schtml\images\w3.jpg
c:\windows\system32\schtml\images\wt1.gif
c:\windows\system32\schtml\images\wt2.gif
c:\windows\system32\schtml\images\wt3.gif
c:\windows\system32\schtml\wispex.html
c:\windows\system32\sepowumu.dll
c:\windows\system32\seweyaka.dll
c:\windows\system32\sivufayo.dll
c:\windows\system32\siyokume.dll
c:\windows\system32\sofofuhi.exe
c:\windows\system32\soviveri.exe
c:\windows\system32\sovozele.dll
c:\windows\system32\tadeyike.dll
c:\windows\system32\tageruzi.dll
c:\windows\system32\tahiraga.exe
c:\windows\system32\tahuhabu.dll.tmp
c:\windows\system32\tanadafe.exe
c:\windows\system32\tatetimo.exe
c:\windows\system32\tebanara.dll.tmp
c:\windows\system32\telodupo.exe
c:\windows\system32\tezojuyu.dll.tmp
c:\windows\system32\tihupime.exe
c:\windows\system32\vajilola.dll
c:\windows\system32\vatimete.dll.tmp
c:\windows\system32\vemopado.dll
c:\windows\system32\vetaweyo.dll
c:\windows\system32\vetidika.dll
c:\windows\system32\vidomovo.dll
c:\windows\system32\vikewami.dll
c:\windows\system32\viriteda.exe
c:\windows\system32\vobulofo.dll
c:\windows\system32\vorosuka.dll
c:\windows\system32\vuwozisa.exe
c:\windows\system32\wejuwava.exe
c:\windows\system32\wetogasi.exe
c:\windows\system32\wibotelo.exe
c:\windows\system32\wupesiki.exe
c:\windows\system32\yajulose.exe
c:\windows\system32\yatorolo.dll
c:\windows\system32\yedejava.dll
c:\windows\system32\yirumuno.dll
c:\windows\system32\yiwosaku.dll
c:\windows\system32\yofabutu.dll.tmp
c:\windows\system32\zagubura.dll
c:\windows\system32\zejitune.exe
c:\windows\system32\zekibawi.dll
c:\windows\system32\zevehahu.dll
c:\windows\system32\zokemohi.dll
c:\windows\system32\zukogulu.dll
c:\windows\tisigiw.vbs
c:\windows\unulehebed.scr
c:\windows\utapok.reg
c:\windows\uvonyc.scr
c:\windows\wf3.dat
c:\windows\wf4.dat
c:\windows\wuvyqesa.inf
c:\windows\xajyzaky.inf
c:\windows\ynul.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gasfkyobubkwnk
-------\Legacy_gasfkyobubkwnk
-------\Legacy_ANTIPOL


((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-17 14:26 . 2009-10-17 14:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-10-16 13:41 . 2009-10-16 13:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-10-16 12:59 . 2009-10-20 01:25 58 ----a-w- c:\windows\wp4.dat
2009-10-16 12:59 . 2009-10-20 01:25 1 ----a-w- c:\windows\wp3.dat
2009-10-16 03:36 . 2009-10-16 06:41 -------- d-----w- c:\program files\kiviqw
2009-10-14 13:47 . 2009-10-14 13:47 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Real
2009-10-14 13:46 . 2009-10-14 13:46 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-04 23:24 . 2009-10-04 23:24 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-10-04 23:24 . 2009-10-04 23:24 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2009-10-04 23:22 . 2009-10-04 23:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-10-03 05:34 . 2009-10-15 05:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-30 20:41 . 2009-09-30 20:41 262 ----a-w- c:\documents and settings\User\Application Data\9917130758\9917130758.bat
2009-09-30 20:41 . 2009-09-30 20:41 1047076 ----a-w- c:\documents and settings\User\Application Data\9917130758\9917130758.exe
2009-09-30 20:41 . 2009-09-30 20:41 -------- d-----w- c:\documents and settings\User\Application Data\9917130758
2009-09-25 01:38 . 2009-09-25 01:38 -------- d-----w- c:\documents and settings\Mz. Shanti\Application Data\Malwarebytes
2009-09-25 01:18 . 2009-09-25 01:18 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-09-25 01:17 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 01:17 . 2009-09-25 01:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 01:17 . 2009-09-25 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-25 01:17 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-24 12:47 . 2009-09-24 12:47 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla
2009-09-24 09:52 . 2009-09-24 09:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee.com Personal Firewall
2009-09-24 01:43 . 2009-09-24 01:43 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\WMTools Downloaded Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 12:40 . 2009-08-25 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar
2009-10-16 03:36 . 2009-09-14 22:41 -------- d-----w- c:\program files\Spyware Doctor
2009-10-16 03:02 . 2009-09-03 03:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-15 13:18 . 2009-07-15 13:18 1117124 --sha-w- c:\windows\system32\yuligugu.exe
2009-10-14 13:46 . 2006-03-20 19:30 -------- d-----w- c:\program files\Common Files\Real
2009-10-14 13:46 . 2003-08-13 01:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-14 13:46 . 2003-08-13 01:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-14 13:45 . 2006-03-20 22:02 -------- d-----w- c:\program files\Google
2009-10-13 00:56 . 2007-09-21 06:14 2512 ----a-w- c:\documents and settings\User\Application Data\wklnhst.dat
2009-10-08 02:49 . 2009-09-03 03:06 -------- d-----w- c:\documents and settings\User\Application Data\MyScribe
2009-10-01 21:14 . 2009-07-01 21:14 1048100 --sha-w- c:\windows\system32\pezivuja.exe
2009-10-01 12:50 . 2007-09-21 01:55 34872 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-01 09:18 . 2009-07-01 09:18 1047588 --sha-w- c:\windows\system32\vopatuse.exe
2009-09-30 20:41 . 2009-06-30 20:41 1047076 --sha-w- c:\windows\system32\pigopimu.exe
2009-09-24 12:37 . 2009-09-16 13:10 -------- d-----w- c:\program files\Weemi
2009-09-24 12:36 . 2009-09-07 15:09 -------- d-----w- c:\program files\STMicroelectronics
2009-09-24 12:33 . 2009-09-16 13:10 -------- d-----w- c:\program files\My.Freeze.com Toolbar
2009-09-20 18:10 . 2009-09-19 12:20 -------- d-----w- c:\documents and settings\User\Application Data\Hoyle Puzzle and Board Games
2009-09-19 12:21 . 2009-09-19 12:20 -------- d-----w- c:\documents and settings\User\Application Data\Hoyle FaceCreator
2009-09-17 01:07 . 2006-03-20 18:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-17 01:05 . 2009-09-17 01:00 -------- d-----w- c:\program files\Encore
2009-09-17 00:56 . 2009-09-17 00:56 -------- d-----w- c:\program files\Hasbro
2009-09-16 13:11 . 2009-09-16 13:11 -------- d-----w- c:\documents and settings\User\Application Data\WeatherBug
2009-09-16 13:11 . 2009-09-16 13:11 -------- d-----w- c:\program files\AWS
2009-09-15 19:51 . 2009-09-15 19:51 18844 ----a-w- c:\program files\Common Files\xarifat.exe
2009-09-15 19:51 . 2009-09-15 19:51 15809 ----a-w- c:\documents and settings\User\Local Settings\Application Data\azypa.scr
2009-09-15 19:51 . 2009-09-15 19:51 15045 ----a-w- c:\documents and settings\All Users\Application Data\yxon.pif
2009-09-15 19:51 . 2009-09-15 19:51 14121 ----a-w- c:\documents and settings\All Users\Application Data\gijuqiceh.sys
2009-09-15 19:51 . 2009-09-15 19:51 11598 ----a-w- c:\documents and settings\User\Application Data\ufotid.scr
2009-09-15 19:51 . 2009-09-15 19:51 11598 ----a-w- c:\documents and settings\User\Application Data\ufotid.scr
2009-09-15 05:16 . 2009-09-14 22:42 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-15 05:16 . 2009-09-15 05:16 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 00:09 . 2006-03-20 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-09-14 23:49 . 2009-09-14 23:49 13833 ----a-w- c:\documents and settings\User\Application Data\azidahyd.pif
2009-09-14 23:49 . 2009-09-14 23:49 13833 ----a-w- c:\documents and settings\User\Application Data\azidahyd.pif
2009-09-14 23:49 . 2009-09-14 23:49 13163 ----a-w- c:\documents and settings\User\Application Data\aneduhos.bin
2009-09-14 23:49 . 2009-09-14 23:49 19805 ----a-w- c:\documents and settings\User\Application Data\uwyryse.exe
2009-09-14 23:49 . 2009-09-14 23:49 19805 ----a-w- c:\documents and settings\User\Application Data\uwyryse.exe
2009-09-14 23:49 . 2009-09-14 23:49 18576 ----a-w- c:\windows\system32\ivam.exe
2009-09-14 23:49 . 2009-09-14 23:49 17690 ----a-w- c:\program files\Common Files\wuxepowen.ban
2009-09-14 23:49 . 2009-09-14 23:49 15773 ----a-w- c:\windows\umuh.sys
2009-09-14 23:49 . 2009-09-14 23:49 15289 ----a-w- c:\program files\Common Files\ybikeji._sy
2009-09-14 23:49 . 2009-09-14 23:49 14192 ----a-w- c:\documents and settings\User\Local Settings\Application Data\nydulih.pif
2009-09-14 23:49 . 2009-09-14 23:49 12345 ----a-w- c:\documents and settings\All Users\Application Data\icaniz.exe
2009-09-14 23:36 . 2009-09-14 23:36 19093 ----a-w- c:\documents and settings\User\Application Data\losugekyl.dll
2009-09-14 23:36 . 2009-09-14 23:36 19093 ----a-w- c:\documents and settings\User\Application Data\losugekyl.dll
2009-09-14 23:36 . 2009-09-14 23:36 19031 ----a-w- c:\windows\edytisevav.sys
2009-09-14 23:36 . 2009-09-14 23:36 14894 ----a-w- c:\windows\oqiqulixo.sys
2009-09-14 23:36 . 2009-09-14 23:36 14386 ----a-w- c:\windows\zesa.sys
2009-09-14 23:36 . 2009-09-14 23:36 13600 ----a-w- c:\program files\Common Files\ipenycazan.dat
2009-09-14 23:20 . 2009-09-14 23:20 19483 ----a-w- c:\program files\Common Files\cosam.ban
2009-09-14 23:20 . 2009-09-14 23:20 19323 ----a-w- c:\documents and settings\User\Local Settings\Application Data\paholuh.sys
2009-09-14 23:20 . 2009-09-14 23:20 18569 ----a-w- c:\documents and settings\User\Local Settings\Application Data\ofuvinexa.com
2009-09-14 23:20 . 2009-09-14 23:20 16161 ----a-w- c:\documents and settings\User\Application Data\cyjubykam.dat
2009-09-14 23:20 . 2009-09-14 23:20 16117 ----a-w- c:\program files\Common Files\ufocoxeq.bin
2009-09-14 23:20 . 2009-09-14 23:20 10167 ----a-w- c:\documents and settings\User\Application Data\tyhunanas.com
2009-09-14 23:20 . 2009-09-14 23:20 10167 ----a-w- c:\documents and settings\User\Application Data\tyhunanas.com
2009-09-14 23:19 . 2009-09-14 23:19 19458 ----a-w- c:\documents and settings\User\Application Data\butimy.com
2009-09-14 23:19 . 2009-09-14 23:19 19458 ----a-w- c:\documents and settings\User\Application Data\butimy.com
2009-09-14 23:19 . 2009-09-14 23:19 17635 ----a-w- c:\documents and settings\All Users\Application Data\facuhuh.pif
2009-09-14 22:43 . 2009-09-14 22:41 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-14 22:41 . 2009-09-14 22:41 -------- d-----w- c:\documents and settings\User\Application Data\PC Tools
2009-09-14 22:41 . 2009-09-14 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-14 22:30 . 2009-09-14 22:30 -------- d-----w- c:\documents and settings\Mz. Shanti\Application Data\Yahoo!
2009-09-14 20:30 . 2007-10-09 19:54 -------- d-----w- c:\documents and settings\User\Application Data\McAfee.com Personal Firewall
2009-09-14 20:19 . 2009-09-14 20:19 17474 ----a-w- c:\windows\iwezubuvi.com
2009-09-14 20:19 . 2009-09-14 20:19 15481 ----a-w- c:\windows\xehy.bin
2009-09-14 20:19 . 2009-09-14 20:19 13748 ----a-w- c:\program files\Common Files\kelyradaq._sy
2009-09-14 20:19 . 2009-09-14 20:19 12244 ----a-w- c:\windows\libixa.pif
2009-09-14 19:58 . 2009-09-14 19:58 19922 ----a-w- c:\windows\system32\wobegyhe.bin
2009-09-14 19:58 . 2009-09-14 19:58 19592 ----a-w- c:\windows\divunosyco.com
2009-09-14 19:58 . 2009-09-14 19:58 18900 ----a-w- c:\windows\eceri.pif
2009-09-14 19:58 . 2009-09-14 19:58 18834 ----a-w- c:\program files\Common Files\ipyhyzumow.sys
2009-09-14 19:58 . 2009-09-14 19:58 17962 ----a-w- c:\program files\Common Files\bytecaqote.dl
2009-09-14 19:58 . 2009-09-14 19:58 14629 ----a-w- c:\windows\tonefe.sys
2009-09-14 19:58 . 2009-09-14 19:58 14242 ----a-w- c:\windows\modetyz.bin
2009-09-14 19:58 . 2009-09-14 19:58 13234 ----a-w- c:\documents and settings\All Users\Application Data\iniqopavy.sys
2009-09-14 19:58 . 2009-09-14 19:58 12861 ----a-w- c:\documents and settings\User\Application Data\apuwyk.bin
2009-09-14 19:58 . 2009-09-14 19:58 12525 ----a-w- c:\windows\system32\lihyvevyci.com
2009-09-14 19:58 . 2009-09-14 19:58 11532 ----a-w- c:\windows\system32\hediqo.dat
2009-09-14 19:58 . 2009-09-14 19:58 10754 ----a-w- c:\program files\Common Files\zuxuvibake.scr
2009-09-14 19:31 . 2006-03-20 18:51 -------- d-----w- c:\program files\Java
2009-09-14 19:30 . 2009-09-14 19:30 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-14 18:58 . 2006-04-03 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2009-09-13 16:41 . 2009-09-13 16:41 19157 ----a-w- c:\program files\Common Files\ezebova.db
2009-09-13 16:41 . 2009-09-13 16:41 18217 ----a-w- c:\documents and settings\User\Application Data\susux.bin
2009-09-13 16:41 . 2009-09-13 16:41 16930 ----a-w- c:\documents and settings\All Users\Application Data\ygeziwet.bin
2009-09-13 16:41 . 2009-09-13 16:41 14977 ----a-w- c:\documents and settings\All Users\Application Data\timo.sys
2009-09-13 16:41 . 2009-09-13 16:41 12179 ----a-w- c:\program files\Common Files\asulace.db
2009-09-13 16:41 . 2009-09-13 16:41 11746 ----a-w- c:\documents and settings\User\Application Data\uwuquvoty.pif
2009-09-13 16:41 . 2009-09-13 16:41 11746 ----a-w- c:\documents and settings\User\Application Data\uwuquvoty.pif
2009-09-13 16:41 . 2009-09-13 16:41 10061 ----a-w- c:\windows\system32\omab.scr
2009-09-09 07:30 . 2009-09-04 01:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 03:01 . 2009-09-09 02:57 -------- d-----w- c:\documents and settings\User\Application Data\mjusbsp
2009-09-08 23:36 . 2009-08-25 21:58 -------- d-----w- c:\documents and settings\User\Application Data\ATTToolbar
2009-09-07 15:08 . 2009-09-07 15:08 -------- d-----w- c:\program files\Digital Camera Manager
2009-09-07 15:08 . 2009-09-07 15:08 286720 ----a-w- c:\windows\iun506.exe
2009-09-06 03:35 . 2006-03-20 19:03 -------- d-----w- c:\program files\Toshiba Games
2009-09-06 03:31 . 2006-05-15 18:17 -------- d-----w- c:\program files\Real
2009-09-05 12:29 . 2009-09-05 12:29 -------- d-----w- c:\program files\MSBuild
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-03-06 356352]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-03 82012]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-09 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-12 1005096]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-15 98304]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-14 198160]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-04 88204]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]
"CFSServ.exe"="CFSServ.exe" [BU]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-3-20 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147717006\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\User\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/14/2009 6:42 PM 206256]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/3/2009 9:37 PM 54752]
S2 gupdate1ca4cd4724b8e94;Google Update Service (gupdate1ca4cd4724b8e94);c:\program files\Google\Update\GoogleUpdate.exe [10/14/2009 9:44 AM 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 13:44]

2009-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 13:44]

2009-10-21 c:\windows\Tasks\User_Feed_Synchronization-{54C966A6-71CE-4333-9DEB-A3931F16C581}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f823e723baad4e13bf85bea9a32e5c08
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f823e723baad4e13bf85bea9a32e5c08
Trusted Zone: motive.com\patttbc.att
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\drlycl1z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{e7ff75c4-7ea2-4529-bd6d-1c4e2c116b8e} - juhijudu.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKLM-Run-sahetijali - huhugafe.dll
SharedTaskScheduler-{d67617a4-5561-4aef-90f8-4f6200a7db3a} - c:\windows\system32\kayufegi.dll
SharedTaskScheduler-{7451d33c-7020-44bb-aa38-d95250668339} - c:\windows\system32\bosurezo.dll
SharedTaskScheduler-{3736bffc-5216-45fd-b309-a400d2fe4831} - c:\windows\system32\gusogire.dll
SharedTaskScheduler-{8619ca7f-0d16-46bf-be73-bd972bc3aca4} - c:\windows\system32\navaguke.dll
SharedTaskScheduler-{23cbc430-1cc0-4c11-842a-d93b5002b3e8} - c:\windows\system32\nesebaba.dll
SharedTaskScheduler-{63852096-7d07-4aa8-94be-cbfcb9392cfe} - c:\windows\system32\lihujedo.dll
SharedTaskScheduler-{5f0b3a62-4530-4f16-ae77-2d3d45014ece} - c:\windows\system32\dipagowe.dll
SharedTaskScheduler-{3a93c760-4a2d-40bd-9f4d-a176b4e7c1c0} - c:\windows\system32\gufomafe.dll
SharedTaskScheduler-{30772096-01ab-4277-8f44-3d5d00fff14b} - c:\windows\system32\gomevibi.dll
SharedTaskScheduler-{70639040-7bd4-41dc-aed6-e019e3ce3689} - c:\windows\system32\tumalewu.dll
SharedTaskScheduler-{acab6f16-6b4b-48cc-b2e8-11b33a76f044} - c:\windows\system32\lutawudi.dll
SharedTaskScheduler-{3227433f-a76a-4192-a9db-aec44efc8b29} - c:\windows\system32\lutawudi.dll
SharedTaskScheduler-{ca268371-f8cc-4e81-bcdf-df6fa03061ad} - c:\windows\system32\lutawudi.dll
SharedTaskScheduler-{4638290f-671f-4b5a-bd80-218555152df7} - c:\windows\system32\lutawudi.dll
SharedTaskScheduler-{4f87ebd6-611f-4828-83d8-98412397a491} - c:\windows\system32\vetidika.dll
SSODL-pusezeyed-{d67617a4-5561-4aef-90f8-4f6200a7db3a} - c:\windows\system32\kayufegi.dll
SSODL-vawebedan-{7451d33c-7020-44bb-aa38-d95250668339} - c:\windows\system32\bosurezo.dll
SSODL-nadojorud-{3736bffc-5216-45fd-b309-a400d2fe4831} - c:\windows\system32\gusogire.dll
SSODL-vuwuketim-{8619ca7f-0d16-46bf-be73-bd972bc3aca4} - c:\windows\system32\navaguke.dll
SSODL-vudigesig-{23cbc430-1cc0-4c11-842a-d93b5002b3e8} - c:\windows\system32\nesebaba.dll
SSODL-yosalubuf-{63852096-7d07-4aa8-94be-cbfcb9392cfe} - c:\windows\system32\lihujedo.dll
SSODL-vamamazel-{5f0b3a62-4530-4f16-ae77-2d3d45014ece} - c:\windows\system32\dipagowe.dll
SSODL-yafesoker-{3a93c760-4a2d-40bd-9f4d-a176b4e7c1c0} - c:\windows\system32\gufomafe.dll
SSODL-timobebul-{30772096-01ab-4277-8f44-3d5d00fff14b} - c:\windows\system32\gomevibi.dll
SSODL-pigidosiw-{70639040-7bd4-41dc-aed6-e019e3ce3689} - c:\windows\system32\tumalewu.dll
SSODL-hefemokip-{acab6f16-6b4b-48cc-b2e8-11b33a76f044} - c:\windows\system32\lutawudi.dll
SSODL-ranojolan-{3227433f-a76a-4192-a9db-aec44efc8b29} - c:\windows\system32\lutawudi.dll
SSODL-zowojaged-{ca268371-f8cc-4e81-bcdf-df6fa03061ad} - c:\windows\system32\lutawudi.dll
SSODL-batumutup-{4638290f-671f-4b5a-bd80-218555152df7} - c:\windows\system32\lutawudi.dll
SSODL-nokihipej-{4f87ebd6-611f-4828-83d8-98412397a491} - c:\windows\system32\vetidika.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 00:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(376)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3852)
c:\windows\system32\WININET.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\windows\system32\TDispVol.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\Ati2evxx.exe
c:\combofix\CF19895.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\Messenger\msmsgs.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\toshiba\ivp\ism\ivpsvmgr.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-21 0:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-21 04:24

Pre-Run: 54,926,741,504 bytes free
Post-Run: 55,628,468,224 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - A19403CD76239C1759FF1E90FB72FB79

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:43 AM

Posted 21 October 2009 - 09:10 AM

Hi,

well that took care of quite a lot of things. But there are still more left.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\yuligugu.exe
c:\documents and settings\User\Application Data\wklnhst.dat
c:\windows\system32\pezivuja.exe
c:\windows\system32\vopatuse.exe
c:\windows\system32\pigopimu.exe
c:\program files\Common Files\xarifat.exe
c:\documents and settings\User\Local Settings\Application Data\azypa.scr
c:\documents and settings\All Users\Application Data\yxon.pif
c:\documents and settings\All Users\Application Data\gijuqiceh.sys
c:\documents and settings\User\Application Data\ufotid.scr
c:\documents and settings\User\Application Data\ufotid.scr
c:\documents and settings\User\Application Data\azidahyd.pif
c:\documents and settings\User\Application Data\azidahyd.pif
c:\documents and settings\User\Application Data\aneduhos.bin
c:\documents and settings\User\Application Data\uwyryse.exe
c:\windows\system32\ivam.exe
c:\program files\Common Files\wuxepowen.ban
c:\windows\umuh.sys
c:\program files\Common Files\ybikeji._sy
c:\documents and settings\User\Local Settings\Application Data\nydulih.pif
c:\documents and settings\All Users\Application Data\icaniz.exe
c:\documents and settings\User\Application Data\losugekyl.dll
c:\windows\edytisevav.sys
c:\windows\oqiqulixo.sys
c:\windows\zesa.sys
c:\program files\Common Files\ipenycazan.dat
c:\program files\Common Files\cosam.ban
c:\documents and settings\User\Local Settings\Application Data\paholuh.sys
c:\documents and settings\User\Local Settings\Application Data\ofuvinexa.com
c:\documents and settings\User\Application Data\cyjubykam.dat
c:\program files\Common Files\ufocoxeq.bin
c:\documents and settings\User\Application Data\tyhunanas.com
c:\documents and settings\User\Application Data\butimy.com
c:\documents and settings\All Users\Application Data\facuhuh.pif
c:\windows\iwezubuvi.com
c:\windows\xehy.bin
c:\program files\Common Files\kelyradaq._sy
c:\windows\libixa.pif
c:\windows\system32\wobegyhe.bin
c:\windows\divunosyco.com
c:\windows\eceri.pif
c:\program files\Common Files\ipyhyzumow.sys
c:\program files\Common Files\bytecaqote.dl
c:\windows\tonefe.sys
c:\windows\modetyz.bin
c:\documents and settings\All Users\Application Data\iniqopavy.sys
c:\documents and settings\User\Application Data\apuwyk.bin
c:\windows\system32\lihyvevyci.com
c:\windows\system32\hediqo.dat
c:\program files\Common Files\zuxuvibake.scr
c:\program files\Common Files\ezebova.db
c:\documents and settings\User\Application Data\susux.bin
c:\documents and settings\All Users\Application Data\ygeziwet.bin
c:\documents and settings\All Users\Application Data\timo.sys
c:\program files\Common Files\asulace.db
c:\documents and settings\User\Application Data\uwuquvoty.pif
c:\windows\system32\omab.scr

Folder::
c:\program files\kiviqw
c:\documents and settings\User\Application Data\9917130758


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 Paytonjrd

Paytonjrd
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Augusta, Georgia
  • Local time:05:43 PM

Posted 21 October 2009 - 10:08 AM

I hate to sound like an idiot, but I tried to drag the notepad text into combofix and it kept trying to run combofix again. Is that what should happen? Combofix is still saved in downloads, i tried to put it in another location, like the desktop, but it only creates a shortcut. Please advise. Thanks. By the way, you guys do such an excellent job. I MUST make a donation.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:43 AM

Posted 21 October 2009 - 10:45 AM

Hi,

please try to drag the file by by pressing the right mouse-key, instead of the usual left-click. When you release the mouse-key on the desktop you should get a window asking you if you wish to copy, drag or create a shortcut to that file. Combofix should be run from Desktop. Dragging the textfile on Combofix, will launch it once again, please let it run and reboot your PC if needed.

Thanks for the offer but bleepingcomputer.com chose not to have donation links. :( If you want to help us, please spread the word about the forum and help making bleepingcomputer known throughout the world. :(

regards _temp_

Edited by _temp_, 21 October 2009 - 10:46 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Paytonjrd

Paytonjrd
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Augusta, Georgia
  • Local time:05:43 PM

Posted 21 October 2009 - 11:28 AM

ComboFix 09-10-20.03 - User 10/21/2009 12:12.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.175 [GMT -4:00]
Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\User\My Documents\Downloads\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\documents and settings\All Users\Application Data\facuhuh.pif"
"c:\documents and settings\All Users\Application Data\gijuqiceh.sys"
"c:\documents and settings\All Users\Application Data\icaniz.exe"
"c:\documents and settings\All Users\Application Data\iniqopavy.sys"
"c:\documents and settings\All Users\Application Data\timo.sys"
"c:\documents and settings\All Users\Application Data\ygeziwet.bin"
"c:\documents and settings\All Users\Application Data\yxon.pif"
"c:\documents and settings\User\Application Data\aneduhos.bin"
"c:\documents and settings\User\Application Data\apuwyk.bin"
"c:\documents and settings\User\Application Data\azidahyd.pif"
"c:\documents and settings\User\Application Data\butimy.com"
"c:\documents and settings\User\Application Data\cyjubykam.dat"
"c:\documents and settings\User\Application Data\losugekyl.dll"
"c:\documents and settings\User\Application Data\susux.bin"
"c:\documents and settings\User\Application Data\tyhunanas.com"
"c:\documents and settings\User\Application Data\ufotid.scr"
"c:\documents and settings\User\Application Data\uwuquvoty.pif"
"c:\documents and settings\User\Application Data\uwyryse.exe"
"c:\documents and settings\User\Application Data\wklnhst.dat"
"c:\documents and settings\User\Local Settings\Application Data\azypa.scr"
"c:\documents and settings\User\Local Settings\Application Data\nydulih.pif"
"c:\documents and settings\User\Local Settings\Application Data\ofuvinexa.com"
"c:\documents and settings\User\Local Settings\Application Data\paholuh.sys"
"c:\program files\Common Files\asulace.db"
"c:\program files\Common Files\bytecaqote.dl"
"c:\program files\Common Files\cosam.ban"
"c:\program files\Common Files\ezebova.db"
"c:\program files\Common Files\ipenycazan.dat"
"c:\program files\Common Files\ipyhyzumow.sys"
"c:\program files\Common Files\kelyradaq._sy"
"c:\program files\Common Files\ufocoxeq.bin"
"c:\program files\Common Files\wuxepowen.ban"
"c:\program files\Common Files\xarifat.exe"
"c:\program files\Common Files\ybikeji._sy"
"c:\program files\Common Files\zuxuvibake.scr"
"c:\windows\divunosyco.com"
"c:\windows\eceri.pif"
"c:\windows\edytisevav.sys"
"c:\windows\iwezubuvi.com"
"c:\windows\libixa.pif"
"c:\windows\modetyz.bin"
"c:\windows\oqiqulixo.sys"
"c:\windows\system32\hediqo.dat"
"c:\windows\system32\ivam.exe"
"c:\windows\system32\lihyvevyci.com"
"c:\windows\system32\omab.scr"
"c:\windows\system32\pezivuja.exe"
"c:\windows\system32\pigopimu.exe"
"c:\windows\system32\vopatuse.exe"
"c:\windows\system32\wobegyhe.bin"
"c:\windows\system32\yuligugu.exe"
"c:\windows\tonefe.sys"
"c:\windows\umuh.sys"
"c:\windows\xehy.bin"
"c:\windows\zesa.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\facuhuh.pif
c:\documents and settings\All Users\Application Data\gijuqiceh.sys
c:\documents and settings\All Users\Application Data\icaniz.exe
c:\documents and settings\All Users\Application Data\iniqopavy.sys
c:\documents and settings\All Users\Application Data\timo.sys
c:\documents and settings\All Users\Application Data\ygeziwet.bin
c:\documents and settings\All Users\Application Data\yxon.pif
c:\documents and settings\User\Application Data\9917130758
c:\documents and settings\User\Application Data\9917130758\9917130758.bat
c:\documents and settings\User\Application Data\9917130758\9917130758.cfg
c:\documents and settings\User\Application Data\9917130758\9917130758.exe
c:\documents and settings\User\Application Data\aneduhos.bin
c:\documents and settings\User\Application Data\apuwyk.bin
c:\documents and settings\User\Application Data\azidahyd.pif
c:\documents and settings\User\Application Data\butimy.com
c:\documents and settings\User\Application Data\cyjubykam.dat
c:\documents and settings\User\Application Data\losugekyl.dll
c:\documents and settings\User\Application Data\susux.bin
c:\documents and settings\User\Application Data\tyhunanas.com
c:\documents and settings\User\Application Data\ufotid.scr
c:\documents and settings\User\Application Data\uwuquvoty.pif
c:\documents and settings\User\Application Data\uwyryse.exe
c:\documents and settings\User\Application Data\wklnhst.dat
c:\documents and settings\User\Cookies\uwaqenejuh.dl
c:\documents and settings\User\Cookies\vepys.db
c:\documents and settings\User\Cookies\ypidobesi.lib
c:\documents and settings\User\Cookies\yquweruf.vbs
c:\documents and settings\User\Local Settings\Application Data\azypa.scr
c:\documents and settings\User\Local Settings\Application Data\nydulih.pif
c:\documents and settings\User\Local Settings\Application Data\ofuvinexa.com
c:\documents and settings\User\Local Settings\Application Data\paholuh.sys
c:\program files\Common Files\asulace.db
c:\program files\Common Files\bytecaqote.dl
c:\program files\Common Files\cosam.ban
c:\program files\Common Files\ezebova.db
c:\program files\Common Files\ipenycazan.dat
c:\program files\Common Files\ipyhyzumow.sys
c:\program files\Common Files\kelyradaq._sy
c:\program files\Common Files\ufocoxeq.bin
c:\program files\Common Files\wuxepowen.ban
c:\program files\Common Files\xarifat.exe
c:\program files\Common Files\ybikeji._sy
c:\program files\Common Files\zuxuvibake.scr
c:\program files\kiviqw
c:\windows\divunosyco.com
c:\windows\eceri.pif
c:\windows\edytisevav.sys
c:\windows\iwezubuvi.com
c:\windows\libixa.pif
c:\windows\modetyz.bin
c:\windows\oqiqulixo.sys
c:\windows\system32\hediqo.dat
c:\windows\system32\ivam.exe
c:\windows\system32\lihyvevyci.com
c:\windows\system32\omab.scr
c:\windows\system32\pezivuja.exe
c:\windows\system32\pigopimu.exe
c:\windows\system32\vopatuse.exe
c:\windows\system32\wobegyhe.bin
c:\windows\system32\yuligugu.exe
c:\windows\tonefe.sys
c:\windows\umuh.sys
c:\windows\xehy.bin
c:\windows\zesa.sys

.
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-21 16:01 . 2009-10-21 16:01 -------- d-----w- c:\windows\LastGood
2009-10-17 14:26 . 2009-10-17 14:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-10-16 13:41 . 2009-10-16 13:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-10-16 12:59 . 2009-10-20 01:25 58 ----a-w- c:\windows\wp4.dat
2009-10-16 12:59 . 2009-10-20 01:25 1 ----a-w- c:\windows\wp3.dat
2009-10-14 13:47 . 2009-10-14 13:47 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Real
2009-10-14 13:46 . 2009-10-14 13:46 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-04 23:24 . 2009-10-04 23:24 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-10-04 23:24 . 2009-10-04 23:24 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2009-10-04 23:22 . 2009-10-04 23:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-10-03 05:34 . 2009-10-15 05:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-25 01:38 . 2009-09-25 01:38 -------- d-----w- c:\documents and settings\Mz. Shanti\Application Data\Malwarebytes
2009-09-25 01:18 . 2009-09-25 01:18 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-09-25 01:17 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 01:17 . 2009-09-25 01:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 01:17 . 2009-09-25 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-25 01:17 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-24 12:47 . 2009-09-24 12:47 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla
2009-09-24 09:52 . 2009-09-24 09:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee.com Personal Firewall
2009-09-24 01:43 . 2009-09-24 01:43 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\WMTools Downloaded Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 14:50 . 2009-08-25 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar
2009-10-21 07:28 . 2006-04-10 18:52 -------- d-----w- c:\program files\Microsoft Works
2009-10-16 03:36 . 2009-09-14 22:41 -------- d-----w- c:\program files\Spyware Doctor
2009-10-16 03:02 . 2009-09-03 03:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-14 13:46 . 2006-03-20 19:30 -------- d-----w- c:\program files\Common Files\Real
2009-10-14 13:46 . 2003-08-13 01:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-14 13:46 . 2003-08-13 01:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-14 13:45 . 2006-03-20 22:02 -------- d-----w- c:\program files\Google
2009-10-08 02:49 . 2009-09-03 03:06 -------- d-----w- c:\documents and settings\User\Application Data\MyScribe
2009-10-01 12:50 . 2007-09-21 01:55 34872 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-24 12:37 . 2009-09-16 13:10 -------- d-----w- c:\program files\Weemi
2009-09-24 12:36 . 2009-09-07 15:09 -------- d-----w- c:\program files\STMicroelectronics
2009-09-24 12:33 . 2009-09-16 13:10 -------- d-----w- c:\program files\My.Freeze.com Toolbar
2009-09-20 18:10 . 2009-09-19 12:20 -------- d-----w- c:\documents and settings\User\Application Data\Hoyle Puzzle and Board Games
2009-09-19 12:21 . 2009-09-19 12:20 -------- d-----w- c:\documents and settings\User\Application Data\Hoyle FaceCreator
2009-09-17 01:07 . 2006-03-20 18:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-17 01:05 . 2009-09-17 01:00 -------- d-----w- c:\program files\Encore
2009-09-17 00:56 . 2009-09-17 00:56 -------- d-----w- c:\program files\Hasbro
2009-09-16 13:11 . 2009-09-16 13:11 -------- d-----w- c:\documents and settings\User\Application Data\WeatherBug
2009-09-16 13:11 . 2009-09-16 13:11 -------- d-----w- c:\program files\AWS
2009-09-15 05:16 . 2009-09-14 22:42 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-15 05:16 . 2009-09-15 05:16 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 00:09 . 2006-03-20 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-09-14 22:43 . 2009-09-14 22:41 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-14 22:41 . 2009-09-14 22:41 -------- d-----w- c:\documents and settings\User\Application Data\PC Tools
2009-09-14 22:41 . 2009-09-14 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-14 22:30 . 2009-09-14 22:30 -------- d-----w- c:\documents and settings\Mz. Shanti\Application Data\Yahoo!
2009-09-14 20:30 . 2007-10-09 19:54 -------- d-----w- c:\documents and settings\User\Application Data\McAfee.com Personal Firewall
2009-09-14 19:31 . 2006-03-20 18:51 -------- d-----w- c:\program files\Java
2009-09-14 19:30 . 2009-09-14 19:30 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-14 18:58 . 2006-04-03 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2009-09-11 14:18 . 2006-03-20 16:49 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 07:30 . 2009-09-04 01:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 03:01 . 2009-09-09 02:57 -------- d-----w- c:\documents and settings\User\Application Data\mjusbsp
2009-09-08 23:36 . 2009-08-25 21:58 -------- d-----w- c:\documents and settings\User\Application Data\ATTToolbar
2009-09-07 15:08 . 2009-09-07 15:08 -------- d-----w- c:\program files\Digital Camera Manager
2009-09-07 15:08 . 2009-09-07 15:08 286720 ----a-w- c:\windows\iun506.exe
2009-09-06 03:35 . 2006-03-20 19:03 -------- d-----w- c:\program files\Toshiba Games
2009-09-06 03:31 . 2006-05-15 18:17 -------- d-----w- c:\program files\Real
2009-09-05 12:29 . 2009-09-05 12:29 -------- d-----w- c:\program files\MSBuild
2009-09-05 12:29 . 2009-09-05 12:29 -------- d-----w- c:\program files\Reference Assemblies
2009-09-04 21:03 . 2006-03-20 16:49 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 20:38 . 2009-09-04 20:38 -------- d-----w- c:\documents and settings\User\Application Data\SpinTop
2009-09-04 01:38 . 2009-04-12 04:25 -------- d-----w- c:\program files\Microsoft
2009-09-04 01:37 . 2009-09-04 01:37 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-04 01:37 . 2009-09-04 01:26 -------- d-----w- c:\program files\Windows Live
2009-09-04 01:32 . 2009-09-03 00:47 -------- d-----w- c:\program files\Windows Live Toolbar
2009-09-04 01:31 . 2009-09-04 01:31 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-04 01:30 . 2009-09-04 01:30 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-04 01:26 . 2009-09-04 01:26 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-04 01:13 . 2009-09-04 01:13 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-03 05:00 . 2009-09-03 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\OfficeGuardian
2009-09-03 03:04 . 2009-09-03 03:04 -------- d-----w- c:\program files\CafeScribe
2009-09-03 00:50 . 2009-09-03 00:50 -------- d-----w- c:\program files\Windows Live Favorites
2009-09-03 00:48 . 2009-09-03 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2009-09-02 13:43 . 2009-09-02 13:43 766 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{F1B58743-123D-4748-9FDD-F1FA0E463662}\_6FEFF9B68218417F98F549.exe
2009-09-02 13:43 . 2009-09-02 13:43 -------- d-----w- c:\program files\West Corporation
2009-08-31 19:47 . 2009-08-31 18:53 -------- d-----w- c:\program files\Common Files\Uninstall
2009-08-31 19:16 . 2006-03-20 19:29 -------- d-----w- c:\program files\Pure Networks
2009-08-31 19:07 . 2009-02-10 13:43 -------- d-----w- c:\documents and settings\Mz. Shanti\Application Data\AOL
2009-08-31 19:07 . 2007-10-09 19:54 -------- d-----w- c:\documents and settings\User\Application Data\AOL
2009-08-31 19:05 . 2006-03-20 19:29 -------- d-----w- c:\program files\Common Files\AOL
2009-08-30 04:21 . 2009-08-30 04:21 -------- d-----w- c:\documents and settings\Mz. Shanti\Application Data\AT&T
2009-08-29 08:08 . 2006-03-20 16:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 20:34 . 2009-08-19 19:11 -------- d-----w- c:\program files\Common Files\Motive
2009-08-26 08:00 . 2006-03-20 16:50 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 22:03 . 2009-08-19 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-08-25 21:59 . 2009-08-25 21:59 -------- d-----w- c:\documents and settings\User\Application Data\AT&T
2009-08-25 21:59 . 2009-08-25 21:59 -------- d-----w- c:\program files\AT&T
2009-08-25 21:59 . 2009-08-25 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T
2009-08-25 21:58 . 2009-08-25 21:58 -------- d-----w- c:\program files\ATTToolbar
2009-08-25 21:57 . 2009-08-19 19:12 -------- d-----w- c:\documents and settings\User\Application Data\Motive
2009-08-25 21:57 . 2009-08-25 21:56 -------- d-----w- c:\program files\ATT-SST
2009-08-25 21:21 . 2009-08-25 21:21 -------- d-----w- c:\program files\ATT-HSI
2009-08-06 02:48 . 2009-09-04 01:37 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-08-05 09:01 . 2006-03-20 16:49 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2006-03-20 16:49 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-01 16:16 . 2009-08-01 16:16 95576 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\ug00000\magicJack.dll
2009-08-01 16:16 . 2009-09-09 03:00 6256600 ---ha-w- c:\documents and settings\User\Application Data\mjusbsp\in00000\setup.exe
2009-08-01 16:16 . 2009-09-09 02:58 6256600 ---ha-w- c:\documents and settings\User\Application Data\mjusbsp\Upgrade\setup1.exe
2009-08-01 16:16 . 2009-08-01 16:16 6256600 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\ug00000\setup.exe
2009-08-01 16:16 . 2009-08-01 16:16 413304 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\magicJackLoader.exe
2009-08-01 16:16 . 2009-08-01 16:16 480608 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\octvqe1_apiw.dll
2009-08-01 16:16 . 2009-08-01 16:16 214360 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\TjVista.dll
2009-08-01 16:16 . 2009-08-01 16:16 325040 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\TjIpSys.dll
2009-08-01 16:16 . 2009-08-01 16:16 570736 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\SJHandsetMagicJack.dll
2009-08-01 16:15 . 2009-08-01 16:15 87384 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\st00000\mjsetup.exe
2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\st00000\magicJack.dll
2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\magicJack.dll
2009-08-01 16:13 . 2009-08-01 16:13 12231512 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\magicJack.exe
2009-08-01 16:12 . 2009-09-09 03:00 728600 ---ha-w- c:\documents and settings\User\Application Data\mjusbsp\ar00000\install.exe
2009-08-01 16:12 . 2009-09-09 02:58 728600 ---ha-w- c:\documents and settings\User\Application Data\mjusbsp\Upgrade\install1.exe
2009-08-01 16:12 . 2009-08-01 16:12 728600 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\ug00000\install.exe
2009-08-01 16:12 . 2009-08-01 16:12 87384 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\in00000\mjsetup.exe
2009-08-01 16:12 . 2009-08-01 16:12 95576 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\in00000\magicJack.dll
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\User\Application Data\mjusbsp\magicJackSplash.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-21_04.08.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-03-20 16:49 . 2009-09-05 12:38 72482 c:\windows\system32\perfc009.dat
+ 2006-03-20 16:49 . 2009-10-21 07:54 72482 c:\windows\system32\perfc009.dat
+ 2007-08-14 02:54 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-14 02:54 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-03-20 16:48 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
- 2006-03-20 16:48 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-13 03:10 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-13 03:10 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-01-13 09:11 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-01-13 09:11 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
- 2009-01-24 07:24 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-01-24 07:24 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 04:58 . 2007-04-14 04:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 04:57 . 2007-04-14 04:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 04:57 . 2007-04-14 04:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 05:30 . 2007-04-14 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2006-03-20 18:13 . 2009-09-05 12:45 57344 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\joticon.exe
+ 2006-03-20 18:13 . 2009-10-21 07:36 57344 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\joticon.exe
- 2006-04-10 18:53 . 2009-09-09 07:03 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-04-10 18:53 . 2009-10-21 07:48 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-04-10 18:53 . 2009-09-09 07:03 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-04-10 18:53 . 2009-10-21 07:48 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-04-10 18:53 . 2009-09-09 07:03 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-04-10 18:53 . 2009-10-21 07:48 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-04-10 18:53 . 2009-10-21 07:48 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-04-10 18:53 . 2009-09-09 07:03 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-04-10 18:52 . 2009-09-04 07:04 17534 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\gtngstrtd.exe
+ 2006-04-10 18:52 . 2009-10-21 07:28 17534 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\gtngstrtd.exe
- 2006-04-10 18:52 . 2009-09-04 07:04 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_B8B1511D9331_467C_9B1B_E8204012E95B.exe
+ 2006-04-10 18:52 . 2009-10-21 07:28 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_B8B1511D9331_467C_9B1B_E8204012E95B.exe
+ 2006-04-10 18:52 . 2009-10-21 07:28 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_630CEEA9B210_4765_A2B1_FC24596048D7.exe
- 2006-04-10 18:52 . 2009-09-04 07:04 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_630CEEA9B210_4765_A2B1_FC24596048D7.exe
+ 2006-04-10 18:52 . 2009-10-21 07:28 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe
- 2006-04-10 18:52 . 2009-09-04 07:04 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe
+ 2009-10-21 07:48 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
+ 2009-10-21 07:48 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
+ 2009-10-21 07:48 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
+ 2009-10-21 07:33 . 2009-10-21 07:33 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ec34e2fd\System.Drawing.Design.dll
+ 2009-10-21 07:33 . 2009-10-21 07:33 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_9d96fff7\CustomMarshalers.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\a31f5136a236dae58c03db56ea2a1a7a\WindowsLiveWriter.ni.exe
+ 2009-10-21 08:13 . 2009-10-21 08:13 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0cce8134aebab15d6c31143f850af1a7\WindowsLive.Writer.Api.ni.dll
+ 2009-10-21 07:59 . 2009-10-21 07:59 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-10-21 07:57 . 2009-10-21 07:57 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-10-21 07:57 . 2009-10-21 07:57 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-10-21 08:11 . 2009-10-21 08:11 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-21 07:54 . 2009-10-21 07:54 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2006-03-20 18:13 . 2009-09-05 12:45 4096 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-03-20 18:13 . 2009-10-21 07:36 4096 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-04-10 18:53 . 2009-09-09 07:03 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-04-10 18:53 . 2009-10-21 07:48 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-04-10 18:52 . 2009-10-21 07:28 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\WSBico.exe
- 2006-04-10 18:52 . 2009-09-04 07:04 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\WSBico.exe
+ 2006-04-10 18:52 . 2009-10-21 07:28 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\Win2Kico.exe
- 2006-04-10 18:52 . 2009-09-04 07:04 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\Win2Kico.exe
- 2009-09-05 12:37 . 2009-09-05 12:37 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-21 07:54 . 2009-10-21 07:54 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-09-05 12:37 . 2009-09-05 12:37 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-03-20 16:50 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll
- 2006-03-20 16:49 . 2009-09-05 12:38 443366 c:\windows\system32\perfh009.dat
+ 2006-03-20 16:49 . 2009-10-21 07:54 443366 c:\windows\system32\perfh009.dat
+ 2006-03-20 16:49 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
- 2006-03-20 16:49 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
- 2007-08-14 02:54 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2007-08-14 02:54 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
- 2006-03-20 16:48 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2006-03-20 16:48 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
+ 2006-03-20 16:48 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
+ 2006-03-20 16:48 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
- 2006-03-20 16:48 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2006-03-20 16:50 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2009-01-24 07:24 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-01-23 11:06 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
- 2009-01-23 11:06 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2007-08-14 02:44 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
- 2007-08-14 02:44 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-01-13 09:11 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-01-13 09:11 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-13 03:10 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-13 03:10 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2009-01-24 07:24 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-01-24 07:24 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-14 02:39 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-14 02:39 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-14 02:39 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2007-04-14 04:58 . 2007-04-14 04:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 04:56 . 2007-04-14 04:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-14 05:30 . 2007-04-14 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2006-03-20 18:13 . 2009-10-21 07:36 135168 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-03-20 18:13 . 2009-09-05 12:45 135168 c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-04-10 18:53 . 2009-09-09 07:03 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-04-10 18:53 . 2009-10-21 07:48 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-04-10 18:53 . 2009-10-21 07:48 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-04-10 18:53 . 2009-09-09 07:03 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-04-10 18:53 . 2009-09-09 07:03 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-04-10 18:53 . 2009-10-21 07:48 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-04-10 18:53 . 2009-10-21 07:48 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-04-10 18:53 . 2009-09-09 07:03 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-04-10 18:53 . 2009-10-21 07:48 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-04-10 18:53 . 2009-09-09 07:03 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-04-10 18:52 . 2009-09-04 07:04 184320 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
+ 2006-04-10 18:52 . 2009-10-21 07:28 184320 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
+ 2007-04-19 17:53 . 2007-04-19 17:53 109408 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
+ 2009-10-21 07:48 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB974455-IE8\wininet.dll
+ 2009-10-21 07:48 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
+ 2009-10-21 07:48 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
+ 2009-10-21 07:48 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB974455-IE8\occache.dll
+ 2009-10-21 07:48 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
+ 2009-10-21 07:48 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
+ 2009-10-21 07:48 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
+ 2009-10-21 07:48 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
+ 2009-10-21 07:48 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
+ 2009-10-21 07:33 . 2009-10-21 07:33 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_233aa6a4\System.Drawing.dll
+ 2009-10-21 07:34 . 2009-10-21 07:34 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_183f3860\System.Drawing.Design.dll
+ 2009-10-21 07:34 . 2009-10-21 07:34 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5de72a00\CustomMarshalers.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2009-10-21 08:13 . 2009-10-21 08:13 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\9d1a36d51bb6a24f943e73c0011e342a\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\feb5009ee6406995983c67d61254b713\WindowsLive.Writer.Extensibility.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ef0daf9b5b7002d4d3493671db79fec5\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ea3b7fc0ae639a2cd268d9a0aab47d15\WindowsLive.Writer.BrowserControl.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dd20f981722448ea96d2c0995eeaf9b7\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ac50120d9dfafb4868aa4531456cf2e7\WindowsLive.Writer.BlogClient.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9603a068ba2de2c7ec244454e8ad0763\WindowsLive.Writer.SpellChecker.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8b674da2d622aec8a9c150e4f7437c4f\WindowsLive.Writer.Controls.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7ca3eb94ab1ae6867d35382ecf407260\WindowsLive.Writer.Passport.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7c494448c732a975d727098bad24f42b\WindowsLive.Writer.Localization.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\75a1c524a87004611e911be710454234\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\63d852a9374556240906cbd19946f7b0\WindowsLive.Writer.Instrumentation.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\627621628abc220fd9c02f442178e41c\WindowsLive.Writer.FileDestinations.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\60e6ca35b86ce10970a63fa5ea8b1d9c\WindowsLive.Writer.HtmlParser.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\551d4211cde9574615ad847741667699\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\311874611f12ea8440bc760c3203cbd3\WindowsLive.Writer.Interop.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\f5d7a7417ffcd9af285e64946ba48f74\WindowsLive.Client.ni.dll
+ 2009-10-21 07:59 . 2009-10-21 07:59 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-10-21 07:59 . 2009-10-21 07:59 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-10-21 07:59 . 2009-10-21 07:59 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-10-21 08:16 . 2009-10-21 08:16 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4\System.Runtime.Remoting.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-10-21 08:11 . 2009-10-21 08:11 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-10-21 08:11 . 2009-10-21 08:11 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-10-21 07:59 . 2009-10-21 07:59 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-21 08:14 . 2009-10-21 08:14 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-10-21 08:14 . 2009-10-21 08:14 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-10-21 08:14 . 2009-10-21 08:14 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2009-10-21 08:13 . 2009-10-21 08:13 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-10-21 07:58 . 2009-10-21 07:58 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-10-21 07:58 . 2009-10-21 07:58 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-10-21 07:58 . 2009-10-21 07:58 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-10-21 07:58 . 2009-10-21 07:58 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-10-21 08:13 . 2009-10-21 08:13 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-10-21 08:11 . 2009-10-21 08:11 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-10-21 07:54 . 2009-10-21 07:54 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-21 07:54 . 2009-10-21 07:54 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-21 07:54 . 2009-10-21 07:54 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-21 07:54 . 2009-10-21 07:54 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-10-21 07:54 . 2009-10-21 07:54 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-21 04:29 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
- 2006-03-20 16:49 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2006-03-20 16:49 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
- 2006-03-20 16:49 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
+ 2006-03-20 16:49 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
+ 2006-03-20 16:49 . 2009-08-29 08:08 5940224 c:\windows\system32\mshtml.dll
- 2007-08-14 02:34 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2007-08-14 02:34 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
- 2009-01-24 07:24 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-24 07:24 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2009-01-23 11:21 . 2009-08-05 00:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-01-23 11:21 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-01-23 11:21 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-01-23 11:21 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-01-23 11:21 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-01-23 11:21 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-01-23 11:21 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-01-23 11:18 . 2009-08-29 08:08 5940224 c:\windows\system32\dllcache\mshtml.dll
- 2009-01-13 09:11 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-01-13 09:11 . 2009-08-29 08:08 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2008-11-25 08:59 . 2008-11-25 08:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-14 05:35 . 2007-04-14 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 05:35 . 2007-04-14 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 04:57 . 2007-04-14 04:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 04:57 . 2007-04-14 04:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 04:50 . 2007-04-14 04:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-08-21 14:14 . 2009-08-21 14:14 8363008 c:\windows\Installer\b4511f.msp
+ 2009-08-20 09:02 . 2009-08-20 09:02 5204992 c:\windows\Installer\b45107.msp
+ 2009-09-29 13:08 . 2009-09-29 13:08 6747648 c:\windows\Installer\b450e6.msp
+ 2009-09-17 18:03 . 2009-09-17 18:03 4873216 c:\windows\Installer\b450c7.msp
+ 2009-09-21 20:53 . 2009-09-21 20:53 5518848 c:\windows\Installer\b450b5.msp
+ 2007-06-06 14:53 . 2007-06-06 14:53 1195888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2009-10-21 07:48 . 2009-07-03 17:09 1208832 c:\windows\ie8updates\KB974455-IE8\urlmon.dll
+ 2009-10-21 07:48 . 2009-07-19 13:18 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll
+ 2009-10-21 07:48 . 2009-07-03 17:09 1985536 c:\windows\ie8updates\KB974455-IE8\iertutil.dll
+ 2009-01-23 11:21 . 2009-08-05 00:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-01-23 11:21 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-01-23 11:21 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-01-23 11:21 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-01-23 11:21 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-01-23 11:21 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-01-23 11:21 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-21 07:34 . 2009-10-21 07:34 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a29f0145\System.dll
+ 2009-10-21 07:33 . 2009-10-21 07:33 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_9d252714\System.dll
+ 2009-10-21 07:34 . 2009-10-21 07:34 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_d70146b3\System.Xml.dll
+ 2009-10-21 07:33 . 2009-10-21 07:33 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b7a12c6e\System.Xml.dll
+ 2009-10-21 07:33 . 2009-10-21 07:33 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f226c065\System.Windows.Forms.dll
+ 2009-10-21 07:34 . 2009-10-21 07:34 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_79611022\System.Windows.Forms.dll
+ 2009-10-21 07:34 . 2009-10-21 07:34 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_98c58cb8\System.Drawing.dll
+ 2009-10-21 07:34 . 2009-10-21 07:34 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2cdec83c\System.Design.dll
+ 2009-10-21 07:33 . 2009-10-21 07:33 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2bcb4eca\System.Design.dll
+ 2009-10-21 07:34 . 2009-10-21 07:34 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8141c709\mscorlib.dll
+ 2009-10-21 07:34 . 2009-10-21 07:34 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4757c573\mscorlib.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f431bc9e7c51a50035c19abea4cbcaa2\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bf704776939a6c4d0fac5ad70099300b\WindowsLive.Writer.CoreServices.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7e735c4d2b299eb78cf8cb2c70865978\WindowsLive.Writer.PostEditor.ni.dll
+ 2009-10-21 07:57 . 2009-10-21 07:57 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-10-21 07:59 . 2009-10-21 07:59 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-10-21 07:56 . 2009-10-21 07:56 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-10-21 07:59 . 2009-10-21 07:59 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-10-21 08:16 . 2009-10-21 08:16 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-10-21 08:16 . 2009-10-21 08:16 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-10-21 08:16 . 2009-10-21 08:16 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-10-21 07:59 . 2009-10-21 07:59 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-10-21 08:11 . 2009-10-21 08:11 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-10-21 07:59 . 2009-10-21 07:59 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-10-21 08:11 . 2009-10-21 08:11 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-10-21 07:59 . 2009-10-21 07:59 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-10-21 07:58 . 2009-10-21 07:58 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-10-21 08:14 . 2009-10-21 08:14 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\ffa1018e8022964eb51025c2c6d8727a\System.Data.OracleClient.ni.dll
+ 2009-10-21 07:58 . 2009-10-21 07:58 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-10-21 08:14 . 2009-10-21 08:14 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-10-21 07:58 . 2009-10-21 07:58 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-10-21 07:58 . 2009-10-21 07:58 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-10-21 07:58 . 2009-10-21 07:58 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-10-21 07:57 . 2009-10-21 07:57 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-10-21 08:15 . 2009-10-21 08:15 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-21 08:13 . 2009-10-21 08:13 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2009-10-21 07:54 . 2009-10-21 07:54 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-21 07:54 . 2009-10-21 07:54 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-10-21 07:54 . 2009-10-21 07:54 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-09-05 12:37 . 2009-09-05 12:37 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-21 07:53 . 2009-10-21 07:53 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-21 07:32 . 2009-10-21 07:32 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-01-24 00:04 . 2009-01-24 00:04 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-01-24 00:04 . 2009-01-24 00:04 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-21 07:32 . 2009-10-21 07:32 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-21 07:42 . 2009-10-02 15:01 25198016 c:\windows\system32\MRT.exe
+ 2007-08-14 02:54 . 2009-08-29 08:08 11069440 c:\windows\system32\ieframe.dll
+ 2009-01-13 09:11 . 2009-08-29 08:08 11069440 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-11 01:08 . 2009-08-11 01:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-15 00:32 . 2009-08-15 00:32 11110912 c:\windows\Installer\b45128.msp
+ 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\b450dd.msp
+ 2009-10-21 07:48 . 2009-07-19 22:48 11067392 c:\windows\ie8updates\KB974455-IE8\ieframe.dll
+ 2009-10-21 07:59 . 2009-10-21 07:59 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-10-21 08:12 . 2009-10-21 08:12 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-10-21 08:11 . 2009-10-21 08:11 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-10-21 07:59 . 2009-10-21 07:59 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-10-21 07:58 . 2009-10-21 07:58 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-10-21 07:57 . 2009-10-21 07:57 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-10-21 07:56 . 2009-10-21 07:56 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-03-06 356352]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-03 82012]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-09 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-12 1005096]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-15 98304]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-14 198160]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-04 88204]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]
"CFSServ.exe"="CFSServ.exe" [BU]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-3-20 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147717006\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\User\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/14/2009 6:42 PM 206256]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/3/2009 9:37 PM 54752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/5/2009 2:47 AM 24652]
S2 gupdate1ca4cd4724b8e94;Google Update Service (gupdate1ca4cd4724b8e94);c:\program files\Google\Update\GoogleUpdate.exe [10/14/2009 9:44 AM 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 13:44]

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 13:44]

2009-10-21 c:\windows\Tasks\User_Feed_Synchronization-{54C966A6-71CE-4333-9DEB-A3931F16C581}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f823e723baad4e13bf85bea9a32e5c08
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f823e723baad4e13bf85bea9a32e5c08
Trusted Zone: motive.com\patttbc.att
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\drlycl1z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 12:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(376)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-10-21 12:22
ComboFix-quarantined-files.txt 2009-10-21 16:22
ComboFix2.txt 2009-10-21 04:24

Pre-Run: 54,818,734,080 bytes free
Post-Run: 54,851,948,544 bytes free

- - End Of File - - AF25CAAAB9FB5D38B20860C8F157C9E1

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:43 AM

Posted 21 October 2009 - 11:37 AM

Hi,

things are look much better. :( How is your PC behaving now?

I would like to ask you to run the following two scans:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

As well as rootrepeal:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
Please post back the logs from these two scans and a new log from OTL (only otl.txt will be created) in your next reply.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Paytonjrd

Paytonjrd
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Augusta, Georgia
  • Local time:05:43 PM

Posted 21 October 2009 - 12:36 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/21 13:23
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2727000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B2C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEEA14000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\all users\application data\aol\topspeed\2.0\server.lock
Status: Allocation size mismatch (API: 8, Raw: 0)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf74dad72

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf74bb9a6

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf74bbb98

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf74db568

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf74db820

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf74d9a80

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf74dbc8a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf74db036

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf74bb656

==EOF==

Malwarebytes' Anti-Malware 1.41
Database version: 3005
Windows 5.1.2600 Service Pack 3

10/21/2009 1:05:11 PM
mbam-log-2009-10-21 (13-05-11).txt

Scan type: Quick Scan
Objects scanned: 113137
Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Security Tool (Rogue.SecurityTool) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Weemi (Adware.Weemi) -> Quarantined and deleted successfully.
C:\Program Files\Weemi\Weemi_deleted_ (Adware.Weemi) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Weemi\Weemi_deleted_\weemi.dll (Adware.Weemi) -> Quarantined and deleted successfully.
C:\Program Files\Weemi\Weemi_deleted_\weemi.exe (Adware.Weemi) -> Quarantined and deleted successfully.
C:\WINDOWS\wp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wp4.dat (Malware.Trace) -> Quarantined and deleted successfully.

OTL logfile created on: 10/20/2009 4:44:37 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.04 Mb Total Physical Memory | 98.36 Mb Available Physical Memory | 22.05% Memory free
1.03 Gb Paging File | 0.70 Gb Available in Paging File | 67.63% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.31 Gb Total Space | 51.69 Gb Free Space | 74.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: User
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/20 16:43:05 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2009/10/20 09:24:43 | 01,011,172 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\tatetimo.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/12/14 08:44:30 | 00,065,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/14 09:44:18 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca4cd4724b8e94 [Auto | Stopped])
SRV - [2009/09/04 23:29:40 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/01/28 16:56:41 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Stopped])
SRV - [2006/02/07 20:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Stopped])
SRV - [2005/11/11 19:43:04 | 00,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService [Auto | Stopped])
SRV - [2005/10/13 22:56:16 | 00,126,976 | ---- | M] (McAfee, Inc) -- c:\program files\mcafee.com\agent\mcdetect.exe -- (McDetect.exe [Auto | Stopped])
SRV - [2005/09/26 14:22:28 | 00,036,864 | ---- | M] () -- C:\WINDOWS\System32\acs.exe -- (ACS [Auto | Stopped])
SRV - [2005/08/24 19:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe [Auto | Stopped])
SRV - [2005/08/10 14:22:02 | 00,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield [Auto | Stopped])
SRV - [2005/08/04 02:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2005/07/12 21:14:42 | 00,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr [Auto | Stopped])
SRV - [2005/07/12 21:10:18 | 00,963,072 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService [Auto | Stopped])
SRV - [2005/07/01 22:22:50 | 00,245,760 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe [On_Demand | Stopped])
SRV - [2005/01/17 20:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Stopped])
SRV - [2004/10/15 16:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Auto | Stopped])
SRV - [2004/08/28 04:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Stopped])
SRV - [2003/07/28 16:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/09/15 01:16:39 | 00,206,256 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2009/08/05 22:48:42 | 00,054,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Stopped])
DRV - [2008/07/28 18:26:30 | 00,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [On_Demand | Stopped])
DRV - [2008/07/28 18:26:30 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/04/13 10:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/10/09 15:53:13 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Stopped])
DRV - [2007/07/03 20:59:10 | 00,086,824 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdserd.sys -- (sscdserd [On_Demand | Stopped])
DRV - [2007/07/03 20:58:20 | 00,106,792 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])
DRV - [2007/07/03 20:57:24 | 00,011,944 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
DRV - [2007/07/03 20:54:24 | 00,080,552 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
DRV - [2006/10/03 13:21:48 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/04/01 00:20:38 | 00,043,776 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Stopped])
DRV - [2006/03/04 00:29:50 | 01,124,097 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Stopped])
DRV - [2006/03/02 19:46:54 | 00,191,968 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/01/18 22:41:58 | 00,080,512 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2005/12/09 19:48:40 | 04,123,136 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Stopped])
DRV - [2005/11/11 19:43:52 | 00,080,640 | ---- | M] (McAfee) -- C:\WINDOWS\System32\Drivers\MpFirewall.sys -- (MPFIREWL [System | Running])
DRV - [2005/10/20 18:03:42 | 00,006,144 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\DRIVERS\NBSMI.sys -- (TVALD [On_Demand | Stopped])
DRV - [2005/10/06 09:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Stopped])
DRV - [2005/10/06 09:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Stopped])
DRV - [2005/10/06 09:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Stopped])
DRV - [2005/10/06 09:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Stopped])
DRV - [2005/10/06 09:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Stopped])
DRV - [2005/10/06 09:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Stopped])
DRV - [2005/10/06 09:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Stopped])
DRV - [2005/09/15 03:49:52 | 00,468,768 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Running])
DRV - [2005/09/12 07:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/25 16:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/08/25 16:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/08/24 19:20:28 | 00,009,472 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\tbiosdrv.sys -- (tbiosdrv [On_Demand | Stopped])
DRV - [2005/08/12 09:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Stopped])
DRV - [2005/08/10 14:22:10 | 00,114,464 | ---- | M] (McAfee Inc.) -- C:\WINDOWS\System32\drivers\naiavf5x.sys -- (NaiAvFilter1 [On_Demand | Stopped])
DRV - [2005/08/04 02:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2005/06/02 07:33:00 | 00,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\System32\Drivers\meiudf.sys -- (meiudf [System | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/03 18:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2003/01/29 18:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Stopped])
DRV - [2003/01/10 16:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 3B 3D A2 D6 32 CA 01 [binary data]
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\S-1-5-21-1948944472-235654725-2611799722-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/07 03:00:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/12 00:19:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realplayer\browserrecord\firefox\ext [2009/10/14 09:47:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/14 09:46:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/14 09:47:03 | 00,000,000 | ---D | M]

[2009/09/24 08:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions
[2009/09/24 08:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/20 12:50:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\drlycl1z.default\extensions
[2009/09/24 09:40:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\drlycl1z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/24 08:46:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/24 08:46:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 16:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 16:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 16:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/10/14 09:46:56 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/10/14 09:47:03 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/10/14 09:46:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/08/24 14:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 14:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 14:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 14:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 14:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 14:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 14:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (145 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguardpro.microsoft.com
O1 - Hosts: 91.212.127.226 os-guardpro.com
O1 - Hosts: 91.212.127.226 www.os-guardpro.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\DLACTRLW.exe (Sonic Solutions)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vewuropod] C:\WINDOWS\System32\baguteja.DLL ()
O4 - HKLM..\Run: [VirusScan Online] c:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
O4 - HKU\.DEFAULT..\Run: [Install] C:\Documents and Settings\User\Application Data\9917130758\9917130758.bat ()
O4 - HKU\S-1-5-18..\Run: [Install] C:\Documents and Settings\User\Application Data\9917130758\9917130758.bat ()
O4 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\System32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (McAfee, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKU\S-1-5-21-1948944472-235654725-2611799722-1006\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (tezojuyu.dll) - C:\WINDOWS\System32\tezojuyu.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\tumalewu.dll) - C:\WINDOWS\System32\tumalewu.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\vopegoze.dll) - C:\WINDOWS\System32\vopegoze.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\lutawudi.dll) - C:\WINDOWS\System32\lutawudi.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\yiyobuye.dll) - C:\WINDOWS\System32\yiyobuye.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\baguteja.dll) - C:\WINDOWS\System32\baguteja.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: batumutup - {4638290f-671f-4b5a-bd80-218555152df7} - C:\WINDOWS\System32\lutawudi.dll File not found
O21 - SSODL: hefemokip - {acab6f16-6b4b-48cc-b2e8-11b33a76f044} - C:\WINDOWS\System32\lutawudi.dll File not found
O21 - SSODL: hurasibop - {306954de-855c-4614-a9f9-0423ee7ea292} - C:\WINDOWS\System32\baguteja.dll ()
O21 - SSODL: nadojorud - {3736bffc-5216-45fd-b309-a400d2fe4831} - C:\WINDOWS\System32\gusogire.dll File not found
O21 - SSODL: pigidosiw - {70639040-7bd4-41dc-aed6-e019e3ce3689} - C:\WINDOWS\System32\tumalewu.dll File not found
O21 - SSODL: pusezeyed - {d67617a4-5561-4aef-90f8-4f6200a7db3a} - C:\WINDOWS\System32\kayufegi.dll File not found
O21 - SSODL: ranojolan - {3227433f-a76a-4192-a9db-aec44efc8b29} - C:\WINDOWS\System32\lutawudi.dll File not found
O21 - SSODL: sekiguwos - {84e6454f-84d1-4f3e-8eda-ebbdb0ac34fa} - C:\WINDOWS\System32\yiyobuye.dll File not found
O21 - SSODL: timobebul - {30772096-01ab-4277-8f44-3d5d00fff14b} - C:\WINDOWS\System32\gomevibi.dll File not found
O21 - SSODL: vamamazel - {5f0b3a62-4530-4f16-ae77-2d3d45014ece} - C:\WINDOWS\System32\dipagowe.dll File not found
O21 - SSODL: vawebedan - {7451d33c-7020-44bb-aa38-d95250668339} - C:\WINDOWS\System32\bosurezo.dll File not found
O21 - SSODL: vudigesig - {23cbc430-1cc0-4c11-842a-d93b5002b3e8} - C:\WINDOWS\System32\nesebaba.dll File not found
O21 - SSODL: vuwuketim - {8619ca7f-0d16-46bf-be73-bd972bc3aca4} - C:\WINDOWS\System32\navaguke.dll File not found
O21 - SSODL: yafesoker - {3a93c760-4a2d-40bd-9f4d-a176b4e7c1c0} - C:\WINDOWS\System32\gufomafe.dll File not found
O21 - SSODL: yosalubuf - {63852096-7d07-4aa8-94be-cbfcb9392cfe} - C:\WINDOWS\System32\lihujedo.dll File not found
O21 - SSODL: zowojaged - {ca268371-f8cc-4e81-bcdf-df6fa03061ad} - C:\WINDOWS\System32\lutawudi.dll File not found
O22 - SharedTaskScheduler: {23cbc430-1cc0-4c11-842a-d93b5002b3e8} - kupuhivus - C:\WINDOWS\System32\nesebaba.dll File not found
O22 - SharedTaskScheduler: {306954de-855c-4614-a9f9-0423ee7ea292} - kupuhivus - C:\WINDOWS\System32\baguteja.dll ()
O22 - SharedTaskScheduler: {30772096-01ab-4277-8f44-3d5d00fff14b} - gahurihor - C:\WINDOWS\System32\gomevibi.dll File not found
O22 - SharedTaskScheduler: {3227433f-a76a-4192-a9db-aec44efc8b29} - tokatiluy - C:\WINDOWS\System32\lutawudi.dll File not found
O22 - SharedTaskScheduler: {3736bffc-5216-45fd-b309-a400d2fe4831} - tokatiluy - C:\WINDOWS\System32\gusogire.dll File not found
O22 - SharedTaskScheduler: {3a93c760-4a2d-40bd-9f4d-a176b4e7c1c0} - tokatiluy - C:\WINDOWS\System32\gufomafe.dll File not found
O22 - SharedTaskScheduler: {4638290f-671f-4b5a-bd80-218555152df7} - tokatiluy - C:\WINDOWS\System32\lutawudi.dll File not found
O22 - SharedTaskScheduler: {5f0b3a62-4530-4f16-ae77-2d3d45014ece} - tokatiluy - C:\WINDOWS\System32\dipagowe.dll File not found
O22 - SharedTaskScheduler: {63852096-7d07-4aa8-94be-cbfcb9392cfe} - jugezatag - C:\WINDOWS\System32\lihujedo.dll File not found
O22 - SharedTaskScheduler: {70639040-7bd4-41dc-aed6-e019e3ce3689} - gahurihor - C:\WINDOWS\System32\tumalewu.dll File not found
O22 - SharedTaskScheduler: {7451d33c-7020-44bb-aa38-d95250668339} - tokatiluy - C:\WINDOWS\System32\bosurezo.dll File not found
O22 - SharedTaskScheduler: {84e6454f-84d1-4f3e-8eda-ebbdb0ac34fa} - mujuzedij - C:\WINDOWS\System32\yiyobuye.dll File not found
O22 - SharedTaskScheduler: {8619ca7f-0d16-46bf-be73-bd972bc3aca4} - kupuhivus - C:\WINDOWS\System32\navaguke.dll File not found
O22 - SharedTaskScheduler: {acab6f16-6b4b-48cc-b2e8-11b33a76f044} - mujuzedij - C:\WINDOWS\System32\lutawudi.dll File not found
O22 - SharedTaskScheduler: {ca268371-f8cc-4e81-bcdf-df6fa03061ad} - jugezatag - C:\WINDOWS\System32\lutawudi.dll File not found
O22 - SharedTaskScheduler: {d67617a4-5561-4aef-90f8-4f6200a7db3a} - kupuhivus - C:\WINDOWS\System32\kayufegi.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/20 14:09:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{07871900-9741-11de-aa42-0016e37315f4}\Shell - "" = AutoRun
O33 - MountPoints2\{07871900-9741-11de-aa42-0016e37315f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07871900-9741-11de-aa42-0016e37315f4}\Shell\AutoRun\command - "" = E:\StartClickFreeBackup.exe -- File not found
O33 - MountPoints2\{5873133c-9bc0-11de-aa45-0016e37315f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5873133c-9bc0-11de-aa45-0016e37315f4}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{5873133c-9bc0-11de-aa45-0016e37315f4}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[16 C:\WINDOWS\System32\*.tmp files]
[2009/09/24 21:17:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/14 09:46:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/10/04 09:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\2053874250
[2009/10/04 21:14:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\2279535808
[2009/10/05 09:14:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\3814167408
[2009/10/03 21:13:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\6011467302
[2009/10/05 21:14:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\6489321741
[2009/10/03 09:13:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\8966544956
[2009/09/30 16:41:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\9917130758
[2009/09/24 21:18:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2009/09/24 08:47:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Mozilla
[2009/10/14 09:46:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Real
[2009/09/24 08:47:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Mozilla
[2009/10/14 09:47:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Real
[2009/09/23 21:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\WMTools Downloaded Files
[2009/10/14 09:46:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/10/15 23:36:34 | 00,000,000 | ---D | C] -- C:\Program Files\kiviqw
[2009/09/24 21:17:55 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/20 16:43:03 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2009/10/14 09:46:56 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/14 09:46:51 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/14 09:46:51 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/08 20:05:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Online Schools, School Online, Online Learning @ Westwood College_files
[2009/10/07 23:40:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\schtml
[2009/09/24 21:17:57 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/24 21:17:55 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/24 08:51:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads
[2006/03/20 14:40:34 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

========== Files - Modified Within 30 Days ==========

[16 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/10/20 16:45:29 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\yagapehe
[2009/10/20 16:43:05 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2009/10/20 16:08:05 | 00,000,321 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Parenting With Positive Discipline Methods Alternatives to Spanking, Time-Outs, and Punishment Suite101.com.url
[2009/10/20 09:24:43 | 01,011,172 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\tatetimo.exe
[2009/10/20 09:24:40 | 00,090,624 | -HS- | M] () -- C:\WINDOWS\System32\baguteja.dll
[2009/10/20 09:24:40 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\kimuremo.dll
[2009/10/20 00:33:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/19 21:25:53 | 00,513,536 | ---- | M] () -- C:\WINDOWS\System32\pump.exe
[2009/10/19 21:25:51 | 00,000,058 | ---- | M] () -- C:\WINDOWS\wp4.dat
[2009/10/19 21:25:51 | 00,000,001 | ---- | M] () -- C:\WINDOWS\wp3.dat
[2009/10/19 21:24:16 | 01,011,401 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\lalihihe.exe
[2009/10/19 21:24:12 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\fiyusuka.dll
[2009/10/19 09:24:04 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\sovozele.dll
[2009/10/19 09:24:04 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\hufugido.dll
[2009/10/18 23:02:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/18 22:40:07 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{54C966A6-71CE-4333-9DEB-A3931F16C581}.job
[2009/10/18 22:33:03 | 00,072,928 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2009/10/18 22:30:59 | 00,000,881 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Security Tool.lnk
[2009/10/18 22:30:42 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/18 22:26:09 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/18 21:23:54 | 01,011,198 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\viriteda.exe
[2009/10/18 21:23:49 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\hivunote.dll
[2009/10/18 00:07:04 | 01,114,665 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\yajulose.exe
[2009/10/18 00:06:51 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\bijikoko.dll
[2009/10/17 10:30:27 | 00,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/10/17 09:20:14 | 01,115,745 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\soviveri.exe
[2009/10/17 09:20:10 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\jubodaso.dll
[2009/10/16 21:20:03 | 01,111,915 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\norupeze.exe
[2009/10/16 09:43:46 | 03,774,502 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/10/16 09:19:34 | 01,111,915 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\wejuwava.exe
[2009/10/16 09:19:31 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\kovihihi.dll
[2009/10/16 09:19:30 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\zukogulu.dll
[2009/10/16 08:59:49 | 00,283,136 | ---- | M] () -- C:\WINDOWS\svohost.exe
[2009/10/15 21:19:17 | 01,112,459 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\zejitune.exe
[2009/10/15 21:19:13 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\gulipame.dll
[2009/10/15 09:18:44 | 01,117,124 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\yuligugu.exe
[2009/10/15 09:18:41 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\zagubura.dll
[2009/10/15 09:18:40 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\vidomovo.dll
[2009/10/15 01:14:06 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/14 21:18:34 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\juzeziwi.dll
[2009/10/14 21:18:34 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\demojesa.dll
[2009/10/14 09:47:01 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2009/10/14 09:46:56 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/14 09:46:51 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/14 09:46:51 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/14 09:46:29 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2009/10/14 09:46:28 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2009/10/14 09:46:28 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/10/14 09:18:33 | 01,113,885 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\niludesa.exe
[2009/10/14 09:18:29 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\fotufuga.dll
[2009/10/13 21:18:23 | 01,011,606 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\dobipimo.exe
[2009/10/13 09:17:50 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\firugoti.dll
[2009/10/12 21:17:52 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\System32\kalomawu.dll
[2009/10/12 21:17:22 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\vetaweyo.dll
[2009/10/12 21:17:22 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\rigitaza.dll
[2009/10/12 20:56:06 | 00,009,728 | ---- | M] () -- C:\Documents and Settings\User\My Documents\zanrescook1.wps
[2009/10/12 20:56:06 | 00,002,512 | ---- | M] () -- C:\Documents and Settings\User\Application Data\wklnhst.dat
[2009/10/12 09:17:21 | 00,091,136 | ---- | M] () -- C:\WINDOWS\System32\yatorolo.dll
[2009/10/12 09:17:21 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\leyafapa.dll
[2009/10/11 21:17:12 | 01,011,439 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\lovafufu.exe
[2009/10/11 21:17:10 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\seweyaka.dll
[2009/10/11 21:17:09 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\rufobuwa.dll
[2009/10/11 09:17:11 | 01,011,570 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\wupesiki.exe
[2009/10/11 09:17:09 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\gakewadu.dll
[2009/10/11 09:17:08 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\vajilola.dll
[2009/10/10 21:16:58 | 01,011,128 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\tahiraga.exe
[2009/10/10 21:16:56 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\yiwosaku.dll
[2009/10/10 21:16:55 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\jedudisu.dll
[2009/10/10 09:16:46 | 01,011,260 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\tihupime.exe
[2009/10/10 09:16:44 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\biyajoze.dll
[2009/10/10 09:16:43 | 00,090,624 | -HS- | M] () -- C:\WINDOWS\System32\daletoje.dll
[2009/10/09 21:16:33 | 01,011,284 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\tanadafe.exe
[2009/10/09 21:16:31 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\hegiguve.dll
[2009/10/09 21:16:30 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\dibehaki.dll
[2009/10/09 09:16:22 | 01,011,752 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\mirevipu.exe
[2009/10/09 09:16:19 | 00,090,624 | -HS- | M] () -- C:\WINDOWS\System32\lapupayi.dll
[2009/10/09 09:16:18 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\zokemohi.dll
[2009/10/08 23:35:27 | 00,018,805 | ---- | M] () -- C:\Documents and Settings\User\Desktop\where-is-your-golden-thread-in-life.html
[2009/10/08 21:16:12 | 01,011,226 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\telodupo.exe
[2009/10/08 21:16:08 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\fironage.dll
[2009/10/08 20:05:19 | 00,032,126 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Online Schools, School Online, Online Learning @ Westwood College.htm
[2009/10/08 09:15:51 | 01,011,243 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\gukowema.exe
[2009/10/08 09:15:47 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\yirumuno.dll
[2009/10/08 09:15:47 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\pitorewe.dll
[2009/10/08 00:44:06 | 00,000,584 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to picset4 034.lnk
[2009/10/08 00:43:57 | 00,000,584 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to picset4 033.lnk
[2009/10/07 23:41:16 | 00,000,058 | ---- | M] () -- C:\WINDOWS\wf4.dat
[2009/10/07 23:41:16 | 00,000,002 | ---- | M] () -- C:\WINDOWS\wf3.dat
[2009/10/07 21:15:26 | 01,050,659 | -HS- | M] () -- C:\WINDOWS\System32\bizubudu.exe
[2009/10/07 21:15:21 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\lolozima.dll
[2009/10/07 12:22:32 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\User\My Documents\zanresumeteach.wps
[2009/10/07 09:15:08 | 01,050,147 | -HS- | M] () -- C:\WINDOWS\System32\wetogasi.exe
[2009/10/07 09:15:06 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\rotapote.dll
[2009/10/07 09:15:05 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\sepowumu.dll
[2009/10/06 21:14:58 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\kapekabo.dll
[2009/10/06 09:14:52 | 00,091,136 | ---- | M] () -- C:\WINDOWS\System32\sivufayo.dll
[2009/10/06 09:14:51 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\bujiluro.dll
[2009/10/05 21:14:38 | 01,047,587 | -HS- | M] () -- C:\WINDOWS\System32\gepesiso.exe
[2009/10/05 09:14:32 | 01,048,611 | -HS- | M] () -- C:\WINDOWS\System32\vuwozisa.exe
[2009/10/05 09:14:28 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\vikewami.dll
[2009/10/04 21:14:28 | 01,048,099 | -HS- | M] () -- C:\WINDOWS\System32\norozuse.exe
[2009/10/04 21:14:20 | 00,090,624 | -HS- | M] () -- C:\WINDOWS\System32\pulasiya.dll
[2009/10/04 09:14:05 | 01,048,099 | -HS- | M] () -- C:\WINDOWS\System32\keyamemu.exe
[2009/10/04 09:14:01 | 00,090,624 | -HS- | M] () -- C:\WINDOWS\System32\mekaboge.dll
[2009/10/04 09:14:01 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\jamoyiye.dll
[2009/10/03 21:13:55 | 01,048,099 | -HS- | M] () -- C:\WINDOWS\System32\wibotelo.exe
[2009/10/03 21:13:52 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\dayatife.dll
[2009/10/03 09:13:28 | 01,048,099 | -HS- | M] () -- C:\WINDOWS\System32\muhofola.exe
[2009/10/03 09:13:26 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\madujeri.dll
[2009/10/03 09:13:26 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\numisufe.dll
[2009/10/03 00:31:50 | 00,243,746 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Democracy.htm
[2009/10/02 21:13:35 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\panosiru.dll
[2009/10/02 21:13:05 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\petaziwe.dll
[2009/10/02 19:00:15 | 00,087,190 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DV_news_letter_980130.htm
[2009/10/02 10:21:42 | 00,000,217 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to Windows Firewall.lnk
[2009/10/02 09:13:41 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\biyebafi.dll
[2009/10/01 17:14:29 | 01,048,100 | -HS- | M] () -- C:\WINDOWS\System32\pezivuja.exe
[2009/10/01 17:14:25 | 00,027,136 | -HS- | M] () -- C:\WINDOWS\System32\raveyuru.dll
[2009/10/01 17:14:24 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\disimeji.dll
[2009/10/01 12:35:56 | 00,000,174 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Cross Creek High School - Homepage.url
[2009/10/01 08:50:46 | 00,034,872 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/01 05:18:59 | 01,047,588 | -HS- | M] () -- C:\WINDOWS\System32\vopatuse.exe
[2009/10/01 05:18:54 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\tageruzi.dll
[2009/09/30 16:41:51 | 00,050,688 | -HS- | M] () -- C:\WINDOWS\System32\biniyogi.dll
[2009/09/30 16:41:29 | 01,047,076 | -HS- | M] () -- C:\WINDOWS\System32\pigopimu.exe
[2009/09/30 16:41:20 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\bozagudu.dll
[2009/09/29 04:41:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\vobulofo.dll
[2009/09/28 16:41:30 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\zevehahu.dll
[2009/09/28 16:41:00 | 00,037,376 | -HS- | M] () -- C:\WINDOWS\System32\vemopado.dll
[2009/09/28 02:58:53 | 00,003,833 | ---- | M] () -- C:\WINDOWS\machine.ver
[2009/09/27 16:40:34 | 00,036,864 | -HS- | M] () -- C:\WINDOWS\System32\siyokume.dll
[2009/09/27 04:40:19 | 00,036,864 | -HS- | M] () -- C:\WINDOWS\System32\kodesalo.dll
[2009/09/26 16:40:17 | 00,036,864 | -HS- | M] () -- C:\WINDOWS\System32\tadeyike.dll
[2009/09/26 04:39:51 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\fosadite.dll
[2009/09/25 16:40:11 | 00,049,664 | -HS- | M] () -- C:\WINDOWS\System32\vorosuka.dll
[2009/09/24 21:18:00 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/24 16:39:20 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\rulufutu.dll
[2009/09/24 08:47:02 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/24 04:40:13 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\milufuro.dll
[2009/09/22 18:15:06 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/09/21 14:52:34 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/09/21 14:52:33 | 00,000,719 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/21 14:52:33 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

========== Files - No Company Name ==========
[2009/10/20 16:08:05 | 00,000,321 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Parenting With Positive Discipline Methods Alternatives to Spanking, Time-Outs, and Punishment Suite101.com.url
[2009/10/17 10:48:22 | 00,000,881 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Security Tool.lnk
[2009/10/17 10:21:39 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/17 10:21:25 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/16 09:43:40 | 03,774,502 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/10/16 08:59:49 | 00,283,136 | ---- | C] () -- C:\WINDOWS\svohost.exe
[2009/10/16 08:59:49 | 00,000,058 | ---- | C] () -- C:\WINDOWS\wp4.dat
[2009/10/16 08:59:49 | 00,000,001 | ---- | C] () -- C:\WINDOWS\wp3.dat
[2009/10/14 09:47:01 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2009/10/14 09:45:25 | 00,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/10/12 20:56:05 | 00,009,728 | ---- | C] () -- C:\Documents and Settings\User\My Documents\zanrescook1.wps
[2009/10/08 23:35:26 | 00,018,805 | ---- | C] () -- C:\Documents and Settings\User\Desktop\where-is-your-golden-thread-in-life.html
[2009/10/08 20:05:17 | 00,032,126 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Online Schools, School Online, Online Learning @ Westwood College.htm
[2009/10/08 00:44:06 | 00,000,584 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to picset4 034.lnk
[2009/10/08 00:43:57 | 00,000,584 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to picset4 033.lnk
[2009/10/07 23:39:55 | 00,000,058 | ---- | C] () -- C:\WINDOWS\wf4.dat
[2009/10/07 23:39:55 | 00,000,002 | ---- | C] () -- C:\WINDOWS\wf3.dat
[2009/10/07 23:39:53 | 00,513,536 | ---- | C] () -- C:\WINDOWS\System32\pump.exe
[2009/10/03 01:34:02 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/03 00:31:48 | 00,243,746 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Democracy.htm
[2009/10/02 19:00:14 | 00,087,190 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DV_news_letter_980130.htm
[2009/10/02 10:21:42 | 00,000,217 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to Windows Firewall.lnk
[2009/10/01 12:35:55 | 00,000,174 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Cross Creek High School - Homepage.url
[2009/09/24 21:18:00 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/24 08:47:02 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/15 15:51:02 | 00,018,844 | ---- | C] () -- C:\Program Files\Common Files\xarifat.exe
[2009/09/15 15:51:02 | 00,016,606 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\evujaxe._dl
[2009/09/15 15:51:02 | 00,016,069 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ydyqy._dl
[2009/09/15 15:51:02 | 00,015,809 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\azypa.scr
[2009/09/15 15:51:02 | 00,015,045 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yxon.pif
[2009/09/15 15:51:02 | 00,014,614 | ---- | C] () -- C:\Program Files\Common Files\okyrideqa.bat
[2009/09/15 15:51:02 | 00,014,121 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gijuqiceh.sys
[2009/09/15 15:51:02 | 00,012,740 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kapusu.lib
[2009/09/15 15:51:02 | 00,011,598 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ufotid.scr
[2009/09/14 19:49:23 | 00,013,833 | ---- | C] () -- C:\Documents and Settings\User\Application Data\azidahyd.pif
[2009/09/14 19:49:23 | 00,013,163 | ---- | C] () -- C:\Documents and Settings\User\Application Data\aneduhos.bin
[2009/09/14 19:49:23 | 00,011,693 | ---- | C] () -- C:\Program Files\Common Files\awyqasufak.vbs
[2009/09/14 19:49:22 | 00,019,805 | ---- | C] () -- C:\Documents and Settings\User\Application Data\uwyryse.exe
[2009/09/14 19:49:22 | 00,017,690 | ---- | C] () -- C:\Program Files\Common Files\wuxepowen.ban
[2009/09/14 19:49:22 | 00,015,773 | ---- | C] () -- C:\WINDOWS\umuh.sys
[2009/09/14 19:49:22 | 00,015,289 | ---- | C] () -- C:\Program Files\Common Files\ybikeji._sy
[2009/09/14 19:49:22 | 00,014,262 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\zasyc.vbs
[2009/09/14 19:49:22 | 00,014,192 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\nydulih.pif
[2009/09/14 19:49:22 | 00,014,139 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\gymavesor.reg
[2009/09/14 19:49:22 | 00,013,313 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ypybymade.dl
[2009/09/14 19:49:22 | 00,012,345 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\icaniz.exe
[2009/09/14 19:36:09 | 00,019,093 | ---- | C] () -- C:\Documents and Settings\User\Application Data\losugekyl.dll
[2009/09/14 19:36:09 | 00,019,043 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iquju.bat
[2009/09/14 19:36:09 | 00,019,031 | ---- | C] () -- C:\WINDOWS\edytisevav.sys
[2009/09/14 19:36:09 | 00,014,894 | ---- | C] () -- C:\WINDOWS\oqiqulixo.sys
[2009/09/14 19:36:09 | 00,014,386 | ---- | C] () -- C:\WINDOWS\zesa.sys
[2009/09/14 19:36:09 | 00,013,600 | ---- | C] () -- C:\Program Files\Common Files\ipenycazan.dat
[2009/09/14 19:36:09 | 00,013,014 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\wukax.inf
[2009/09/14 19:36:09 | 00,012,774 | ---- | C] () -- C:\Program Files\Common Files\exyhajefo.reg
[2009/09/14 19:36:09 | 00,012,475 | ---- | C] () -- C:\Documents and Settings\User\Application Data\fekunir.bat
[2009/09/14 19:36:09 | 00,011,296 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\cyqihoku.vbs
[2009/09/14 19:20:00 | 00,019,745 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ipybaso.ban
[2009/09/14 19:20:00 | 00,019,483 | ---- | C] () -- C:\Program Files\Common Files\cosam.ban
[2009/09/14 19:20:00 | 00,019,323 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\paholuh.sys
[2009/09/14 19:20:00 | 00,018,723 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vamike._dl
[2009/09/14 19:20:00 | 00,018,674 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\rizu._sy
[2009/09/14 19:20:00 | 00,018,569 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ofuvinexa.com
[2009/09/14 19:20:00 | 00,017,598 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\oluduwi.vbs
[2009/09/14 19:20:00 | 00,016,313 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ybifekow.ban
[2009/09/14 19:20:00 | 00,016,161 | ---- | C] () -- C:\Documents and Settings\User\Application Data\cyjubykam.dat
[2009/09/14 19:20:00 | 00,016,117 | ---- | C] () -- C:\Program Files\Common Files\ufocoxeq.bin
[2009/09/14 19:20:00 | 00,010,167 | ---- | C] () -- C:\Documents and Settings\User\Application Data\tyhunanas.com
[2009/09/14 19:19:59 | 00,019,458 | ---- | C] () -- C:\Documents and Settings\User\Application Data\butimy.com
[2009/09/14 19:19:59 | 00,017,635 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\facuhuh.pif
[2009/09/14 19:19:59 | 00,017,549 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bemumafop.ban
[2009/09/14 19:19:59 | 00,016,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\igileqe.inf
[2009/09/14 19:19:59 | 00,010,089 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\umoji.dl
[2009/09/14 16:19:42 | 00,013,748 | ---- | C] () -- C:\Program Files\Common Files\kelyradaq._sy
[2009/09/14 16:19:41 | 00,016,085 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jekam.db
[2009/09/14 16:19:41 | 00,011,779 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\bodajecaga.bat
[2009/09/14 15:58:35 | 00,018,834 | ---- | C] () -- C:\Program Files\Common Files\ipyhyzumow.sys
[2009/09/14 15:58:35 | 00,017,962 | ---- | C] () -- C:\Program Files\Common Files\bytecaqote.dl
[2009/09/14 15:58:35 | 00,016,715 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ykuba.dl
[2009/09/14 15:58:35 | 00,014,629 | ---- | C] () -- C:\WINDOWS\tonefe.sys
[2009/09/14 15:58:35 | 00,013,823 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\usyg.dl
[2009/09/14 15:58:35 | 00,013,234 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iniqopavy.sys
[2009/09/14 15:58:35 | 00,013,046 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\adakyvoha._dl
[2009/09/14 15:58:35 | 00,012,861 | ---- | C] () -- C:\Documents and Settings\User\Application Data\apuwyk.bin
[2009/09/14 15:58:35 | 00,011,565 | ---- | C] () -- C:\Program Files\Common Files\kagy.bat
[2009/09/14 15:58:35 | 00,010,754 | ---- | C] () -- C:\Program Files\Common Files\zuxuvibake.scr
[2009/09/13 12:41:22 | 00,019,157 | ---- | C] () -- C:\Program Files\Common Files\ezebova.db
[2009/09/13 12:41:22 | 00,018,217 | ---- | C] () -- C:\Documents and Settings\User\Application Data\susux.bin
[2009/09/13 12:41:22 | 00,016,930 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ygeziwet.bin
[2009/09/13 12:41:22 | 00,016,472 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lohid.ban
[2009/09/13 12:41:22 | 00,015,277 | ---- | C] () -- C:\WINDOWS\qocyt.dll
[2009/09/13 12:41:22 | 00,014,977 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\timo.sys
[2009/09/13 12:41:22 | 00,013,812 | ---- | C] () -- C:\Program Files\Common Files\orapyj.reg
[2009/09/13 12:41:22 | 00,013,322 | ---- | C] () -- C:\Program Files\Common Files\gotuxuk.reg
[2009/09/13 12:41:22 | 00,012,179 | ---- | C] () -- C:\Program Files\Common Files\asulace.db
[2009/09/13 12:41:22 | 00,011,746 | ---- | C] () -- C:\Documents and Settings\User\Application Data\uwuquvoty.pif
[2009/08/12 15:42:24 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/07/20 09:24:39 | 00,090,624 | -HS- | C] () -- C:\WINDOWS\System32\baguteja.dll
[2009/07/20 09:24:39 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kimuremo.dll
[2009/07/19 21:24:12 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fiyusuka.dll
[2009/07/19 09:24:04 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\sovozele.dll
[2009/07/19 09:24:04 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\hufugido.dll
[2009/07/18 21:23:49 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\hivunote.dll
[2009/07/18 00:06:50 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\bijikoko.dll
[2009/07/17 09:20:10 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jubodaso.dll
[2009/07/16 09:19:29 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\kovihihi.dll
[2009/07/16 09:19:29 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zukogulu.dll
[2009/07/15 21:19:12 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\gulipame.dll
[2009/07/15 09:18:40 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\zagubura.dll
[2009/07/15 09:18:40 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\vidomovo.dll
[2009/07/14 21:18:34 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\juzeziwi.dll
[2009/07/14 21:18:34 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\demojesa.dll
[2009/07/14 09:18:29 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fotufuga.dll
[2009/07/13 09:17:50 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\firugoti.dll
[2009/07/12 21:17:55 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\yofabutu.dll
[2009/07/12 21:17:55 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\tezojuyu.dll
[2009/07/12 21:17:55 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\tahuhabu.dll
[2009/07/12 21:17:21 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\vetaweyo.dll
[2009/07/12 21:17:21 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\kalomawu.dll
[2009/07/12 21:17:21 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\rigitaza.dll
[2009/07/12 09:17:20 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\yatorolo.dll
[2009/07/12 09:17:20 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\leyafapa.dll
[2009/07/11 21:17:09 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\rufobuwa.dll
[2009/07/11 21:17:09 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\seweyaka.dll
[2009/07/11 09:17:07 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\vajilola.dll
[2009/07/11 09:17:07 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\gakewadu.dll
[2009/07/10 21:16:54 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\yiwosaku.dll
[2009/07/10 21:16:54 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jedudisu.dll
[2009/07/10 09:16:42 | 00,090,624 | -HS- | C] () -- C:\WINDOWS\System32\daletoje.dll
[2009/07/10 09:16:42 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\biyajoze.dll
[2009/07/09 21:16:29 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\hegiguve.dll
[2009/07/09 21:16:29 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\dibehaki.dll
[2009/07/09 09:16:18 | 00,090,624 | -HS- | C] () -- C:\WINDOWS\System32\lapupayi.dll
[2009/07/09 09:16:18 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zokemohi.dll
[2009/07/08 21:16:07 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fironage.dll
[2009/07/08 09:15:46 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\yirumuno.dll
[2009/07/08 09:15:46 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\pitorewe.dll
[2009/07/07 21:15:20 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\lolozima.dll
[2009/07/07 09:15:04 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\rotapote.dll
[2009/07/07 09:15:04 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\sepowumu.dll
[2009/07/06 21:14:58 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\kapekabo.dll
[2009/07/06 09:14:51 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\sivufayo.dll
[2009/07/06 09:14:51 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\bujiluro.dll
[2009/07/05 09:14:28 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\vikewami.dll
[2009/07/04 21:14:19 | 00,090,624 | -HS- | C] () -- C:\WINDOWS\System32\pulasiya.dll
[2009/07/04 09:14:00 | 00,090,624 | -HS- | C] () -- C:\WINDOWS\System32\mekaboge.dll
[2009/07/04 09:14:00 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\jamoyiye.dll
[2009/07/03 21:13:51 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\dayatife.dll
[2009/07/03 09:13:25 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\madujeri.dll
[2009/07/03 09:13:25 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\numisufe.dll
[2009/07/02 21:13:04 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\panosiru.dll
[2009/07/02 21:13:04 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\petaziwe.dll
[2009/07/02 09:13:41 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\biyebafi.dll
[2009/07/01 17:14:24 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\disimeji.dll
[2009/07/01 17:14:24 | 00,027,136 | -HS- | C] () -- C:\WINDOWS\System32\raveyuru.dll
[2009/07/01 05:18:54 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\tageruzi.dll
[2009/06/30 16:41:19 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\bozagudu.dll
[2009/06/30 16:41:19 | 00,050,688 | -HS- | C] () -- C:\WINDOWS\System32\biniyogi.dll
[2009/06/29 04:40:59 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\vobulofo.dll
[2009/06/28 16:41:00 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\zevehahu.dll
[2009/06/28 16:41:00 | 00,037,376 | -HS- | C] () -- C:\WINDOWS\System32\vemopado.dll
[2009/06/27 16:40:34 | 00,036,864 | -HS- | C] () -- C:\WINDOWS\System32\siyokume.dll
[2009/06/27 04:40:19 | 00,036,864 | -HS- | C] () -- C:\WINDOWS\System32\kodesalo.dll
[2009/06/26 16:40:17 | 00,036,864 | -HS- | C] () -- C:\WINDOWS\System32\tadeyike.dll
[2009/06/26 04:39:51 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\fosadite.dll
[2009/06/25 16:39:40 | 00,049,664 | -HS- | C] () -- C:\WINDOWS\System32\vorosuka.dll
[2009/06/24 16:39:19 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\rulufutu.dll
[2009/06/24 04:40:13 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\milufuro.dll
[2009/05/19 09:27:48 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/02 15:04:27 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/09 15:54:15 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\User\Application Data\desktop.ini
[2007/09/21 02:14:56 | 00,002,512 | ---- | C] () -- C:\Documents and Settings\User\Application Data\wklnhst.dat
[2007/09/20 21:55:51 | 00,034,872 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/05/15 14:13:00 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/10 16:00:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/10 14:58:21 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/03/20 19:26:30 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/03/20 15:20:51 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/20 15:20:51 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/20 15:20:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/20 15:20:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/20 15:20:51 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/20 15:20:51 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/20 15:17:30 | 00,000,216 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/20 15:03:16 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/03/20 15:02:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/20 14:46:03 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/20 14:46:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/20 14:46:03 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/20 14:46:03 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/20 14:40:34 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/03/20 14:13:25 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/20 14:05:59 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/20 12:53:09 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/20 12:49:43 | 00,000,719 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/03/20 12:49:34 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/03/20 06:01:49 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/01/30 18:15:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/24 19:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/03/22 00:02:24 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\eztw32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA029835
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77248999
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:43 AM

Posted 21 October 2009 - 01:44 PM

Hi,

there are still more things to remove:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    O4 - HKLM..\Run: [vewuropod] C:\WINDOWS\System32\baguteja.DLL ()
    O1 - Hosts: 91.212.127.226 osguardpro.microsoft.com
    O1 - Hosts: 91.212.127.226 os-guardpro.com
    O1 - Hosts: 91.212.127.226 www.os-guardpro.com
    O4 - HKU\.DEFAULT..\Run: [Install] C:\Documents and Settings\User\Application Data\9917130758\9917130758.bat ()
    O4 - HKU\S-1-5-18..\Run: [Install] C:\Documents and Settings\User\Application Data\9917130758\9917130758.bat ()
    O20 - AppInit_DLLs: (tezojuyu.dll) - C:\WINDOWS\System32\tezojuyu.dll ()
    O20 - AppInit_DLLs: (c:\windows\system32\tumalewu.dll) - C:\WINDOWS\System32\tumalewu.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\vopegoze.dll) - C:\WINDOWS\System32\vopegoze.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\lutawudi.dll) - C:\WINDOWS\System32\lutawudi.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\yiyobuye.dll) - C:\WINDOWS\System32\yiyobuye.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\baguteja.dll) - C:\WINDOWS\System32\baguteja.dll ()
    O21 - SSODL: batumutup - {4638290f-671f-4b5a-bd80-218555152df7} - C:\WINDOWS\System32\lutawudi.dll File not found
    O21 - SSODL: hefemokip - {acab6f16-6b4b-48cc-b2e8-11b33a76f044} - C:\WINDOWS\System32\lutawudi.dll File not found
    O21 - SSODL: hurasibop - {306954de-855c-4614-a9f9-0423ee7ea292} - C:\WINDOWS\System32\baguteja.dll ()
    O21 - SSODL: nadojorud - {3736bffc-5216-45fd-b309-a400d2fe4831} - C:\WINDOWS\System32\gusogire.dll File not found
    O21 - SSODL: pigidosiw - {70639040-7bd4-41dc-aed6-e019e3ce3689} - C:\WINDOWS\System32\tumalewu.dll File not found
    O21 - SSODL: pusezeyed - {d67617a4-5561-4aef-90f8-4f6200a7db3a} - C:\WINDOWS\System32\kayufegi.dll File not found
    O21 - SSODL: ranojolan - {3227433f-a76a-4192-a9db-aec44efc8b29} - C:\WINDOWS\System32\lutawudi.dll File not found
    O21 - SSODL: sekiguwos - {84e6454f-84d1-4f3e-8eda-ebbdb0ac34fa} - C:\WINDOWS\System32\yiyobuye.dll File not found
    O21 - SSODL: timobebul - {30772096-01ab-4277-8f44-3d5d00fff14b} - C:\WINDOWS\System32\gomevibi.dll File not found
    O21 - SSODL: vamamazel - {5f0b3a62-4530-4f16-ae77-2d3d45014ece} - C:\WINDOWS\System32\dipagowe.dll File not found
    O21 - SSODL: vawebedan - {7451d33c-7020-44bb-aa38-d95250668339} - C:\WINDOWS\System32\bosurezo.dll File not found
    O21 - SSODL: vudigesig - {23cbc430-1cc0-4c11-842a-d93b5002b3e8} - C:\WINDOWS\System32\nesebaba.dll File not found
    O21 - SSODL: vuwuketim - {8619ca7f-0d16-46bf-be73-bd972bc3aca4} - C:\WINDOWS\System32\navaguke.dll File not found
    O21 - SSODL: yafesoker - {3a93c760-4a2d-40bd-9f4d-a176b4e7c1c0} - C:\WINDOWS\System32\gufomafe.dll File not found
    O21 - SSODL: yosalubuf - {63852096-7d07-4aa8-94be-cbfcb9392cfe} - C:\WINDOWS\System32\lihujedo.dll File not found
    O21 - SSODL: zowojaged - {ca268371-f8cc-4e81-bcdf-df6fa03061ad} - C:\WINDOWS\System32\lutawudi.dll File not found
    O22 - SharedTaskScheduler: {23cbc430-1cc0-4c11-842a-d93b5002b3e8} - kupuhivus - C:\WINDOWS\System32\nesebaba.dll File not found
    O22 - SharedTaskScheduler: {306954de-855c-4614-a9f9-0423ee7ea292} - kupuhivus - C:\WINDOWS\System32\baguteja.dll ()
    O22 - SharedTaskScheduler: {30772096-01ab-4277-8f44-3d5d00fff14b} - gahurihor - C:\WINDOWS\System32\gomevibi.dll File not found
    O22 - SharedTaskScheduler: {3227433f-a76a-4192-a9db-aec44efc8b29} - tokatiluy - C:\WINDOWS\System32\lutawudi.dll File not found
    O22 - SharedTaskScheduler: {3736bffc-5216-45fd-b309-a400d2fe4831} - tokatiluy - C:\WINDOWS\System32\gusogire.dll File not found
    O22 - SharedTaskScheduler: {3a93c760-4a2d-40bd-9f4d-a176b4e7c1c0} - tokatiluy - C:\WINDOWS\System32\gufomafe.dll File not found
    O22 - SharedTaskScheduler: {4638290f-671f-4b5a-bd80-218555152df7} - tokatiluy - C:\WINDOWS\System32\lutawudi.dll File not found
    O22 - SharedTaskScheduler: {5f0b3a62-4530-4f16-ae77-2d3d45014ece} - tokatiluy - C:\WINDOWS\System32\dipagowe.dll File not found
    O22 - SharedTaskScheduler: {63852096-7d07-4aa8-94be-cbfcb9392cfe} - jugezatag - C:\WINDOWS\System32\lihujedo.dll File not found
    O22 - SharedTaskScheduler: {70639040-7bd4-41dc-aed6-e019e3ce3689} - gahurihor - C:\WINDOWS\System32\tumalewu.dll File not found
    O22 - SharedTaskScheduler: {7451d33c-7020-44bb-aa38-d95250668339} - tokatiluy - C:\WINDOWS\System32\bosurezo.dll File not found
    O22 - SharedTaskScheduler: {84e6454f-84d1-4f3e-8eda-ebbdb0ac34fa} - mujuzedij - C:\WINDOWS\System32\yiyobuye.dll File not found
    O22 - SharedTaskScheduler: {8619ca7f-0d16-46bf-be73-bd972bc3aca4} - kupuhivus - C:\WINDOWS\System32\navaguke.dll File not found
    O22 - SharedTaskScheduler: {acab6f16-6b4b-48cc-b2e8-11b33a76f044} - mujuzedij - C:\WINDOWS\System32\lutawudi.dll File not found
    O22 - SharedTaskScheduler: {ca268371-f8cc-4e81-bcdf-df6fa03061ad} - jugezatag - C:\WINDOWS\System32\lutawudi.dll File not found
    O22 - SharedTaskScheduler: {d67617a4-5561-4aef-90f8-4f6200a7db3a} - kupuhivus - C:\WINDOWS\System32\kayufegi.dll File not found
    
    :files
    C:\Documents and Settings\All Users\Application Data\bemumafop.ban
    C:\Documents and Settings\All Users\Application Data\facuhuh.pif
    C:\Documents and Settings\All Users\Application Data\gijuqiceh.sys
    C:\Documents and Settings\All Users\Application Data\icaniz.exe
    C:\Documents and Settings\All Users\Application Data\igileqe.inf
    C:\Documents and Settings\All Users\Application Data\iniqopavy.sys
    C:\Documents and Settings\All Users\Application Data\iquju.bat
    C:\Documents and Settings\All Users\Application Data\jekam.db
    C:\Documents and Settings\All Users\Application Data\kapusu.lib
    C:\Documents and Settings\All Users\Application Data\lohid.ban
    C:\Documents and Settings\All Users\Application Data\timo.sys
    C:\Documents and Settings\All Users\Application Data\usyg.dl
    C:\Documents and Settings\All Users\Application Data\vamike._dl
    C:\Documents and Settings\All Users\Application Data\ybifekow.ban
    C:\Documents and Settings\All Users\Application Data\ydyqy._dl
    C:\Documents and Settings\All Users\Application Data\ygeziwet.bin
    C:\Documents and Settings\All Users\Application Data\yxon.pif
    C:\Documents and Settings\User\Application Data\2053874250
    C:\Documents and Settings\User\Application Data\2279535808
    C:\Documents and Settings\User\Application Data\3814167408
    C:\Documents and Settings\User\Application Data\6011467302
    C:\Documents and Settings\User\Application Data\6489321741
    C:\Documents and Settings\User\Application Data\8966544956
    C:\Documents and Settings\User\Application Data\9917130758
    C:\Documents and Settings\User\Application Data\aneduhos.bin
    C:\Documents and Settings\User\Application Data\apuwyk.bin
    C:\Documents and Settings\User\Application Data\azidahyd.pif
    C:\Documents and Settings\User\Application Data\butimy.com
    C:\Documents and Settings\User\Application Data\cyjubykam.dat
    C:\Documents and Settings\User\Application Data\fekunir.bat
    C:\Documents and Settings\User\Application Data\ipybaso.ban
    C:\Documents and Settings\User\Application Data\losugekyl.dll
    C:\Documents and Settings\User\Application Data\susux.bin
    C:\Documents and Settings\User\Application Data\tyhunanas.com
    C:\Documents and Settings\User\Application Data\ufotid.scr
    C:\Documents and Settings\User\Application Data\uwuquvoty.pif
    C:\Documents and Settings\User\Application Data\uwyryse.exe
    C:\Documents and Settings\User\Application Data\ykuba.dl
    C:\Documents and Settings\User\Application Data\ypybymade.dl
    C:\Documents and Settings\User\Local Settings\Application Data\adakyvoha._dl
    C:\Documents and Settings\User\Local Settings\Application Data\azypa.scr
    C:\Documents and Settings\User\Local Settings\Application Data\bodajecaga.bat
    C:\Documents and Settings\User\Local Settings\Application Data\cyqihoku.vbs
    C:\Documents and Settings\User\Local Settings\Application Data\evujaxe._dl
    C:\Documents and Settings\User\Local Settings\Application Data\gymavesor.reg
    C:\Documents and Settings\User\Local Settings\Application Data\nydulih.pif
    C:\Documents and Settings\User\Local Settings\Application Data\ofuvinexa.com
    C:\Documents and Settings\User\Local Settings\Application Data\oluduwi.vbs
    C:\Documents and Settings\User\Local Settings\Application Data\paholuh.sys
    C:\Documents and Settings\User\Local Settings\Application Data\rizu._sy
    C:\Documents and Settings\User\Local Settings\Application Data\umoji.dl
    C:\Documents and Settings\User\Local Settings\Application Data\wukax.inf
    C:\Documents and Settings\User\Local Settings\Application Data\zasyc.vbs
    C:\Documents and Settings\User\My Documents\zanrescook1.wps
    C:\Program Files\Common Files\asulace.db
    C:\Program Files\Common Files\awyqasufak.vbs
    C:\Program Files\Common Files\bytecaqote.dl
    C:\Program Files\Common Files\cosam.ban
    C:\Program Files\Common Files\exyhajefo.reg
    C:\Program Files\Common Files\ezebova.db
    C:\Program Files\Common Files\gotuxuk.reg
    C:\Program Files\Common Files\ipenycazan.dat
    C:\Program Files\Common Files\ipyhyzumow.sys
    C:\Program Files\Common Files\kagy.bat
    C:\Program Files\Common Files\kelyradaq._sy
    C:\Program Files\Common Files\okyrideqa.bat
    C:\Program Files\Common Files\orapyj.reg
    C:\Program Files\Common Files\ufocoxeq.bin
    C:\Program Files\Common Files\wuxepowen.ban
    C:\Program Files\Common Files\xarifat.exe
    C:\Program Files\Common Files\ybikeji._sy
    C:\Program Files\Common Files\zuxuvibake.scr
    C:\Program Files\kiviqw
    C:\WINDOWS\edytisevav.sys
    C:\WINDOWS\machine.ver
    C:\WINDOWS\oqiqulixo.sys
    C:\WINDOWS\qocyt.dll
    C:\WINDOWS\svohost.exe
    C:\WINDOWS\System32\baguteja.dll
    C:\WINDOWS\System32\bijikoko.dll
    C:\WINDOWS\System32\biniyogi.dll
    C:\WINDOWS\System32\biyajoze.dll
    C:\WINDOWS\System32\biyebafi.dll
    C:\WINDOWS\System32\bizubudu.exe
    C:\WINDOWS\System32\bozagudu.dll
    C:\WINDOWS\System32\bujiluro.dll
    C:\WINDOWS\System32\d3d9caps.dat
    C:\WINDOWS\System32\daletoje.dll
    C:\WINDOWS\System32\dayatife.dll
    C:\WINDOWS\System32\demojesa.dll
    C:\WINDOWS\System32\dibehaki.dll
    C:\WINDOWS\System32\disimeji.dll
    C:\WINDOWS\System32\dobipimo.exe
    C:\WINDOWS\System32\fironage.dll
    C:\WINDOWS\System32\firugoti.dll
    C:\WINDOWS\System32\fiyusuka.dll
    C:\WINDOWS\System32\fosadite.dll
    C:\WINDOWS\System32\fotufuga.dll
    C:\WINDOWS\System32\gakewadu.dll
    C:\WINDOWS\System32\gepesiso.exe
    C:\WINDOWS\System32\gukowema.exe
    C:\WINDOWS\System32\gulipame.dll
    C:\WINDOWS\System32\hegiguve.dll
    C:\WINDOWS\System32\hivunote.dll
    C:\WINDOWS\System32\hufugido.dll
    C:\WINDOWS\System32\jamoyiye.dll
    C:\WINDOWS\System32\jedudisu.dll
    C:\WINDOWS\System32\jubodaso.dll
    C:\WINDOWS\System32\juzeziwi.dll
    C:\WINDOWS\System32\kalomawu.dll
    C:\WINDOWS\System32\kapekabo.dll
    C:\WINDOWS\System32\keyamemu.exe
    C:\WINDOWS\System32\kimuremo.dll
    C:\WINDOWS\System32\kodesalo.dll
    C:\WINDOWS\System32\kovihihi.dll
    C:\WINDOWS\System32\lalihihe.exe
    C:\WINDOWS\System32\lapupayi.dll
    C:\WINDOWS\System32\leyafapa.dll
    C:\WINDOWS\System32\lolozima.dll
    C:\WINDOWS\System32\lovafufu.exe
    C:\WINDOWS\System32\madujeri.dll
    C:\WINDOWS\System32\mekaboge.dll
    C:\WINDOWS\System32\milufuro.dll
    C:\WINDOWS\System32\mirevipu.exe
    C:\WINDOWS\System32\muhofola.exe
    C:\WINDOWS\System32\niludesa.exe
    C:\WINDOWS\System32\norozuse.exe
    C:\WINDOWS\System32\norupeze.exe
    C:\WINDOWS\System32\numisufe.dll
    C:\WINDOWS\System32\panosiru.dll
    C:\WINDOWS\System32\petaziwe.dll
    C:\WINDOWS\System32\pezivuja.exe
    C:\WINDOWS\System32\pigopimu.exe
    C:\WINDOWS\System32\pitorewe.dll
    C:\WINDOWS\System32\pulasiya.dll
    C:\WINDOWS\System32\raveyuru.dll
    C:\WINDOWS\System32\rigitaza.dll
    C:\WINDOWS\System32\rotapote.dll
    C:\WINDOWS\System32\rufobuwa.dll
    C:\WINDOWS\System32\rulufutu.dll
    C:\WINDOWS\System32\schtml
    C:\WINDOWS\System32\sepowumu.dll
    C:\WINDOWS\System32\seweyaka.dll
    C:\WINDOWS\System32\sivufayo.dll
    C:\WINDOWS\System32\siyokume.dll
    C:\WINDOWS\System32\soviveri.exe
    C:\WINDOWS\System32\sovozele.dll
    C:\WINDOWS\System32\tadeyike.dll
    C:\WINDOWS\System32\tageruzi.dll
    C:\WINDOWS\System32\tahiraga.exe
    C:\WINDOWS\System32\tahuhabu.dll
    C:\WINDOWS\System32\tanadafe.exe
    C:\WINDOWS\System32\tatetimo.exe
    C:\WINDOWS\System32\telodupo.exe
    C:\WINDOWS\System32\tezojuyu.dll
    C:\WINDOWS\System32\tihupime.exe
    C:\WINDOWS\System32\vajilola.dll
    C:\WINDOWS\System32\vemopado.dll
    C:\WINDOWS\System32\vetaweyo.dll
    C:\WINDOWS\System32\vidomovo.dll
    C:\WINDOWS\System32\vikewami.dll
    C:\WINDOWS\System32\viriteda.exe
    C:\WINDOWS\System32\vobulofo.dll
    C:\WINDOWS\System32\vopatuse.exe
    C:\WINDOWS\System32\vorosuka.dll
    C:\WINDOWS\System32\vuwozisa.exe
    C:\WINDOWS\System32\wejuwava.exe
    C:\WINDOWS\System32\wetogasi.exe
    C:\WINDOWS\System32\wibotelo.exe
    C:\WINDOWS\System32\wupesiki.exe
    C:\WINDOWS\System32\yagapehe
    C:\WINDOWS\System32\yajulose.exe
    C:\WINDOWS\System32\yatorolo.dll
    C:\WINDOWS\System32\yirumuno.dll
    C:\WINDOWS\System32\yiwosaku.dll
    C:\WINDOWS\System32\yofabutu.dll
    C:\WINDOWS\System32\yuligugu.exe
    C:\WINDOWS\System32\zagubura.dll
    C:\WINDOWS\System32\zejitune.exe
    C:\WINDOWS\System32\zevehahu.dll
    C:\WINDOWS\System32\zokemohi.dll
    C:\WINDOWS\System32\zukogulu.dll
    C:\WINDOWS\tonefe.sys
    C:\WINDOWS\umuh.sys
    C:\WINDOWS\wf3.dat
    C:\WINDOWS\wf4.dat
    C:\WINDOWS\wp3.dat
    C:\WINDOWS\wp4.dat
    C:\WINDOWS\zesa.sys
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Paytonjrd

Paytonjrd
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Augusta, Georgia
  • Local time:05:43 PM

Posted 21 October 2009 - 04:51 PM

Error: Unable to interpret <otl> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [vewuropod] C:\WINDOWS\System32\baguteja.DLL ()> in the current context!
Error: Unable to interpret <O1 - Hosts: 91.212.127.226 osguardpro.microsoft.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 91.212.127.226 os-guardpro.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 91.212.127.226 www.os-guardpro.com> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [Install] C:\Documents and Settings\User\Application Data\9917130758\9917130758.bat ()> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-18..\Run: [Install] C:\Documents and Settings\User\Application Data\9917130758\9917130758.bat ()> in the current context!
Error: Unable to interpret <O20 - AppInit_DLLs: (tezojuyu.dll) - C:\WINDOWS\System32\tezojuyu.dll ()> in the current context!
Error: Unable to interpret <O20 - AppInit_DLLs: (c:\windows\system32\tumalewu.dll) - C:\WINDOWS\System32\tumalewu.dll File not found> in the current context!
Error: Unable to interpret <O20 - AppInit_DLLs: (c:\windows\system32\vopegoze.dll) - C:\WINDOWS\System32\vopegoze.dll File not found> in the current context!
Error: Unable to interpret <O20 - AppInit_DLLs: (c:\windows\system32\lutawudi.dll) - C:\WINDOWS\System32\lutawudi.dll File not found> in the current context!
Error: Unable to interpret <O20 - AppInit_DLLs: (c:\windows\system32\yiyobuye.dll) - C:\WINDOWS\System32\yiyobuye.dll File not found> in the current context!
Error: Unable to interpret <O20 - AppInit_DLLs: (c:\windows\system32\baguteja.dll) - C:\WINDOWS\System32\baguteja.dll ()> in the current context!
Error: Unable to interpret <O21 - SSODL: batumutup - {4638290f-671f-4b5a-bd80-218555152df7} - C:\WINDOWS\System32\lutawudi.dll File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: hefemokip - {acab6f16-6b4b-48cc-b2e8-11b33a76f044} - C:\WINDOWS\System32\lutawudi.dll File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: hurasibop - {306954de-855c-4614-a9f9-0423ee7ea292} - C:\WINDOWS\System32\baguteja.dll ()> in the current context!
Error: Unable to interpret <O21 - SSODL: nadojorud - {3736bffc-5216-45fd-b309-a400d2fe4831} - C:\WINDOWS\System32\gusogire.dll File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: pigidosiw - {70639040-7bd4-41dc-aed6-e019e3ce3689} - C:\WINDOWS\System32\tumalewu.dll File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: pusezeyed - {d67617a4-5561-4aef-90f8-4f6200a7db3a} - C:\WINDOWS\System32\kayufegi.dll File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: ranojolan - {3227433f-a76a-4192-a9db-aec44efc8b29} - C:\WINDOWS\System32\lutawudi.dll File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: sekiguwos - {84e6454f-84d1-4f3e-8eda-ebbdb0ac34fa} - C:\WINDOWS\System32\yiyobuye.dll File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: timobebul - {30772096-01ab-4277-8f44-3d5d00fff14b} - C:\WINDOWS\System32\gomevibi.dll File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: vamamazel - {5f0b3a62-4530-4f16-ae77-2d3d45014ece} - C:\WINDOWS\System32\dipagowe.dll File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: vawebedan - {7451d33c-7020-44bb-aa38-d95250668339} - C:\WINDOWS\System32\bosurezo.dll File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: vudigesig - {23cbc430-1cc0-4c11-842a-d93b5002b3e8} - C:\WINDOWS\System32\nesebaba.dll File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: vuwuketim - {8619ca7f-0d16-46bf-be73-bd972bc3aca4} - C:\WINDOWS\System32\navaguke.dll File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: yafesoker - {3a93c760-4a2d-40bd-9f4d-a176b4e7c1c0} - C:\WINDOWS\System32\gufomafe.dll File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: yosalubuf - {63852096-7d07-4aa8-94be-cbfcb9392cfe} - C:\WINDOWS\System32\lihujedo.dll File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: zowojaged - {ca268371-f8cc-4e81-bcdf-df6fa03061ad} - C:\WINDOWS\System32\lutawudi.dll File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {23cbc430-1cc0-4c11-842a-d93b5002b3e8} - kupuhivus - C:\WINDOWS\System32\nesebaba.dll File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {306954de-855c-4614-a9f9-0423ee7ea292} - kupuhivus - C:\WINDOWS\System32\baguteja.dll ()> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {30772096-01ab-4277-8f44-3d5d00fff14b} - gahurihor - C:\WINDOWS\System32\gomevibi.dll File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {3227433f-a76a-4192-a9db-aec44efc8b29} - tokatiluy - C:\WINDOWS\System32\lutawudi.dll File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {3736bffc-5216-45fd-b309-a400d2fe4831} - tokatiluy - C:\WINDOWS\System32\gusogire.dll File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {3a93c760-4a2d-40bd-9f4d-a176b4e7c1c0} - tokatiluy - C:\WINDOWS\System32\gufomafe.dll File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {4638290f-671f-4b5a-bd80-218555152df7} - tokatiluy - C:\WINDOWS\System32\lutawudi.dll File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {5f0b3a62-4530-4f16-ae77-2d3d45014ece} - tokatiluy - C:\WINDOWS\System32\dipagowe.dll File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {63852096-7d07-4aa8-94be-cbfcb9392cfe} - jugezatag - C:\WINDOWS\System32\lihujedo.dll File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {70639040-7bd4-41dc-aed6-e019e3ce3689} - gahurihor - C:\WINDOWS\System32\tumalewu.dll File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {7451d33c-7020-44bb-aa38-d95250668339} - tokatiluy - C:\WINDOWS\System32\bosurezo.dll File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {84e6454f-84d1-4f3e-8eda-ebbdb0ac34fa} - mujuzedij - C:\WINDOWS\System32\yiyobuye.dll File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {8619ca7f-0d16-46bf-be73-bd972bc3aca4} - kupuhivus - C:\WINDOWS\System32\navaguke.dll File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {acab6f16-6b4b-48cc-b2e8-11b33a76f044} - mujuzedij - C:\WINDOWS\System32\lutawudi.dll File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {ca268371-f8cc-4e81-bcdf-df6fa03061ad} - jugezatag - C:\WINDOWS\System32\lutawudi.dll File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {d67617a4-5561-4aef-90f8-4f6200a7db3a} - kupuhivus - C:\WINDOWS\System32\kayufegi.dll File not found> in the current context!
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\bemumafop.ban moved successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\facuhuh.pif not found.
File\Folder C:\Documents and Settings\All Users\Application Data\gijuqiceh.sys not found.
File\Folder C:\Documents and Settings\All Users\Application Data\icaniz.exe not found.
File\Folder C:\Documents and Settings\All Users\Application Data\igileqe.inf not found.
File\Folder C:\Documents and Settings\All Users\Application Data\iniqopavy.sys not found.
File\Folder C:\Documents and Settings\All Users\Application Data\iquju.bat not found.
C:\Documents and Settings\All Users\Application Data\jekam.db moved successfully.
C:\Documents and Settings\All Users\Application Data\kapusu.lib moved successfully.
C:\Documents and Settings\All Users\Application Data\lohid.ban moved successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\timo.sys not found.
C:\Documents and Settings\All Users\Application Data\usyg.dl moved successfully.
C:\Documents and Settings\All Users\Application Data\vamike._dl moved successfully.
C:\Documents and Settings\All Users\Application Data\ybifekow.ban moved successfully.
C:\Documents and Settings\All Users\Application Data\ydyqy._dl moved successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\ygeziwet.bin not found.
File\Folder C:\Documents and Settings\All Users\Application Data\yxon.pif not found.
File\Folder C:\Documents and Settings\User\Application Data\2053874250 not found.
File\Folder C:\Documents and Settings\User\Application Data\2279535808 not found.
File\Folder C:\Documents and Settings\User\Application Data\3814167408 not found.
File\Folder C:\Documents and Settings\User\Application Data\6011467302 not found.
File\Folder C:\Documents and Settings\User\Application Data\6489321741 not found.
File\Folder C:\Documents and Settings\User\Application Data\8966544956 not found.
File\Folder C:\Documents and Settings\User\Application Data\9917130758 not found.
File\Folder C:\Documents and Settings\User\Application Data\aneduhos.bin not found.
File\Folder C:\Documents and Settings\User\Application Data\apuwyk.bin not found.
File\Folder C:\Documents and Settings\User\Application Data\azidahyd.pif not found.
File\Folder C:\Documents and Settings\User\Application Data\butimy.com not found.
File\Folder C:\Documents and Settings\User\Application Data\cyjubykam.dat not found.
File\Folder C:\Documents and Settings\User\Application Data\fekunir.bat not found.
C:\Documents and Settings\User\Application Data\ipybaso.ban moved successfully.
File\Folder C:\Documents and Settings\User\Application Data\losugekyl.dll not found.
File\Folder C:\Documents and Settings\User\Application Data\susux.bin not found.
File\Folder C:\Documents and Settings\User\Application Data\tyhunanas.com not found.
File\Folder C:\Documents and Settings\User\Application Data\ufotid.scr not found.
File\Folder C:\Documents and Settings\User\Application Data\uwuquvoty.pif not found.
File\Folder C:\Documents and Settings\User\Application Data\uwyryse.exe not found.
C:\Documents and Settings\User\Application Data\ykuba.dl moved successfully.
C:\Documents and Settings\User\Application Data\ypybymade.dl moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\adakyvoha._dl moved successfully.
File\Folder C:\Documents and Settings\User\Local Settings\Application Data\azypa.scr not found.
File\Folder C:\Documents and Settings\User\Local Settings\Application Data\bodajecaga.bat not found.
File\Folder C:\Documents and Settings\User\Local Settings\Application Data\cyqihoku.vbs not found.
C:\Documents and Settings\User\Local Settings\Application Data\evujaxe._dl moved successfully.
File\Folder C:\Documents and Settings\User\Local Settings\Application Data\gymavesor.reg not found.
File\Folder C:\Documents and Settings\User\Local Settings\Application Data\nydulih.pif not found.
File\Folder C:\Documents and Settings\User\Local Settings\Application Data\ofuvinexa.com not found.
File\Folder C:\Documents and Settings\User\Local Settings\Application Data\oluduwi.vbs not found.
File\Folder C:\Documents and Settings\User\Local Settings\Application Data\paholuh.sys not found.
C:\Documents and Settings\User\Local Settings\Application Data\rizu._sy moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\umoji.dl moved successfully.
File\Folder C:\Documents and Settings\User\Local Settings\Application Data\wukax.inf not found.
File\Folder C:\Documents and Settings\User\Local Settings\Application Data\zasyc.vbs not found.
C:\Documents and Settings\User\My Documents\zanrescook1.wps moved successfully.
File\Folder C:\Program Files\Common Files\asulace.db not found.
File\Folder C:\Program Files\Common Files\awyqasufak.vbs not found.
File\Folder C:\Program Files\Common Files\bytecaqote.dl not found.
File\Folder C:\Program Files\Common Files\cosam.ban not found.
File\Folder C:\Program Files\Common Files\exyhajefo.reg not found.
File\Folder C:\Program Files\Common Files\ezebova.db not found.
File\Folder C:\Program Files\Common Files\gotuxuk.reg not found.
File\Folder C:\Program Files\Common Files\ipenycazan.dat not found.
File\Folder C:\Program Files\Common Files\ipyhyzumow.sys not found.
File\Folder C:\Program Files\Common Files\kagy.bat not found.
File\Folder C:\Program Files\Common Files\kelyradaq._sy not found.
File\Folder C:\Program Files\Common Files\okyrideqa.bat not found.
File\Folder C:\Program Files\Common Files\orapyj.reg not found.
File\Folder C:\Program Files\Common Files\ufocoxeq.bin not found.
File\Folder C:\Program Files\Common Files\wuxepowen.ban not found.
File\Folder C:\Program Files\Common Files\xarifat.exe not found.
File\Folder C:\Program Files\Common Files\ybikeji._sy not found.
File\Folder C:\Program Files\Common Files\zuxuvibake.scr not found.
File\Folder C:\Program Files\kiviqw not found.
File\Folder C:\WINDOWS\edytisevav.sys not found.
C:\WINDOWS\machine.ver moved successfully.
File\Folder C:\WINDOWS\oqiqulixo.sys not found.
File\Folder C:\WINDOWS\qocyt.dll not found.
File\Folder C:\WINDOWS\svohost.exe not found.
File\Folder C:\WINDOWS\System32\baguteja.dll not found.
File\Folder C:\WINDOWS\System32\bijikoko.dll not found.
File\Folder C:\WINDOWS\System32\biniyogi.dll not found.
File\Folder C:\WINDOWS\System32\biyajoze.dll not found.
File\Folder C:\WINDOWS\System32\biyebafi.dll not found.
File\Folder C:\WINDOWS\System32\bizubudu.exe not found.
File\Folder C:\WINDOWS\System32\bozagudu.dll not found.
File\Folder C:\WINDOWS\System32\bujiluro.dll not found.
C:\WINDOWS\System32\d3d9caps.dat moved successfully.
File\Folder C:\WINDOWS\System32\daletoje.dll not found.
File\Folder C:\WINDOWS\System32\dayatife.dll not found.
File\Folder C:\WINDOWS\System32\demojesa.dll not found.
File\Folder C:\WINDOWS\System32\dibehaki.dll not found.
File\Folder C:\WINDOWS\System32\disimeji.dll not found.
File\Folder C:\WINDOWS\System32\dobipimo.exe not found.
File\Folder C:\WINDOWS\System32\fironage.dll not found.
File\Folder C:\WINDOWS\System32\firugoti.dll not found.
File\Folder C:\WINDOWS\System32\fiyusuka.dll not found.
File\Folder C:\WINDOWS\System32\fosadite.dll not found.
File\Folder C:\WINDOWS\System32\fotufuga.dll not found.
File\Folder C:\WINDOWS\System32\gakewadu.dll not found.
File\Folder C:\WINDOWS\System32\gepesiso.exe not found.
File\Folder C:\WINDOWS\System32\gukowema.exe not found.
File\Folder C:\WINDOWS\System32\gulipame.dll not found.
File\Folder C:\WINDOWS\System32\hegiguve.dll not found.
File\Folder C:\WINDOWS\System32\hivunote.dll not found.
File\Folder C:\WINDOWS\System32\hufugido.dll not found.
File\Folder C:\WINDOWS\System32\jamoyiye.dll not found.
File\Folder C:\WINDOWS\System32\jedudisu.dll not found.
File\Folder C:\WINDOWS\System32\jubodaso.dll not found.
File\Folder C:\WINDOWS\System32\juzeziwi.dll not found.
File\Folder C:\WINDOWS\System32\kalomawu.dll not found.
File\Folder C:\WINDOWS\System32\kapekabo.dll not found.
File\Folder C:\WINDOWS\System32\keyamemu.exe not found.
File\Folder C:\WINDOWS\System32\kimuremo.dll not found.
File\Folder C:\WINDOWS\System32\kodesalo.dll not found.
File\Folder C:\WINDOWS\System32\kovihihi.dll not found.
File\Folder C:\WINDOWS\System32\lalihihe.exe not found.
File\Folder C:\WINDOWS\System32\lapupayi.dll not found.
File\Folder C:\WINDOWS\System32\leyafapa.dll not found.
File\Folder C:\WINDOWS\System32\lolozima.dll not found.
File\Folder C:\WINDOWS\System32\lovafufu.exe not found.
File\Folder C:\WINDOWS\System32\madujeri.dll not found.
File\Folder C:\WINDOWS\System32\mekaboge.dll not found.
File\Folder C:\WINDOWS\System32\milufuro.dll not found.
File\Folder C:\WINDOWS\System32\mirevipu.exe not found.
File\Folder C:\WINDOWS\System32\muhofola.exe not found.
File\Folder C:\WINDOWS\System32\niludesa.exe not found.
File\Folder C:\WINDOWS\System32\norozuse.exe not found.
File\Folder C:\WINDOWS\System32\norupeze.exe not found.
File\Folder C:\WINDOWS\System32\numisufe.dll not found.
File\Folder C:\WINDOWS\System32\panosiru.dll not found.
File\Folder C:\WINDOWS\System32\petaziwe.dll not found.
File\Folder C:\WINDOWS\System32\pezivuja.exe not found.
File\Folder C:\WINDOWS\System32\pigopimu.exe not found.
File\Folder C:\WINDOWS\System32\pitorewe.dll not found.
File\Folder C:\WINDOWS\System32\pulasiya.dll not found.
File\Folder C:\WINDOWS\System32\raveyuru.dll not found.
File\Folder C:\WINDOWS\System32\rigitaza.dll not found.
File\Folder C:\WINDOWS\System32\rotapote.dll not found.
File\Folder C:\WINDOWS\System32\rufobuwa.dll not found.
File\Folder C:\WINDOWS\System32\rulufutu.dll not found.
File\Folder C:\WINDOWS\System32\schtml not found.
File\Folder C:\WINDOWS\System32\sepowumu.dll not found.
File\Folder C:\WINDOWS\System32\seweyaka.dll not found.
File\Folder C:\WINDOWS\System32\sivufayo.dll not found.
File\Folder C:\WINDOWS\System32\siyokume.dll not found.
File\Folder C:\WINDOWS\System32\soviveri.exe not found.
File\Folder C:\WINDOWS\System32\sovozele.dll not found.
File\Folder C:\WINDOWS\System32\tadeyike.dll not found.
File\Folder C:\WINDOWS\System32\tageruzi.dll not found.
File\Folder C:\WINDOWS\System32\tahiraga.exe not found.
File\Folder C:\WINDOWS\System32\tahuhabu.dll not found.
File\Folder C:\WINDOWS\System32\tanadafe.exe not found.
File\Folder C:\WINDOWS\System32\tatetimo.exe not found.
File\Folder C:\WINDOWS\System32\telodupo.exe not found.
File\Folder C:\WINDOWS\System32\tezojuyu.dll not found.
File\Folder C:\WINDOWS\System32\tihupime.exe not found.
File\Folder C:\WINDOWS\System32\vajilola.dll not found.
File\Folder C:\WINDOWS\System32\vemopado.dll not found.
File\Folder C:\WINDOWS\System32\vetaweyo.dll not found.
File\Folder C:\WINDOWS\System32\vidomovo.dll not found.
File\Folder C:\WINDOWS\System32\vikewami.dll not found.
File\Folder C:\WINDOWS\System32\viriteda.exe not found.
File\Folder C:\WINDOWS\System32\vobulofo.dll not found.
File\Folder C:\WINDOWS\System32\vopatuse.exe not found.
File\Folder C:\WINDOWS\System32\vorosuka.dll not found.
File\Folder C:\WINDOWS\System32\vuwozisa.exe not found.
File\Folder C:\WINDOWS\System32\wejuwava.exe not found.
File\Folder C:\WINDOWS\System32\wetogasi.exe not found.
File\Folder C:\WINDOWS\System32\wibotelo.exe not found.
File\Folder C:\WINDOWS\System32\wupesiki.exe not found.
C:\WINDOWS\System32\yagapehe moved successfully.
File\Folder C:\WINDOWS\System32\yajulose.exe not found.
File\Folder C:\WINDOWS\System32\yatorolo.dll not found.
File\Folder C:\WINDOWS\System32\yirumuno.dll not found.
File\Folder C:\WINDOWS\System32\yiwosaku.dll not found.
File\Folder C:\WINDOWS\System32\yofabutu.dll not found.
File\Folder C:\WINDOWS\System32\yuligugu.exe not found.
File\Folder C:\WINDOWS\System32\zagubura.dll not found.
File\Folder C:\WINDOWS\System32\zejitune.exe not found.
File\Folder C:\WINDOWS\System32\zevehahu.dll not found.
File\Folder C:\WINDOWS\System32\zokemohi.dll not found.
File\Folder C:\WINDOWS\System32\zukogulu.dll not found.
File\Folder C:\WINDOWS\tonefe.sys not found.
File\Folder C:\WINDOWS\umuh.sys not found.
File\Folder C:\WINDOWS\wf3.dat not found.
File\Folder C:\WINDOWS\wf4.dat not found.
File\Folder C:\WINDOWS\wp3.dat not found.
File\Folder C:\WINDOWS\wp4.dat not found.
File\Folder C:\WINDOWS\zesa.sys not found.

OTL by OldTimer - Version 3.0.21.0 log created on 10212009_174741

#15 Paytonjrd

Paytonjrd
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Augusta, Georgia
  • Local time:05:43 PM

Posted 21 October 2009 - 04:56 PM

OTL logfile created on: 10/21/2009 5:51:36 PM - Run 3
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.04 Mb Total Physical Memory | 110.20 Mb Available Physical Memory | 24.71% Memory free
1.03 Gb Paging File | 0.54 Gb Available in Paging File | 52.66% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.31 Gb Total Space | 51.05 Gb Free Space | 73.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (America Online Inc)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
PRC - c:\program files\mcafee.com\agent\mcdetect.exe (McAfee, Inc)
PRC - c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe (McAfee Security)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
PRC - c:\Program Files\McAfee.com\VSO\McShield.exe (McAfee Inc.)
PRC - c:\Program Files\McAfee.com\VSO\McVSEscn.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\VSO\mcvsftsn.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
PRC - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe (McAfee Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\System32\acs.exe ()
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\dla\DLACTRLW.exe (Sonic Solutions)
PRC - C:\WINDOWS\System32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\System32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\System32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ACS [Auto | Running]) -- C:\WINDOWS\System32\acs.exe ()
SRV - (AOL TopSpeedMonitor [Auto | Running]) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DVD-RAM_Service [Auto | Running]) -- C:\WINDOWS\System32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (gupdate1ca4cd4724b8e94 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McciCMService [Auto | Running]) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (McDetect.exe [Auto | Running]) -- c:\program files\mcafee.com\agent\mcdetect.exe (McAfee, Inc)
SRV - (McShield [Auto | Paused]) -- c:\Program Files\McAfee.com\VSO\McShield.exe (McAfee Inc.)
SRV - (McTskshd.exe [Auto | Running]) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
SRV - (mcupdmgr.exe [On_Demand | Stopped]) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe (McAfee, Inc)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)
SRV - (MskService [Auto | Running]) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe (McAfee Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Swupdtmr [Auto | Running]) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (TAPPSRV [Auto | Running]) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (AR5211 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys (Atheros Communications, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (fssfltr [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (meiudf [System | Running]) -- C:\WINDOWS\System32\Drivers\meiudf.sys (Matsubleepa Electric Industrial Co.,Ltd.)
DRV - (MPFIREWL [System | Running]) -- C:\WINDOWS\System32\Drivers\MpFirewall.sys (McAfee)
DRV - (MREMP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (NaiAvFilter1 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\naiavf5x.sys (McAfee Inc.)
DRV - (Netdevio [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys (TOSHIBA Corporation.)
DRV - (PCTCore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sscdbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdmdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV - (sscdserd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sscdserd.sys (MCCI Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tbiosdrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\tbiosdrv.sys ()
DRV - (TVALD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NBSMI.sys (Toshiba Corporation)
DRV - (Tvs [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Tvs.sys (TOSHIBA Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 3B 3D A2 D6 32 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/07 03:00:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/12 00:19:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realplayer\browserrecord\firefox\ext [2009/10/14 09:47:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/14 09:46:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/14 09:47:03 | 00,000,000 | ---D | M]

[2009/09/24 08:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions
[2009/09/24 08:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/21 13:24:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\drlycl1z.default\extensions
[2009/09/24 09:40:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\drlycl1z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/24 08:46:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/24 08:46:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 16:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 16:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 16:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/10/14 09:46:56 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/10/14 09:47:03 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/10/14 09:46:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/08/24 14:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 14:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 14:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 14:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 14:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 14:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 14:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\DLACTRLW.exe (Sonic Solutions)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VirusScan Online] c:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\System32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (McAfee, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/20 14:09:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/09/24 21:17:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/14 09:46:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/09/24 21:18:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2009/09/24 08:47:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Mozilla
[2009/10/14 09:46:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Real
[2009/09/24 08:47:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Mozilla
[2009/10/14 09:47:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Real
[2009/09/23 21:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\WMTools Downloaded Files
[2009/10/14 09:46:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/10/21 12:55:32 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/21 17:47:41 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/21 13:40:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Computer Fix Information
[2009/10/21 12:55:34 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/21 12:55:32 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/21 12:25:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/21 03:51:23 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/10/21 03:42:41 | 25,198,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/20 23:37:04 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/20 23:35:00 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/20 23:35:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/20 23:35:00 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/20 23:35:00 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/20 23:34:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/20 23:27:03 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/14 09:46:56 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/14 09:46:51 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/14 09:46:51 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/08 20:05:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Online Schools, School Online, Online Learning @ Westwood College_files
[2009/09/24 08:51:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads
[2006/03/20 14:40:34 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/10/21 17:26:06 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/21 13:23:31 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{54C966A6-71CE-4333-9DEB-A3931F16C581}.job
[2009/10/21 13:14:54 | 00,078,432 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2009/10/21 13:12:35 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/21 13:07:59 | 00,000,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/10/21 13:07:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/21 13:07:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/21 13:07:10 | 46,777,5488 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/21 12:19:44 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/21 03:54:44 | 00,505,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/21 03:54:44 | 00,443,366 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/21 03:54:44 | 00,072,482 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/21 03:47:03 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/21 00:08:14 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/20 23:37:13 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/20 16:08:05 | 00,000,321 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Parenting With Positive Discipline Methods Alternatives to Spanking, Time-Outs, and Punishment Suite101.com.url
[2009/10/17 10:30:27 | 00,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/10/16 09:43:46 | 03,774,502 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/10/14 09:47:01 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2009/10/14 09:46:56 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/14 09:46:51 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/14 09:46:51 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/14 09:46:29 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2009/10/14 09:46:28 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2009/10/14 09:46:28 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/07 12:22:32 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\User\My Documents\zanresumeteach.wps
[2009/10/02 11:01:58 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/02 10:21:42 | 00,000,217 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to Windows Firewall.lnk
[2009/10/01 08:50:46 | 00,034,872 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/24 08:47:02 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/22 18:15:06 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

========== Files - No Company Name ==========
[2009/10/20 23:45:57 | 46,777,5488 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/20 23:37:13 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/20 23:37:05 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/20 23:35:00 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/20 23:35:00 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/20 23:35:00 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/20 23:35:00 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/20 16:08:05 | 00,000,321 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Parenting With Positive Discipline Methods Alternatives to Spanking, Time-Outs, and Punishment Suite101.com.url
[2009/10/17 10:21:39 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/17 10:21:25 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/16 09:43:40 | 03,774,502 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/10/14 09:47:01 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2009/10/14 09:45:25 | 00,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/10/02 10:21:42 | 00,000,217 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to Windows Firewall.lnk
[2009/09/24 08:47:02 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/12 15:42:24 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/19 09:27:48 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/02 15:04:27 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/09 15:54:15 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\User\Application Data\desktop.ini
[2007/09/20 21:55:51 | 00,034,872 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/05/15 14:13:00 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/10 16:00:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/10 14:58:21 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/03/20 19:26:30 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/03/20 15:20:51 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/20 15:20:51 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/20 15:20:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/20 15:20:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/20 15:20:51 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/20 15:20:51 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/20 15:17:30 | 00,000,216 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/20 15:03:16 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/03/20 15:02:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/20 14:46:03 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/20 14:46:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/20 14:46:03 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/20 14:46:03 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/20 14:40:34 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/03/20 14:13:25 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/20 14:05:59 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/20 12:53:09 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/20 12:49:43 | 00,000,719 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/03/20 12:49:34 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/03/20 06:01:49 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/01/30 18:15:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/24 19:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/03/22 00:02:24 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\eztw32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA029835
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77248999
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
This is the result of the otl scan. Everything is certainly looking a lot better!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users