Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

fakeavalert


  • This topic is locked This topic is locked
8 replies to this topic

#1 inderhmr

inderhmr

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 25 October 2009 - 04:28 PM

I have a (several) nasty viruses. Something is preventing me for running most removal programs. I have tried Malewarebytes, Microsofts Maleware removal Tool, and SuperAntispware. None of these programs are allowed to execute.


DDS (Ver_09-10-24.04) - NTFSx86
Run by Julie Ross at 17:02:00.21 on Sun 10/25/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.75 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Common Files\AOL\1157510312\ee\AOLSoftware.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\ccSvcHst.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Julie Ross\Desktop\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.comcast.net/comcast.html
{368a612f-7a26-4e53-98d0-70e2b23d893d}
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1303.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1303.0\msneshellx.dll
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe"
mRun: [HostManager] c:\program files\common files\aol\1157510312\ee\AOLSoftware.exe
mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
mRun: [bemobigoj] Rundll32.exe "c:\windows\system32\dewezuwa.dll",a
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus\AirPlus.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} - hxxp://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - hxxp://asp.mathxl.com/applets/PearsonInstallAsst.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.15.44/ttinst.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\yumikedi.dll c:\windows\system32\dewezuwa.dll gijoyeri.dll c:\windows\system32\hahohetu.dll
SSODL: runikumus - {66b9d25d-9869-40d8-b5ad-fde117d2b3be} - c:\windows\system32\yumikedi.dll
SSODL: zuzurolil - {2cefa6ac-6cad-4aa4-9c0d-56fad940dd1d} - c:\windows\system32\hahohetu.dll
SSODL: hemisajeb - {2ab26149-16c4-4480-9c20-aa489e9dbced} - c:\windows\system32\hahohetu.dll
SSODL: hurekiyat - {23819cce-cc61-41b1-b4d6-deeba8fd1fab} - c:\windows\system32\hahohetu.dll
SSODL: votoyafit - {2d9e134d-b863-479f-8bdc-0f801aebf55d} - c:\windows\system32\hahohetu.dll
SSODL: yesehuyeg - {3a74ea6a-07b4-47c0-80dd-0cf3d8657570} - c:\windows\system32\hahohetu.dll
SSODL: meguyuhaf - {ec211094-5375-4bfb-81a1-8ce393cefa5a} - c:\windows\system32\dewezuwa.dll
LSA: Notification Packages = scecli libetuka.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\julier~1\applic~1\mozilla\firefox\profiles\6znh2z4v.mac\
FF - prefs.js: browser.startup.homepage - www.comcast.net
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {A9A05615-D954-475F-9A68-B06BA9A55E2E} - c:\documents and settings\julie ross\local settings\application data\{A9A05615-D954-475F-9A68-B06BA9A55E2E}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

As per the instructions you would have received, kindly ensure any onboard
script blocking tools have been disabled for they shall interfere with DDS.

DDS is a non-invasive diagnostic tool.

- DDS makes no registry writes/changes

- DDS does not create any permanent files/folders.

This scan should not take longer than three minutes to complete.

When the scan is complete, a logfile/report shall pop open.

Post the contents of the logfile to the forum where it was requested

We only require it to run just once. Dispose after use.


:::::::::::::::::::::::::::::::::::::::

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-10-16 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-10-16 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-10-16 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091021.001\IDSXpx86.sys [2009-10-24 329080]
R2 ccJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.0.146\ccSvcHst.exe [2009-10-25 126392]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-10-16 117640]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.0.146\SymcPCCULaunchSvc.exe [2009-10-25 123248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-24 102448]
S1 44944763;44944763;c:\windows\system32\drivers\44944763.sys --> c:\windows\system32\drivers\44944763.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\julie ross\local settings\temporary internet files\content.ie5\z7cf0765\sabkutil.sys --> c:\documents and settings\julie ross\local settings\temporary internet files\content.ie5\z7cf0765\SABKUTIL.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]

=============== Created Last 30 ================

2009-10-25 17:17:26 0 d-----w- c:\docume~1\julier~1\applic~1\Tific
2009-10-25 17:16:47 0 d-----w- c:\windows\system32\drivers\NortonPCCheckup
2009-10-25 17:16:47 0 d-----w- c:\program files\Norton PC Checkup
2009-10-25 17:07:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 17:07:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-25 17:07:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 17:07:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 16:32:00 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-25 16:32:00 0 d-----w- c:\docume~1\julier~1\applic~1\SUPERAntiSpyware.com
2009-10-25 16:30:52 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-25 16:27:06 0 d-----w- C:\Mike
2009-10-25 16:24:08 2383047 ----a-w- C:\MGtools.exe
2009-10-25 15:58:42 0 d-----w- c:\windows\pss
2009-10-25 15:08:06 2713 --sh--w- c:\windows\system32\yitefuko.dll
2009-10-25 15:08:06 2713 --sh--w- c:\windows\system32\raramuge.exe
2009-10-25 15:08:06 2713 --sh--w- c:\windows\system32\lodivoyo.dll
2009-10-25 14:32:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-25 14:20:04 0 d-----w- c:\program files\CCleaner
2009-10-25 13:29:31 0 d-----w- c:\program files\Trend Micro
2009-10-25 13:18:21 0 d-----w- c:\program files\Adware Professional
2009-10-25 12:32:38 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-25 11:35:24 0 d-----w- c:\windows\system32\NtmsData
2009-10-24 23:54:46 6 ----a-w- c:\windows\system32\ClassU
2009-10-24 23:54:46 5 ----a-w- c:\windows\system32\Band4
2009-10-24 22:45:10 0 d-----w- c:\windows\ie8updates
2009-10-24 22:42:55 0 d-----w- c:\docume~1\julier~1\applic~1\COMCASTTOOLBAR
2009-10-24 22:37:27 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-24 22:37:18 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-24 22:30:50 0 d-sh--w- c:\documents and settings\julie ross\PrivacIE
2009-10-24 22:28:24 0 d-sh--w- c:\documents and settings\julie ross\IETldCache
2009-10-24 22:20:42 0 dc-h--w- c:\windows\ie8
2009-10-24 15:07:12 0 d-----w- c:\docume~1\alluse~1\applic~1\20314818
2009-10-22 01:26:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-22 01:14:06 10096 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-10-21 23:48:23 0 d-----w- c:\docume~1\alluse~1\applic~1\44229829
2009-10-20 22:49:28 0 d-----w- c:\docume~1\alluse~1\applic~1\04849934
2009-10-20 10:49:17 0 d-----w- c:\docume~1\alluse~1\applic~1\71315421
2009-10-19 22:50:42 58 ----a-w- c:\windows\wp4.dat
2009-10-19 22:50:42 1 ----a-w- c:\windows\wp3.dat
2009-10-19 22:50:31 92 ----a-w- c:\windows\system32\wwp.htm
2009-10-19 22:49:12 0 d-----w- c:\docume~1\alluse~1\applic~1\66154527
2009-10-13 13:21:54 0 d--h--w- c:\windows\PIF

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 19:19:54 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44:46 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:08 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-21 23:48:17 90112 --sha-w- c:\windows\system32\dewezuwa.dll
2009-01-24 16:37:33 412227 --sha-w- c:\windows\system32\GffMUvut.ini2
2009-07-24 15:07:00 89600 --sha-w- c:\windows\system32\hahohetu.dll
2009-07-21 23:48:50 51200 --sha-w- c:\windows\system32\libetuka.dll
2009-07-21 23:48:17 51200 --sha-w- c:\windows\system32\semasowa.dll
2009-07-24 15:07:01 1011747 --sha-w- c:\windows\system32\tedegeru.exe
2009-07-20 22:49:20 90112 --sha-w- c:\windows\system32\tuhipulo.dll
2009-07-21 23:48:50 51200 --sha-w- c:\windows\system32\vayihufi.dll
2009-07-21 23:48:19 38912 --sha-w- c:\windows\system32\wotitiha.dll
2009-07-24 15:07:00 38400 --sha-w- c:\windows\system32\zeginizo.dll
2008-08-28 22:34:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 17:04:16.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:20 PM

Posted 26 October 2009 - 07:51 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %systemdrive%\*.exe
    %systemroot%\system32\drivers\*.sys


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 inderhmr

inderhmr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 26 October 2009 - 09:08 PM

OTL logfile created on: 10/26/2009 10:01:31 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Julie Ross\Desktop
Thanks for your help Sam. Hope you dont mind helping a Hoosier.


OTL Extras logfile created on: 10/26/2009 10:01:32 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Julie Ross\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.42 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 22.49% Memory free
1.22 Gb Paging File | 0.81 Gb Available in Paging File | 66.07% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 99.44 Gb Free Space | 88.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1006.92 Mb Total Space | 1006.92 Mb Free Space | 100.00% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JULIE-O7W2BN5SI
Current User Name: Julie Ross
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = jsfile] -- C:\Corel\Suite8\Programs\CCWin\Cscape.exe (Netscape Communications Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- C:\Corel\Suite8\Programs\CCWin\Cscape.exe (Netscape Communications Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Comcast Rhapsody\rhapsody.exe" = C:\Program Files\Comcast Rhapsody\rhapsody.exe:*:Disabled:RealNetworks Rhapsody -- (RealNetworks, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1157510312\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1157510312\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1157510312\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1157510312\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\WINDOWS\svohost.exe" = C:\WINDOWS\svohost.exe:*:Enabled:svohost -- File not found
"C:\Program Files\Windows Police Pro\Windows Police Pro.exe" = C:\Program Files\Windows Police Pro\Windows Police Pro.exe:*:Enabled:Windows Police Pro -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B70A780-4D87-4602-A015-6EE728C26A91}" = MSN Toolbar
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{87A7D286-B0AD-45CB-906D-0E59E2698661}" = D-Link 11Mbps Wireless LAN for Windows
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{C71A1FD7-EB23-45AA-A9AA-8DFEC0881875}" = 530TX+
"{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}" = D-Link AirPlus
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"0FPABC32V2" = Fisher Price ABC 32
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner (remove only)
"Comcast Rhapsody" = Comcast Rhapsody
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"CSCLIB" = Canon Camera Support Core Library
"Cyberchase Carnival Chaos" = Cyberchase Carnival Chaos
"Digital Audio Center" = Creative Digital Audio Center
"Disney's Toontown Online" = Disney's Toontown Online
"Dollhouse" = Fisher-Price® Time to Play ™ Dollhouse
"EOS Utility" = Canon Utilities EOS Utility
"FG_1.0" = 1st Grade v1.0
"FP123" = Fisher-Price 1-2-3's
"HijackThis" = HijackThis 2.0.2
"iCarly - iDream in Toons" = iCarly - iDream in Toons
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{C71A1FD7-EB23-45AA-A9AA-8DFEC0881875}" = 530TX+
"InterActual Player" = InterActual Player
"Lexmark X6100 Series" = Lexmark X6100 Series
"LucasArts' Jedi Knight" = LucasArts' Jedi Knight
"LucasArts' Rogue Squadron" = LucasArts' Rogue Squadron
"LucasArts' X-Wing Alliance" = LucasArts' X-Wing Alliance
"LucasArts' X-Wing vs. TIE Fighter" = LucasArts' X-Wing vs. TIE Fighter
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MSN Music Assistant" = MSN Music Assistant
"MSPersonalTutorMathopolis" = Microsoft Mathopolis
"MSPersonalTutorPreschool Workshop" = Microsoft Preschool Workshop
"MSPersonalTutorReaderRailway" = Microsoft Reader Railway
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NortonPCCheckup" = Norton PC Checkup
"pet95" = Time to Play ™ Pet Shop
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"RRK32.exe" = Reader Rabbit's Kindergarten
"RSX2Uninst" = Intel RSX 3D
"ShockwaveFlash" = Adobe Flash Player 9
"SpongeBob SquarePants Obstacle Odyssey 2" = SpongeBob SquarePants Obstacle Odyssey 2
"UnityWebPlayer" = Unity Web Player
"VLC media player" = VideoLAN VLC media player 0.8.2
"VN_VUIns_Rhine_D-Link" = D-Link PCI Fast Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-861567501-1060284298-274436499-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/25/2009 12:26:25 PM | Computer Name = JULIE-O7W2BN5SI | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 108.1.1.10, faulting module
msvcr80.dll, version 8.0.50727.762, fault address 0x00014580.

Error - 10/6/2009 4:02:45 PM | Computer Name = JULIE-O7W2BN5SI | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3526, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/6/2009 4:04:41 PM | Computer Name = JULIE-O7W2BN5SI | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3526, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/6/2009 4:04:47 PM | Computer Name = JULIE-O7W2BN5SI | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3526, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2009 4:08:54 PM | Computer Name = JULIE-O7W2BN5SI | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 108.1.1.10, faulting module
msvcr80.dll, version 8.0.50727.762, fault address 0x00014580.

Error - 10/13/2009 4:14:27 PM | Computer Name = JULIE-O7W2BN5SI | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 108.1.1.10, faulting module
msvcr80.dll, version 8.0.50727.762, fault address 0x00014580.

Error - 10/21/2009 8:21:28 PM | Computer Name = JULIE-O7W2BN5SI | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/21/2009 8:21:28 PM | Computer Name = JULIE-O7W2BN5SI | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 10/25/2009 9:07:23 AM | Computer Name = JULIE-O7W2BN5SI | Source = MPSampleSubmission | ID = 5000
Description =

Error - 10/25/2009 9:12:35 AM | Computer Name = JULIE-O7W2BN5SI | Source = Application Error | ID = 1000
Description = Faulting application mrt.exe, version 0.0.0.0, faulting module , version
0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 10/24/2009 11:08:51 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010
Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register
with DCOM within the required timeout.

Error - 10/24/2009 11:09:25 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 10/24/2009 11:09:57 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010
Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register
with DCOM within the required timeout.

Error - 10/24/2009 11:10:28 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010
Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register
with DCOM within the required timeout.

Error - 10/24/2009 11:11:00 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 10/24/2009 11:11:32 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010
Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register
with DCOM within the required timeout.

Error - 10/24/2009 11:12:03 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010
Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register
with DCOM within the required timeout.

Error - 10/24/2009 11:12:35 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 10/26/2009 9:36:35 PM | Computer Name = JULIE-O7W2BN5SI | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%2

Error - 10/26/2009 9:38:54 PM | Computer Name = JULIE-O7W2BN5SI | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >






Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.42 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 22.49% Memory free
1.22 Gb Paging File | 0.81 Gb Available in Paging File | 66.07% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 99.44 Gb Free Space | 88.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1006.92 Mb Total Space | 1006.92 Mb Free Space | 100.00% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JULIE-O7W2BN5SI
Current User Name: Julie Ross
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/26 21:43:31 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Julie Ross\Desktop\OTL.exe
PRC - [2009/10/25 10:31:58 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/25 10:31:57 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/31 17:37:31 | 00,123,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\SymcPCCULaunchSvc.exe
PRC - [2009/08/24 18:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\ccSvcHst.exe
PRC - [2009/08/22 03:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/05/26 21:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/19 14:18:47 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/05/09 20:24:16 | 00,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1157510312\ee\aolsoftware.exe
PRC - [2005/09/30 20:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2003/09/23 02:20:02 | 00,049,152 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
PRC - [2003/09/23 02:01:40 | 00,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
PRC - [2003/09/23 01:42:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2003/09/23 01:37:18 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2001/08/17 18:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\devldr32.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2009/10/25 10:31:57 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/08/31 17:37:31 | 00,123,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher [Auto | Running])
SRV - [2009/08/24 18:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\ccSvcHst.exe -- (ccJobMgr [Unknown | Running])
SRV - [2009/08/22 03:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/09/30 20:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2003/09/23 01:42:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])

========== Modules (SafeList) ==========

MOD - [2009/10/26 21:43:31 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Julie Ross\Desktop\OTL.exe
MOD - [2009/08/22 03:28:14 | 00,419,696 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\16.7.2.11\ASOEHOOK.DLL
MOD - [2009/07/24 11:07:00 | 00,089,600 | -HS- | M] () -- C:\WINDOWS\System32\hahohetu.dll
MOD - [2009/07/21 19:48:17 | 00,090,112 | -HS- | M] () -- C:\WINDOWS\System32\dewezuwa.dll
MOD - [2009/07/17 15:01:06 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL.DLL
MOD - [2008/05/13 10:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2008/04/13 20:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 20:12:02 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntshrui.dll
MOD - [2008/04/13 20:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mslbui.dll
MOD - [2008/04/13 20:11:56 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\LINKINFO.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-861567501-1060284298-274436499-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKU\S-1-5-21-861567501-1060284298-274436499-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-861567501-1060284298-274436499-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-861567501-1060284298-274436499-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
IE - HKU\S-1-5-21-861567501-1060284298-274436499-1003\S-1-5-21-861567501-1060284298-274436499-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.comcast.net"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\firefox\extensions\\{A9A05615-D954-475F-9A68-B06BA9A55E2E}: C:\Documents and Settings\Julie Ross\Local Settings\Application Data\{A9A05615-D954-475F-9A68-B06BA9A55E2E} [2008/12/23 15:59:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/25 10:32:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/24 19:30:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/21 21:26:13 | 00,000,000 | ---D | M]

[2008/12/05 22:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Extensions
[2008/12/05 22:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/01/16 21:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Firefox\Profiles\6znh2z4v.mac\extensions
[2005/11/04 15:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Firefox\Profiles\hjlx0jzk.default\extensions
[2005/11/04 15:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Firefox\Profiles\hjlx0jzk.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/26 21:36:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/13 10:14:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/25 10:32:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/13 10:14:19 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/13 10:14:19 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2004/11/12 23:36:20 | 00,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2009/10/25 10:31:59 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/13 10:14:24 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/14 23:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/12/18 05:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/03/24 20:21:00 | 02,889,088 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2004/02/20 16:14:09 | 00,176,177 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/07/22 19:11:41 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/22 19:11:41 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/22 19:11:41 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/22 19:11:41 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/22 19:11:41 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 09:49:59 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml
[2009/07/22 19:11:41 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/22 19:11:41 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {368a612f-7a26-4e53-98d0-70e2b23d893d} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-861567501-1060284298-274436499-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-1060284298-274436499-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-1060284298-274436499-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [bemobigoj] C:\WINDOWS\System32\hahohetu.DLL ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157510312\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [Lexmark X6100 Series] C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-861567501-1060284298-274436499-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-861567501-1060284298-274436499-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-861567501-1060284298-274436499-1003..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AirPlus.exe (D-Link)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-861567501-1060284298-274436499-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-861567501-1060284298-274436499-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-861567501-1060284298-274436499-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-1060284298-274436499-1003_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-861567501-1060284298-274436499-1003_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-861567501-1060284298-274436499-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab (Microsoft ProgressBar Control, version 5.0 (SP2))
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} http://asp.mathxl.com/applets/PearsonInstallAsst.cab (PearsonAsstX Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab (cpbrkpie Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.15.44/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\yumikedi.dll) - C:\WINDOWS\System32\yumikedi.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\dewezuwa.dll) - C:\WINDOWS\System32\dewezuwa.dll ()
O20 - AppInit_DLLs: (gijoyeri.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\hahohetu.dll) - C:\WINDOWS\System32\hahohetu.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: hemisajeb - {2ab26149-16c4-4480-9c20-aa489e9dbced} - C:\WINDOWS\System32\hahohetu.dll ()
O21 - SSODL: hurekiyat - {23819cce-cc61-41b1-b4d6-deeba8fd1fab} - C:\WINDOWS\System32\hahohetu.dll ()
O21 - SSODL: meguyuhaf - {ec211094-5375-4bfb-81a1-8ce393cefa5a} - C:\WINDOWS\System32\dewezuwa.dll ()
O21 - SSODL: runikumus - {66b9d25d-9869-40d8-b5ad-fde117d2b3be} - C:\WINDOWS\System32\yumikedi.dll File not found
O21 - SSODL: votoyafit - {2d9e134d-b863-479f-8bdc-0f801aebf55d} - C:\WINDOWS\System32\hahohetu.dll ()
O21 - SSODL: yesehuyeg - {3a74ea6a-07b4-47c0-80dd-0cf3d8657570} - C:\WINDOWS\System32\hahohetu.dll ()
O21 - SSODL: zuzurolil - {2cefa6ac-6cad-4aa4-9c0d-56fad940dd1d} - C:\WINDOWS\System32\hahohetu.dll ()
O22 - SharedTaskScheduler: {23819cce-cc61-41b1-b4d6-deeba8fd1fab} - kupuhivus - C:\WINDOWS\System32\hahohetu.dll ()
O22 - SharedTaskScheduler: {2ab26149-16c4-4480-9c20-aa489e9dbced} - mujuzedij - C:\WINDOWS\System32\hahohetu.dll ()
O22 - SharedTaskScheduler: {2cefa6ac-6cad-4aa4-9c0d-56fad940dd1d} - kupuhivus - C:\WINDOWS\System32\hahohetu.dll ()
O22 - SharedTaskScheduler: {2d9e134d-b863-479f-8bdc-0f801aebf55d} - jugezatag - C:\WINDOWS\System32\hahohetu.dll ()
O22 - SharedTaskScheduler: {3a74ea6a-07b4-47c0-80dd-0cf3d8657570} - mujuzedij - C:\WINDOWS\System32\hahohetu.dll ()
O22 - SharedTaskScheduler: {66b9d25d-9869-40d8-b5ad-fde117d2b3be} - kupuhivus - C:\WINDOWS\System32\yumikedi.dll File not found
O22 - SharedTaskScheduler: {ec211094-5375-4bfb-81a1-8ce393cefa5a} - mujuzedij - C:\WINDOWS\System32\dewezuwa.dll ()
O24 - Desktop Components:0 () - https://pulse.clarian.org/clarian/layoutTem...s/header-bg.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/10 10:07:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/10/20 18:49:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\04849934
[2009/10/24 11:07:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\20314818
[2009/10/21 19:48:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\44229829
[2009/10/19 18:49:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\66154527
[2009/10/20 06:49:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\71315421
[2009/10/25 13:07:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/24 18:42:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Application Data\COMCASTTOOLBAR
[2009/10/25 12:32:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Application Data\SUPERAntiSpyware.com
[2009/10/25 13:17:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Application Data\Tific
[2009/10/25 13:17:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\Tific
[2009/10/25 12:30:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/25 09:18:21 | 00,000,000 | ---D | C] -- C:\Program Files\Adware Professional
[2009/10/25 10:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/25 10:31:48 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/10/25 13:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/25 13:16:47 | 00,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup
[2009/10/25 12:32:00 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/25 09:29:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/26 21:43:10 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Julie Ross\Desktop\OTL.exe
[2009/10/25 17:06:45 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Julie Ross\Desktop\RootRepeal.exe
[2009/10/25 13:16:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200000.092
[2009/10/25 13:16:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup
[2009/10/25 13:07:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/25 13:07:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/25 12:27:06 | 00,000,000 | ---D | C] -- C:\Mike
[2009/10/25 11:58:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/10/25 07:35:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/10/24 18:45:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/10/24 18:20:42 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/21 21:19:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Desktop\PC Fix by Mike
[2009/10/13 09:21:54 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF

========== Files - Modified Within 14 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[8 C:\Documents and Settings\Julie Ross\My Documents\*.tmp files]
[2009/10/26 22:00:39 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\gokunike
[2009/10/26 22:00:02 | 00,000,348 | ---- | M] () -- C:\WINDOWS\tasks\kboeuqyx.job
[2009/10/26 22:00:01 | 00,000,320 | ---- | M] () -- C:\WINDOWS\tasks\jegdszug.job
[2009/10/26 21:43:31 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Julie Ross\Desktop\OTL.exe
[2009/10/26 21:39:08 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\hamehalu.dll
[2009/10/26 21:36:53 | 00,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/26 21:35:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/26 21:35:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/26 21:35:22 | 53,633,4336 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/25 17:06:45 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Julie Ross\Desktop\RootRepeal.exe
[2009/10/25 17:01:25 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Julie Ross\Desktop\dds.scr
[2009/10/25 13:17:06 | 00,001,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.lnk
[2009/10/25 13:09:34 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/25 13:05:45 | 00,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/25 12:45:09 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\IconCache.db
[2009/10/25 12:32:09 | 00,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\sas.exe.lnk
[2009/10/25 12:24:12 | 02,383,047 | ---- | M] () -- C:\MGtools.exe
[2009/10/25 11:59:09 | 00,000,737 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/25 11:59:09 | 00,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/25 11:59:09 | 00,000,211 | -H-- | M] () -- C:\boot.ini
[2009/10/25 11:08:07 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\yitefuko.dll
[2009/10/25 11:08:06 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\raramuge.exe
[2009/10/25 11:08:06 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\lodivoyo.dll
[2009/10/25 10:20:07 | 00,001,557 | ---- | M] () -- C:\Documents and Settings\Julie Ross\Desktop\CCleaner.lnk
[2009/10/25 09:29:35 | 00,001,743 | ---- | M] () -- C:\Documents and Settings\Julie Ross\Desktop\HijackThis.lnk
[2009/10/25 07:37:39 | 00,670,218 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/10/24 19:54:46 | 00,000,006 | ---- | M] () -- C:\WINDOWS\System32\ClassU
[2009/10/24 19:54:46 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\Band4
[2009/10/24 11:06:53 | 00,000,058 | ---- | M] () -- C:\WINDOWS\wp4.dat
[2009/10/24 11:06:53 | 00,000,001 | ---- | M] () -- C:\WINDOWS\wp3.dat
[2009/10/21 21:54:30 | 00,010,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/10/19 18:50:31 | 00,000,092 | ---- | M] () -- C:\WINDOWS\System32\wwp.htm
[2009/10/19 11:24:06 | 00,000,548 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2009/10/19 10:03:45 | 00,001,982 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/10/16 03:24:59 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\cchpx86.sys
[2009/10/16 03:24:51 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\isolate.ini

========== Files - No Company Name ==========
[2009/10/26 21:39:08 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\hamehalu.dll
[2009/10/25 17:01:24 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Desktop\dds.scr
[2009/10/25 13:17:06 | 00,001,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.lnk
[2009/10/25 13:16:47 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200000.092\isolate.ini
[2009/10/25 13:07:11 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/25 13:05:44 | 00,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/25 12:46:22 | 53,633,4336 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/25 12:32:09 | 00,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\sas.exe.lnk
[2009/10/25 12:24:08 | 02,383,047 | ---- | C] () -- C:\MGtools.exe
[2009/10/25 11:08:06 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\yitefuko.dll
[2009/10/25 11:08:06 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\raramuge.exe
[2009/10/25 11:08:06 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\lodivoyo.dll
[2009/10/25 10:20:06 | 00,001,557 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Desktop\CCleaner.lnk
[2009/10/25 09:29:34 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Desktop\HijackThis.lnk
[2009/10/24 19:54:46 | 00,000,006 | ---- | C] () -- C:\WINDOWS\System32\ClassU
[2009/10/24 19:54:46 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\Band4
[2009/10/21 21:14:06 | 00,010,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/10/19 18:50:42 | 00,000,058 | ---- | C] () -- C:\WINDOWS\wp4.dat
[2009/10/19 18:50:42 | 00,000,001 | ---- | C] () -- C:\WINDOWS\wp3.dat
[2009/10/19 18:50:31 | 00,000,092 | ---- | C] () -- C:\WINDOWS\System32\wwp.htm
[2009/07/24 11:07:00 | 00,089,600 | -HS- | C] () -- C:\WINDOWS\System32\hahohetu.dll
[2009/07/24 11:07:00 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\zeginizo.dll
[2009/07/21 19:48:50 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\vayihufi.dll
[2009/07/21 19:48:50 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\libetuka.dll
[2009/07/21 19:48:19 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\wotitiha.dll
[2009/07/21 19:48:17 | 00,090,112 | -HS- | C] () -- C:\WINDOWS\System32\dewezuwa.dll
[2009/07/21 19:48:17 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\semasowa.dll
[2009/07/20 18:49:20 | 00,090,112 | -HS- | C] () -- C:\WINDOWS\System32\tuhipulo.dll
[2009/01/24 15:44:37 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/23 15:46:39 | 00,002,710 | ---- | C] () -- C:\WINDOWS\System32\TDSSxnpr.dll
[2008/12/23 15:46:31 | 00,035,840 | ---- | C] () -- C:\WINDOWS\System32\TDSSkfkl.dll
[2008/12/23 15:35:27 | 00,412,227 | -HS- | C] () -- C:\WINDOWS\System32\GffMUvut.ini2
[2008/12/23 15:35:27 | 00,412,227 | -HS- | C] () -- C:\WINDOWS\System32\GffMUvut.ini
[2007/03/10 00:48:24 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/10/11 10:40:03 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/21 00:51:25 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/09/05 22:36:04 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/20 20:11:13 | 00,000,249 | ---- | C] () -- C:\WINDOWS\SimPark.ini
[2006/06/06 15:13:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2006/01/20 12:39:55 | 00,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/01/20 12:39:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/01/20 12:31:03 | 00,000,936 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/01/19 18:18:10 | 00,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2006/01/19 18:18:09 | 00,000,047 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2006/01/19 18:16:05 | 00,000,321 | ---- | C] () -- C:\WINDOWS\System32\cosmo.ini
[2006/01/19 18:15:45 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\sx83p32.dll
[2006/01/19 18:15:08 | 00,150,016 | ---- | C] () -- C:\WINDOWS\CRLASP95.DLL
[2006/01/19 18:13:51 | 00,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2006/01/19 18:12:23 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2006/01/19 18:12:22 | 00,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2006/01/04 13:59:01 | 00,000,198 | ---- | C] () -- C:\WINDOWS\DLCS.INI
[2006/01/02 19:04:15 | 00,000,733 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/12/31 15:33:03 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/31 15:17:45 | 00,000,327 | ---- | C] () -- C:\WINDOWS\PSTUDIO.INI
[2005/12/31 15:16:31 | 00,206,336 | ---- | C] () -- C:\WINDOWS\PCDLIB32.DLL
[2005/12/15 20:34:49 | 00,082,768 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/11/10 21:06:49 | 00,000,077 | ---- | C] () -- C:\WINDOWS\KA.INI
[2005/11/10 20:14:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/11/04 16:57:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Application Data\dm.ini
[2005/11/04 16:57:03 | 00,000,879 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Application Data\AdobeDLM.log
[2005/11/03 11:48:49 | 00,000,007 | ---- | C] () -- C:\WINDOWS\offnm.ini
[2005/11/02 22:13:00 | 00,001,935 | ---- | C] () -- C:\WINDOWS\b9b9a5bd6632124470370a10375acc86.ini
[2005/11/02 22:11:38 | 00,090,112 | ---- | C] () -- C:\WINDOWS\libbz2.dll
[2005/11/02 22:11:38 | 00,000,148 | ---- | C] () -- C:\WINDOWS\Fnynlvks.ini
[2005/11/02 22:09:43 | 00,000,417 | ---- | C] () -- C:\WINDOWS\tuptr.dll
[2005/10/25 09:09:28 | 00,000,029 | ---- | C] () -- C:\WINDOWS\RRK.INI
[2005/10/25 09:06:22 | 00,000,603 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2005/10/25 09:05:18 | 00,000,112 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/10/18 20:02:14 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/10/10 12:22:59 | 04,240,656 | -H-- | C] () -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\IconCache.db
[2005/10/10 12:16:01 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Julie Ross\Application Data\desktop.ini
[2005/10/10 11:59:25 | 00,000,548 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/10/10 11:59:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL
[2005/10/10 11:59:02 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll
[2005/10/10 11:58:45 | 00,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini
[2005/10/10 04:54:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/03/31 08:00:00 | 00,000,737 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 08:00:00 | 00,000,243 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/10/25 13:07:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/21 21:01:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\04849934
[2009/10/24 12:15:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\20314818
[2009/10/21 21:01:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\44229829
[2009/10/21 21:01:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\66154527
[2009/10/21 21:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\71315421
[2005/11/03 23:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdDestroyer
[2005/10/10 11:59:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/08/18 22:06:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2005/12/09 15:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/10/25 13:16:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/10/25 13:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/01/24 12:31:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/10/21 21:56:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/01/24 10:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/10/21 21:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/02/13 19:18:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2005/11/03 21:17:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VBouncer
[2008/12/28 19:03:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/10/10 04:54:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2009/10/25 13:17:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Julie Ross\Application Data
[2009/10/24 18:44:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\COMCASTTOOLBAR
[2009/10/26 21:56:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\DNA
[2007/04/24 01:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\MSN6
[2007/07/30 17:54:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\SBTT
[2009/10/25 13:17:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\Tific
[2007/06/11 22:26:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\Viewpoint
[2007/06/25 14:38:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2007/06/26 19:46:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\COMCASTTOOLBAR
[2008/12/26 15:50:24 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Mackenzie\Application Data
[2008/12/26 15:59:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mackenzie\Application Data\COMCASTTOOLBAR
[2007/04/26 20:15:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mackenzie\Application Data\MSN6
[2007/12/24 10:57:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Mallory Ross\Application Data
[2007/04/27 18:29:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mallory Ross\Application Data\MSN6
[2007/05/23 21:49:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Myles Ross\Application Data
[2007/05/23 21:49:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Myles Ross\Application Data\COMCASTTOOLBAR
[2005/10/10 10:12:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2003/03/31 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/26 22:00:01 | 00,000,320 | ---- | M] () -- C:\WINDOWS\Tasks\jegdszug.job
[2009/10/26 22:00:02 | 00,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\kboeuqyx.job
[2009/10/26 21:35:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*.exe >
[2009/10/25 12:24:12 | 02,383,047 | ---- | M] () -- C:\MGtools.exe

< %systemroot%\system32\drivers\*.sys >
[2008/04/13 14:36:35 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys
[2003/03/31 08:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpiec.sys
[2008/04/13 12:39:23 | 00,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys
[2008/08/14 06:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 14:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys
[2008/04/13 14:36:39 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agpcpq.sys
[2008/04/13 14:36:38 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\alim1541.sys
[2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys
[2008/04/13 14:31:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008/04/13 14:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys
[2003/04/30 10:07:16 | 00,320,160 | ---- | M] (D-Link) -- C:\WINDOWS\system32\drivers\ar5211.sys
[2008/04/13 14:51:25 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arp1394.sys
[2008/04/13 14:57:27 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008/04/13 14:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:29:29 | 00,056,623 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1btxx.sys
[2004/08/04 01:29:29 | 00,011,615 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1mdxx.sys
[2004/08/04 01:29:29 | 00,012,047 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1pdxx.sys
[2004/08/04 01:29:30 | 00,030,671 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1raxx.sys
[2004/08/04 01:29:30 | 00,063,663 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1rvxx.sys
[2004/08/04 01:29:31 | 00,026,367 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1snxx.sys
[2004/08/04 01:29:31 | 00,021,343 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1ttxx.sys
[2004/08/04 01:29:31 | 00,036,463 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1tuxx.sys
[2004/08/04 01:29:31 | 00,029,455 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xbxx.sys
[2004/08/04 01:29:31 | 00,034,735 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xsxx.sys
[2004/08/04 01:29:26 | 00,327,040 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys
[2004/08/04 01:29:26 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2004/08/04 01:29:27 | 00,057,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinbtxx.sys
[2004/08/04 01:29:28 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinmdxx.sys
[2004/08/04 01:29:29 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinpdxx.sys
[2004/08/04 01:29:29 | 00,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinraxx.sys
[2004/08/04 01:29:30 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinrvxx.sys
[2004/08/04 01:29:30 | 00,028,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinsnxx.sys
[2004/08/04 01:29:30 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinttxx.sys
[2004/08/04 01:29:31 | 00,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atintuxx.sys
[2004/08/04 01:29:31 | 00,031,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxbxx.sys
[2004/08/04 01:29:31 | 00,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxsxx.sys
[2008/04/13 14:51:25 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2003/03/31 08:00:00 | 00,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008/04/13 14:51:30 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmlane.sys
[2003/03/31 08:00:00 | 00,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmuni.sys
[2001/08/17 09:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys
[2003/03/31 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\beep.sys
[2008/04/13 14:53:23 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bridge.sys
[2008/04/13 14:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys
[2008/04/13 14:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys
[2008/04/13 14:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys
[2008/06/13 07:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys
[2008/04/13 14:46:31 | 00,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthprint.sys
[2008/04/13 14:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys
[2003/03/31 08:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2003/03/31 08:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008/04/13 15:14:21 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdfs.sys
[2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys
[2003/03/31 08:00:00 | 00,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008/04/13 15:16:22 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\classpnp.sys
[2003/03/31 08:00:00 | 00,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2008/04/13 14:31:32 | 00,036,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\crusoe.sys
[2001/08/17 08:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys
[2001/08/17 08:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys
[2008/04/13 14:40:47 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 14:40:44 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\diskdump.sys
[2005/07/01 16:48:42 | 00,043,008 | ---- | M] (D-Link ) -- C:\WINDOWS\system32\drivers\dlkfet5b.sys
[2008/04/13 14:44:48 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008/04/13 14:44:46 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys
[2003/03/31 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys
[2008/04/13 14:45:01 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dmusic.sys
[2008/04/13 14:45:14 | 00,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmk.sys
[2008/04/13 14:45:13 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2003/03/31 08:00:00 | 00,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxapi.sys
[2008/04/13 14:38:29 | 00,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxg.sys
[2003/03/31 08:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2001/08/17 08:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys
[2001/08/17 08:12:32 | 00,016,074 | ---- | M] (NETGEAR Corp.) -- C:\WINDOWS\system32\drivers\FA312nd5.sys
[2008/04/13 15:14:29 | 00,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fastfat.sys
[2008/04/13 14:40:25 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys
[2008/04/13 14:33:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fips.sys
[2008/04/13 14:40:25 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008/04/13 14:32:59 | 00,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2003/03/31 08:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys
[2003/03/31 08:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2003/03/31 08:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2008/04/13 14:36:40 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys
[2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys
[2008/04/13 14:45:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gckernel.sys
[2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2008/04/13 14:46:30 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbth.sys
[2008/04/13 14:45:26 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008/04/13 14:45:26 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidir.sys
[2008/04/13 14:45:22 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidparse.sys
[2001/08/17 15:02:50 | 00,002,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys
[2008/04/13 14:45:27 | 00,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys
[2004/08/04 01:41:46 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2004/08/04 01:41:48 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2004/08/04 01:41:54 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2008/04/13 14:53:53 | 00,264,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys
[2008/04/13 15:18:00 | 00,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2008/04/13 14:40:58 | 00,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys
[2008/04/13 14:40:29 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelide.sys
[2008/04/13 14:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008/04/13 14:53:34 | 00,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2003/03/31 08:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008/04/13 14:57:07 | 00,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008/04/13 14:57:15 | 00,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008/04/13 15:19:42 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008/04/13 14:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irbus.sys
[2008/04/13 14:54:28 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys
[2008/04/13 14:36:41 | 00,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008/04/13 14:39:47 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys
[2008/04/13 14:45:09 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008/04/13 15:16:36 | 00,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ks.sys
[2009/06/24 07:18:41 | 00,092,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2003/03/31 08:00:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mcd.sys
[2005/10/10 11:44:03 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\system32\drivers\mcstrm.sys
[2004/08/04 01:41:55 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2008/04/13 14:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys
[2003/03/31 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008/04/13 15:00:19 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\modem.sys
[2008/04/13 14:39:47 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys
[2003/03/31 08:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys
[2008/04/13 14:39:46 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2008/04/13 14:39:44 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys
[2008/04/13 14:32:44 | 00,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2008/10/24 07:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008/04/13 14:32:39 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfs.sys
[2008/04/13 14:56:32 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys
[2008/04/13 14:39:52 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2008/04/13 14:39:50 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspclock.sys
[2008/04/13 14:39:51 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspqm.sys
[2008/04/13 14:36:46 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2004/08/04 01:41:38 | 00,126,686 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2004/08/04 01:41:37 | 01,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2004/08/04 01:29:36 | 00,452,736 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2008/04/13 15:17:05 | 00,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mup.sys
[2008/04/13 14:43:55 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2008/04/13 15:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys
[2008/04/13 14:57:27 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008/04/13 14:55:58 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008/04/13 15:20:42 | 00,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2008/04/13 14:57:29 | 00,040,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008/04/13 14:56:02 | 00,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys
[2008/04/13 15:21:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/13 14:51:25 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nic1394.sys
[2003/03/31 08:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008/04/13 14:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys
[2008/04/13 14:32:39 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\npfs.sys
[2008/04/13 15:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/04 01:41:39 | 00,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2003/03/31 08:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\null.sys
[2004/08/04 01:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2003/03/31 08:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2003/03/31 08:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008/04/13 14:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2003/03/31 08:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2003/03/31 08:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008/04/13 14:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwrdr.sys
[2003/03/31 08:00:00 | 00,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008/04/13 14:31:31 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\p3.sys
[2008/04/13 14:40:10 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys
[2008/04/13 14:40:49 | 00,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\partmgr.sys
[2003/03/31 08:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008/04/13 14:36:44 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys
[2008/04/13 14:40:29 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008/04/13 14:36:43 | 00,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2008/04/13 15:19:41 | 00,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\portcls.sys
[2002/03/26 23:22:10 | 00,050,688 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\drivers\PRISMNDS.sys
[2008/04/13 14:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys
[2008/04/13 14:56:38 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys
[2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys
[2003/03/31 08:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008/04/13 15:19:43 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008/04/13 14:57:32 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008/04/13 15:19:48 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys
[2003/03/31 08:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys
[2003/03/31 08:00:00 | 00,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008/04/13 15:28:39 | 00,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys
[2003/03/31 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008/04/13 14:32:51 | 00,196,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2008/04/13 20:13:22 | 00,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/04 01:41:39 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\recagent.sys
[2008/04/13 14:40:27 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys
[2008/04/13 14:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2003/03/31 08:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2003/03/31 08:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\riodrv.sys
[2008/05/08 10:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008/04/13 14:56:49 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008/04/13 14:56:49 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2003/03/31 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2004/08/04 01:29:51 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2008/04/13 14:40:30 | 00,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008/04/13 14:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
[2008/04/13 14:40:12 | 00,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys
[2008/04/13 15:15:45 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys
[2008/04/13 14:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008/04/13 14:40:48 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008/04/13 14:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008/04/13 14:40:48 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2001/08/17 08:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys
[2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys
[2004/08/04 01:41:40 | 00,129,535 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2004/08/04 01:41:42 | 00,404,990 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slntamr.sys
[2004/08/04 01:41:44 | 00,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnthal.sys
[2004/08/04 01:41:45 | 00,013,240 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2008/04/13 14:36:34 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smbali.sys
[2003/03/31 08:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smclib.sys
[2008/04/13 14:46:07 | 00,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2008/04/13 14:45:07 | 00,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys
[2008/04/13 14:36:52 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys
[2008/12/11 06:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2008/04/13 14:45:15 | 00,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\stream.sys
[2008/04/13 14:39:53 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys
[2008/04/13 14:45:09 | 00,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys
[2009/08/20 15:19:54 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[2009/08/18 15:11:17 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys
[2008/04/13 15:15:55 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008/04/13 14:40:50 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tape.sys
[2008/06/20 07:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 07:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008/04/13 15:00:05 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdi.sys
[2008/04/13 20:13:20 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2008/04/13 20:13:21 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008/04/13 20:13:20 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys
[2003/03/31 08:00:00 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2003/03/31 08:00:00 | 00,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008/04/13 14:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008/04/13 14:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys
[2008/04/13 14:32:36 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\udfs.sys
[2008/04/13 14:39:46 | 00,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys
[2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2008/04/13 14:45:40 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008/04/13 14:45:41 | 00,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2008/04/13 14:45:39 | 00,032,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2003/03/31 08:00:00 | 00,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbd.sys
[2008/04/13 14:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008/04/13 14:45:37 | 00,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008/04/13 14:45:43 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbintel.sys
[2001/05/07 06:56:02 | 00,019,805 | R--- | M] (Thesycon GmbH, Germany) -- C:\WINDOWS\system32\drivers\usbio.sys
[2008/04/13 14:45:36 | 00,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbport.sys
[2008/04/13 14:47:37 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbprint.sys
[2008/04/13 14:45:34 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008/04/13 14:45:38 | 00,026,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 14:45:35 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys
[2008/04/13 14:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2003/03/31 08:00:00 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008/04/13 14:44:40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys
[2008/04/13 14:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys
[2008/04/13 14:44:40 | 00,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008/04/13 14:41:01 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\volsnap.sys
[2008/04/13 14:43:55 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wacompen.sys
[2004/08/04 01:29:38 | 00,011,807 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv07nt.sys
[2004/08/04 01:29:39 | 00,011,295 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv08nt.sys
[2004/08/04 01:29:40 | 00,011,871 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv09nt.sys
[2004/08/04 01:29:40 | 00,011,935 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2008/04/13 14:57:21 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys
[2004/08/04 01:29:44 | 00,022,271 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv06nt.sys
[2004/08/04 01:29:45 | 00,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv10nt.sys
[2008/04/13 15:17:18 | 00,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2003/03/31 08:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmilib.sys
[2005/01/28 14:44:28 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2003/03/31 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512B5648
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:20 PM

Posted 27 October 2009 - 07:13 AM

No problem helping a Hoosier... til basketball season. :(


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2009/07/24 11:07:00 | 00,089,600 | -HS- | M] () -- C:\WINDOWS\System32\hahohetu.dll
    MOD - [2009/07/21 19:48:17 | 00,090,112 | -HS- | M] () -- C:\WINDOWS\System32\dewezuwa.dll
    O2 - BHO: (no name) - {368a612f-7a26-4e53-98d0-70e2b23d893d} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-861567501-1060284298-274436499-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
    O3 - HKU\S-1-5-21-861567501-1060284298-274436499-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKLM..\Run: [bemobigoj] C:\WINDOWS\System32\hahohetu.DLL ()
    O20 - AppInit_DLLs: (c:\windows\system32\yumikedi.dll) - C:\WINDOWS\System32\yumikedi.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\dewezuwa.dll) - C:\WINDOWS\System32\dewezuwa.dll ()
    O20 - AppInit_DLLs: (gijoyeri.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\hahohetu.dll) - C:\WINDOWS\System32\hahohetu.dll ()
    O21 - SSODL: hemisajeb - {2ab26149-16c4-4480-9c20-aa489e9dbced} - C:\WINDOWS\System32\hahohetu.dll ()
    O21 - SSODL: hurekiyat - {23819cce-cc61-41b1-b4d6-deeba8fd1fab} - C:\WINDOWS\System32\hahohetu.dll ()
    O21 - SSODL: meguyuhaf - {ec211094-5375-4bfb-81a1-8ce393cefa5a} - C:\WINDOWS\System32\dewezuwa.dll ()
    O21 - SSODL: runikumus - {66b9d25d-9869-40d8-b5ad-fde117d2b3be} - C:\WINDOWS\System32\yumikedi.dll File not found
    O21 - SSODL: votoyafit - {2d9e134d-b863-479f-8bdc-0f801aebf55d} - C:\WINDOWS\System32\hahohetu.dll ()
    O21 - SSODL: yesehuyeg - {3a74ea6a-07b4-47c0-80dd-0cf3d8657570} - C:\WINDOWS\System32\hahohetu.dll ()
    O21 - SSODL: zuzurolil - {2cefa6ac-6cad-4aa4-9c0d-56fad940dd1d} - C:\WINDOWS\System32\hahohetu.dll ()
    O22 - SharedTaskScheduler: {23819cce-cc61-41b1-b4d6-deeba8fd1fab} - kupuhivus - C:\WINDOWS\System32\hahohetu.dll ()
    O22 - SharedTaskScheduler: {2ab26149-16c4-4480-9c20-aa489e9dbced} - mujuzedij - C:\WINDOWS\System32\hahohetu.dll ()
    O22 - SharedTaskScheduler: {2cefa6ac-6cad-4aa4-9c0d-56fad940dd1d} - kupuhivus - C:\WINDOWS\System32\hahohetu.dll ()
    O22 - SharedTaskScheduler: {2d9e134d-b863-479f-8bdc-0f801aebf55d} - jugezatag - C:\WINDOWS\System32\hahohetu.dll ()
    O22 - SharedTaskScheduler: {3a74ea6a-07b4-47c0-80dd-0cf3d8657570} - mujuzedij - C:\WINDOWS\System32\hahohetu.dll ()
    O22 - SharedTaskScheduler: {66b9d25d-9869-40d8-b5ad-fde117d2b3be} - kupuhivus - C:\WINDOWS\System32\yumikedi.dll File not found
    O22 - SharedTaskScheduler: {ec211094-5375-4bfb-81a1-8ce393cefa5a} - mujuzedij - C:\WINDOWS\System32\dewezuwa.dll ()
    [2009/10/20 18:49:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\04849934
    [2009/10/24 11:07:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\20314818
    [2009/10/21 19:48:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\44229829
    [2009/10/19 18:49:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\66154527
    [2009/10/20 06:49:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\71315421
    [2009/10/26 22:00:39 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\gokunike
    [2009/10/26 22:00:02 | 00,000,348 | ---- | M] () -- C:\WINDOWS\tasks\kboeuqyx.job
    [2009/10/26 22:00:01 | 00,000,320 | ---- | M] () -- C:\WINDOWS\tasks\jegdszug.job
    [2009/10/26 21:39:08 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\hamehalu.dll
    [2009/10/25 11:08:07 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\yitefuko.dll
    [2009/10/25 11:08:06 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\raramuge.exe
    [2009/10/25 11:08:06 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\lodivoyo.dll
    [2009/10/24 11:06:53 | 00,000,058 | ---- | M] () -- C:\WINDOWS\wp4.dat
    [2009/10/24 11:06:53 | 00,000,001 | ---- | M] () -- C:\WINDOWS\wp3.dat
    
    :Files
    C:\WINDOWS\System32\*.tmp
    C:\WINDOWS\*.tmp
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

======================



Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 inderhmr

inderhmr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 27 October 2009 - 04:20 PM

I will try updating and running Maleware bytes now


All processes killed
========== OTL ==========
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hahohetu.dll
C:\WINDOWS\System32\hahohetu.dll NOT unregistered.
C:\WINDOWS\System32\hahohetu.dll moved successfully.
Releasing module c:\windows\system32\hahohetu.dll
DllUnregisterServer procedure not found in C:\WINDOWS\System32\dewezuwa.dll
C:\WINDOWS\System32\dewezuwa.dll NOT unregistered.
C:\WINDOWS\System32\dewezuwa.dll moved successfully.
Releasing module c:\windows\system32\dewezuwa.dll
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{368a612f-7a26-4e53-98d0-70e2b23d893d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{368a612f-7a26-4e53-98d0-70e2b23d893d}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-861567501-1060284298-274436499-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\ not found.
Registry value HKEY_USERS\S-1-5-21-861567501-1060284298-274436499-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bemobigoj deleted successfully.
File C:\WINDOWS\System32\hahohetu.DLL not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\yumikedi.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\dewezuwa.dll deleted successfully.
File C:\WINDOWS\System32\dewezuwa.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:gijoyeri.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\hahohetu.dll deleted successfully.
File C:\WINDOWS\System32\hahohetu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\hemisajeb deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ab26149-16c4-4480-9c20-aa489e9dbced}\ deleted successfully.
File C:\WINDOWS\System32\hahohetu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\hurekiyat deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23819cce-cc61-41b1-b4d6-deeba8fd1fab}\ deleted successfully.
File C:\WINDOWS\System32\hahohetu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\meguyuhaf deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec211094-5375-4bfb-81a1-8ce393cefa5a}\ deleted successfully.
File C:\WINDOWS\System32\dewezuwa.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\runikumus deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66b9d25d-9869-40d8-b5ad-fde117d2b3be}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\votoyafit deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d9e134d-b863-479f-8bdc-0f801aebf55d}\ deleted successfully.
File C:\WINDOWS\System32\hahohetu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\yesehuyeg deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a74ea6a-07b4-47c0-80dd-0cf3d8657570}\ deleted successfully.
File C:\WINDOWS\System32\hahohetu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\zuzurolil deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cefa6ac-6cad-4aa4-9c0d-56fad940dd1d}\ deleted successfully.
File C:\WINDOWS\System32\hahohetu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{23819cce-cc61-41b1-b4d6-deeba8fd1fab} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23819cce-cc61-41b1-b4d6-deeba8fd1fab}\ not found.
File C:\WINDOWS\System32\hahohetu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{2ab26149-16c4-4480-9c20-aa489e9dbced} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ab26149-16c4-4480-9c20-aa489e9dbced}\ not found.
File C:\WINDOWS\System32\hahohetu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{2cefa6ac-6cad-4aa4-9c0d-56fad940dd1d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cefa6ac-6cad-4aa4-9c0d-56fad940dd1d}\ not found.
File C:\WINDOWS\System32\hahohetu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{2d9e134d-b863-479f-8bdc-0f801aebf55d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d9e134d-b863-479f-8bdc-0f801aebf55d}\ not found.
File C:\WINDOWS\System32\hahohetu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{3a74ea6a-07b4-47c0-80dd-0cf3d8657570} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a74ea6a-07b4-47c0-80dd-0cf3d8657570}\ not found.
File C:\WINDOWS\System32\hahohetu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{66b9d25d-9869-40d8-b5ad-fde117d2b3be} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66b9d25d-9869-40d8-b5ad-fde117d2b3be}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{ec211094-5375-4bfb-81a1-8ce393cefa5a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec211094-5375-4bfb-81a1-8ce393cefa5a}\ not found.
File C:\WINDOWS\System32\dewezuwa.dll not found.
C:\Documents and Settings\All Users\Application Data\04849934 moved successfully.
C:\Documents and Settings\All Users\Application Data\20314818 moved successfully.
C:\Documents and Settings\All Users\Application Data\44229829 moved successfully.
C:\Documents and Settings\All Users\Application Data\66154527 moved successfully.
C:\Documents and Settings\All Users\Application Data\71315421 moved successfully.
C:\WINDOWS\System32\gokunike moved successfully.
C:\WINDOWS\tasks\kboeuqyx.job moved successfully.
C:\WINDOWS\tasks\jegdszug.job moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\hamehalu.dll
C:\WINDOWS\System32\hamehalu.dll NOT unregistered.
C:\WINDOWS\System32\hamehalu.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\yitefuko.dll
C:\WINDOWS\System32\yitefuko.dll NOT unregistered.
C:\WINDOWS\System32\yitefuko.dll moved successfully.
C:\WINDOWS\System32\raramuge.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\lodivoyo.dll
C:\WINDOWS\System32\lodivoyo.dll NOT unregistered.
C:\WINDOWS\System32\lodivoyo.dll moved successfully.
C:\WINDOWS\wp4.dat moved successfully.
C:\WINDOWS\wp3.dat moved successfully.
========== FILES ==========
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SETB.tmp moved successfully.
C:\WINDOWS\002357_.tmp moved successfully.
C:\WINDOWS\005865_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET7.tmp moved successfully.
C:\WINDOWS\~ACROBAT.TMP moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Julie Ross
File delete failed. C:\Documents and Settings\Julie Ross\Local Settings\Temp\~DF1981.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Julie Ross\Local Settings\Temp\~DF19F6.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Julie Ross\Local Settings\Temp\~DF1BBE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Julie Ross\Local Settings\Temp\~DF1BDE.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 473707751 bytes
File delete failed. C:\Documents and Settings\Julie Ross\Local Settings\Temporary Internet Files\Content.IE5\AUIT5R2V\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Julie Ross\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 5200520 bytes
->Java cache emptied: 25493434 bytes
->FireFox cache emptied: 52205653 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 1362740 bytes

User: Mackenzie
->Temp folder emptied: 155410 bytes
->Temporary Internet Files folder emptied: 21168066 bytes
->FireFox cache emptied: 72261228 bytes

User: Mackenzie Ross
->Temporary Internet Files folder emptied: 92307005 bytes

User: Mallory Ross
->Temp folder emptied: 3332 bytes
->Temporary Internet Files folder emptied: 4194722 bytes
->FireFox cache emptied: 8447575 bytes

User: Myles Ross
->Temp folder emptied: 61641 bytes
->Temporary Internet Files folder emptied: 246642 bytes

User: NetworkService
->Temp folder emptied: 1940 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 34041 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 179712 bytes
File delete failed. C:\WINDOWS\temp\JETDBD8.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_d8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 232146424 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 943.45 mb


OTL by OldTimer - Version 3.0.22.1 log created on 10272009_162211

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Julie Ross\Local Settings\Temp\~DF1981.tmp not found!
File\Folder C:\Documents and Settings\Julie Ross\Local Settings\Temp\~DF19F6.tmp not found!
File\Folder C:\Documents and Settings\Julie Ross\Local Settings\Temp\~DF1BBE.tmp not found!
File\Folder C:\Documents and Settings\Julie Ross\Local Settings\Temp\~DF1BDE.tmp not found!
C:\Documents and Settings\Julie Ross\Local Settings\Temporary Internet Files\Content.IE5\AUIT5R2V\iframe[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\JETDBD8.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_d8.dat not found!

Registry entries deleted on Reboot...






OTL logfile created on: 10/27/2009 5:04:08 PM - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Julie Ross\Desktop\PC Fix by Mike
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.42 Mb Total Physical Memory | 203.45 Mb Available Physical Memory | 39.78% Memory free
1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.23% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 100.39 Gb Free Space | 89.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1006.92 Mb Total Space | 1006.92 Mb Free Space | 100.00% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JULIE-O7W2BN5SI
Current User Name: Julie Ross
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/26 21:43:31 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Julie Ross\Desktop\PC Fix by Mike\OTL.exe
PRC - [2009/10/25 10:31:58 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/25 10:31:57 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/31 17:37:31 | 00,123,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\SymcPCCULaunchSvc.exe
PRC - [2009/08/24 18:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\ccSvcHst.exe
PRC - [2009/08/22 03:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/05/26 21:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/12/19 14:18:47 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/05/09 20:24:16 | 00,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1157510312\ee\aolsoftware.exe
PRC - [2005/09/30 20:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/09/23 23:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2003/09/23 02:20:02 | 00,049,152 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
PRC - [2003/09/23 02:01:40 | 00,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
PRC - [2003/09/23 01:42:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2003/09/23 01:37:18 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2001/08/17 18:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\devldr32.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2009/10/25 10:31:57 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/08/31 17:37:31 | 00,123,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher [Auto | Running])
SRV - [2009/08/24 18:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.0.146\ccSvcHst.exe -- (ccJobMgr [Unknown | Running])
SRV - [2009/08/22 03:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/09/30 20:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2003/09/23 01:42:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/10/24 04:52:08 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091027.008\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2009/10/24 04:52:08 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/10/24 04:52:08 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2009/10/24 04:52:08 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091027.008\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/10/16 03:24:59 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2009/09/10 16:10:19 | 00,329,080 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091021.001\IDSxpx86.sys -- (IDSxpx86 [System | Running])
DRV - [2009/08/22 03:28:17 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009/08/22 03:28:17 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2009/08/22 03:28:17 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2009/08/22 03:28:17 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2009/08/22 03:28:17 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/08/22 03:28:17 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2009/08/22 03:28:17 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009/08/22 03:28:17 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/08/20 15:19:54 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/08/18 15:11:17 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2009/08/18 15:11:17 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2008/04/13 14:45:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\GcKernel.sys -- (GcKernel [On_Demand | Stopped])
DRV - [2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/10/10 11:44:03 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
DRV - [2005/07/01 16:48:42 | 00,043,008 | ---- | M] (D-Link ) -- C:\WINDOWS\System32\DRIVERS\dlkfet5b.sys -- (FETNDISB [On_Demand | Running])
DRV - [2004/08/04 01:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2003/04/30 10:07:16 | 00,320,160 | ---- | M] (D-Link) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
DRV - [2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/17 15:02:50 | 00,002,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys -- (HIDSwvd [On_Demand | Stopped])
DRV - [2001/08/17 08:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\sfmanm.sys -- (sfman [On_Demand | Running])
DRV - [2001/08/17 08:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Running])
DRV - [2001/08/17 08:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Running])
DRV - [2001/08/17 08:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand | Running])
DRV - [2001/08/17 08:12:32 | 00,016,074 | ---- | M] (NETGEAR Corp.) -- C:\WINDOWS\System32\DRIVERS\FA312nd5.sys -- (FA312 [On_Demand | Running])
DRV - [2001/05/07 06:56:02 | 00,019,805 | R--- | M] (Thesycon GmbH, Germany) -- C:\WINDOWS\System32\Drivers\usbio.sys -- (USBIO [On_Demand | Stopped])

========== Modules (SafeList) ==========

MOD - [2009/10/26 21:43:31 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Julie Ross\Desktop\PC Fix by Mike\OTL.exe
MOD - [2009/08/22 03:28:14 | 00,419,696 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\16.7.2.11\ASOEHOOK.DLL
MOD - [2008/04/13 20:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 20:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mslbui.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.comcast.net"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\firefox\extensions\\{A9A05615-D954-475F-9A68-B06BA9A55E2E}: C:\Documents and Settings\Julie Ross\Local Settings\Application Data\{A9A05615-D954-475F-9A68-B06BA9A55E2E} [2008/12/23 15:59:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/25 10:32:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/24 19:30:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/21 21:26:13 | 00,000,000 | ---D | M]

[2008/12/05 22:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Extensions
[2008/12/05 22:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/01/16 21:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Firefox\Profiles\6znh2z4v.mac\extensions
[2005/11/04 15:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Firefox\Profiles\hjlx0jzk.default\extensions
[2005/11/04 15:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie Ross\Application Data\mozilla\Firefox\Profiles\hjlx0jzk.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/27 17:01:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/13 10:14:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/25 10:32:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/13 10:14:19 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/13 10:14:19 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2004/11/12 23:36:20 | 00,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2009/10/25 10:31:59 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/13 10:14:24 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/14 23:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/12/18 05:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/03/24 20:21:00 | 02,889,088 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2004/02/20 16:14:09 | 00,176,177 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/07/22 19:11:41 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/22 19:11:41 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/22 19:11:41 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/22 19:11:41 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/22 19:11:41 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 09:49:59 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml
[2009/07/22 19:11:41 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/22 19:11:41 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [bemobigoj] C:\WINDOWS\System32\hahohetu.DLL File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157510312\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [Lexmark X6100 Series] C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AirPlus.exe (D-Link)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab (Microsoft ProgressBar Control, version 5.0 (SP2))
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} http://asp.mathxl.com/applets/PearsonInstallAsst.cab (PearsonAsstX Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab (cpbrkpie Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.15.44/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\hahohetu.dll) - C:\WINDOWS\System32\hahohetu.dll File not found
O20 - AppInit_DLLs: (gijoyeri.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\dewezuwa.dll) - C:\WINDOWS\System32\dewezuwa.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: lizoyorur - {7e129636-1c2b-4709-b8d2-30d93f5ba36f} - C:\WINDOWS\System32\hahohetu.dll File not found
O22 - SharedTaskScheduler: {7e129636-1c2b-4709-b8d2-30d93f5ba36f} - gahurihor - C:\WINDOWS\System32\hahohetu.dll File not found
O24 - Desktop Components:0 () - https://pulse.clarian.org/clarian/layoutTem...s/header-bg.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/10 10:07:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/25 13:07:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/24 18:42:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Application Data\COMCASTTOOLBAR
[2009/10/25 12:32:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Application Data\SUPERAntiSpyware.com
[2009/10/25 13:17:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Application Data\Tific
[2009/10/25 13:17:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\Tific
[2009/10/25 12:30:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/25 09:18:21 | 00,000,000 | ---D | C] -- C:\Program Files\Adware Professional
[2009/10/25 10:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/25 10:31:48 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/10/25 13:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/25 13:16:47 | 00,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup
[2009/10/25 12:32:00 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/25 09:29:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
File not found -- C:\WINDOWS\System32\tuhipulo.dll
[2009/10/27 16:22:11 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/25 17:06:45 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Julie Ross\Desktop\RootRepeal.exe
[2009/10/25 13:16:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200000.092
[2009/10/25 13:16:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup
[2009/10/25 13:07:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/25 13:07:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/25 12:27:06 | 00,000,000 | ---D | C] -- C:\Mike
[2009/10/25 11:58:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/10/25 10:32:38 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/25 10:32:37 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/25 10:32:37 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/25 10:32:37 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/25 08:32:38 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/10/25 07:35:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/10/24 19:00:12 | 09,092,032 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Julie Ross\Desktop\windows-kb890830-v3.0.exe
[2009/10/24 18:45:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/10/24 18:37:27 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/10/24 18:37:18 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/10/24 18:20:42 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/21 21:26:13 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/21 21:19:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie Ross\Desktop\PC Fix by Mike
[2009/10/13 09:21:54 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF

========== Files - Modified Within 30 Days ==========

[8 C:\Documents and Settings\Julie Ross\My Documents\*.tmp files]
[2009/10/27 17:05:54 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\gokunike
[2009/10/27 17:02:35 | 00,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/27 17:01:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/27 17:00:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/27 17:00:34 | 53,633,4336 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/27 16:58:37 | 04,252,734 | -H-- | M] () -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\IconCache.db
[2009/10/27 16:24:12 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\rigivika.dll
[2009/10/27 16:24:12 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\rawomuba.dll
[2009/10/27 16:24:12 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\besigaza.dll
[2009/10/25 17:06:45 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Julie Ross\Desktop\RootRepeal.exe
[2009/10/25 17:01:25 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Julie Ross\Desktop\dds.scr
[2009/10/25 13:17:06 | 00,001,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.lnk
[2009/10/25 13:09:34 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/25 13:05:45 | 00,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/25 12:32:09 | 00,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\sas.exe.lnk
[2009/10/25 12:24:12 | 02,383,047 | ---- | M] () -- C:\MGtools.exe
[2009/10/25 11:59:09 | 00,000,737 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/25 11:59:09 | 00,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/25 11:59:09 | 00,000,211 | -H-- | M] () -- C:\boot.ini
[2009/10/25 10:31:56 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/25 10:31:56 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/25 10:31:56 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/25 10:31:56 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/25 10:31:54 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/25 10:20:07 | 00,001,557 | ---- | M] () -- C:\Documents and Settings\Julie Ross\Desktop\CCleaner.lnk
[2009/10/25 09:29:35 | 00,001,743 | ---- | M] () -- C:\Documents and Settings\Julie Ross\Desktop\HijackThis.lnk
[2009/10/25 07:37:39 | 00,670,218 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/10/24 19:54:46 | 00,000,006 | ---- | M] () -- C:\WINDOWS\System32\ClassU
[2009/10/24 19:54:46 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\Band4
[2009/10/24 19:00:13 | 09,092,032 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Julie Ross\Desktop\windows-kb890830-v3.0.exe
[2009/10/21 21:54:30 | 00,010,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/10/19 18:50:31 | 00,000,092 | ---- | M] () -- C:\WINDOWS\System32\wwp.htm
[2009/10/19 11:24:06 | 00,000,548 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2009/10/19 10:03:45 | 00,001,982 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/10/16 03:24:59 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\cchpx86.sys
[2009/10/16 03:24:51 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\isolate.ini
[2009/10/09 17:26:17 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Julie Ross\Desktop\Microsoft Office Word 2003.lnk
[2009/10/06 19:17:02 | 00,772,096 | ---- | M] () -- C:\Documents and Settings\Julie Ross\My Documents\ferret doc.doc
[2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

========== Files - No Company Name ==========
[2009/10/27 16:24:05 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\rigivika.dll
[2009/10/27 16:24:05 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\rawomuba.dll
[2009/10/27 16:24:05 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\besigaza.dll
[2009/10/27 16:23:26 | 00,001,744 | -H-- | C] () -- C:\WINDOWS\System32\gokunike
[2009/10/25 17:01:24 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Desktop\dds.scr
[2009/10/25 13:17:06 | 00,001,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.lnk
[2009/10/25 13:16:47 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200000.092\isolate.ini
[2009/10/25 13:07:11 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/25 13:05:44 | 00,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/25 12:46:22 | 53,633,4336 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/25 12:32:09 | 00,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\sas.exe.lnk
[2009/10/25 12:24:08 | 02,383,047 | ---- | C] () -- C:\MGtools.exe
[2009/10/25 10:20:06 | 00,001,557 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Desktop\CCleaner.lnk
[2009/10/25 09:29:34 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Desktop\HijackThis.lnk
[2009/10/24 19:54:46 | 00,000,006 | ---- | C] () -- C:\WINDOWS\System32\ClassU
[2009/10/24 19:54:46 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\Band4
[2009/10/21 21:14:06 | 00,010,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/10/19 18:50:31 | 00,000,092 | ---- | C] () -- C:\WINDOWS\System32\wwp.htm
[2009/10/06 19:17:01 | 00,772,096 | ---- | C] () -- C:\Documents and Settings\Julie Ross\My Documents\ferret doc.doc
[2009/07/24 11:07:00 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\zeginizo.dll
[2009/07/21 19:48:50 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\vayihufi.dll
[2009/07/21 19:48:50 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\libetuka.dll
[2009/07/21 19:48:19 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\wotitiha.dll
[2009/07/21 19:48:17 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\semasowa.dll
[2009/01/24 15:44:37 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/23 15:46:39 | 00,002,710 | ---- | C] () -- C:\WINDOWS\System32\TDSSxnpr.dll
[2008/12/23 15:46:31 | 00,035,840 | ---- | C] () -- C:\WINDOWS\System32\TDSSkfkl.dll
[2008/12/23 15:35:27 | 00,412,227 | -HS- | C] () -- C:\WINDOWS\System32\GffMUvut.ini2
[2008/12/23 15:35:27 | 00,412,227 | -HS- | C] () -- C:\WINDOWS\System32\GffMUvut.ini
[2007/03/10 00:48:24 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/10/11 10:40:03 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/21 00:51:25 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/09/05 22:36:04 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/20 20:11:13 | 00,000,249 | ---- | C] () -- C:\WINDOWS\SimPark.ini
[2006/06/06 15:13:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2006/01/20 12:39:55 | 00,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/01/20 12:39:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/01/20 12:31:03 | 00,000,936 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/01/19 18:18:10 | 00,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2006/01/19 18:18:09 | 00,000,047 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2006/01/19 18:16:05 | 00,000,321 | ---- | C] () -- C:\WINDOWS\System32\cosmo.ini
[2006/01/19 18:15:45 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\sx83p32.dll
[2006/01/19 18:15:08 | 00,150,016 | ---- | C] () -- C:\WINDOWS\CRLASP95.DLL
[2006/01/19 18:13:51 | 00,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2006/01/19 18:12:23 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2006/01/19 18:12:22 | 00,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2006/01/04 13:59:01 | 00,000,198 | ---- | C] () -- C:\WINDOWS\DLCS.INI
[2006/01/02 19:04:15 | 00,000,733 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/12/31 15:33:03 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/31 15:17:45 | 00,000,327 | ---- | C] () -- C:\WINDOWS\PSTUDIO.INI
[2005/12/31 15:16:31 | 00,206,336 | ---- | C] () -- C:\WINDOWS\PCDLIB32.DLL
[2005/12/15 20:34:49 | 00,082,768 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/11/10 21:06:49 | 00,000,077 | ---- | C] () -- C:\WINDOWS\KA.INI
[2005/11/10 20:14:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/11/04 16:57:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Application Data\dm.ini
[2005/11/04 16:57:03 | 00,000,879 | ---- | C] () -- C:\Documents and Settings\Julie Ross\Application Data\AdobeDLM.log
[2005/11/03 11:48:49 | 00,000,007 | ---- | C] () -- C:\WINDOWS\offnm.ini
[2005/11/02 22:13:00 | 00,001,935 | ---- | C] () -- C:\WINDOWS\b9b9a5bd6632124470370a10375acc86.ini
[2005/11/02 22:11:38 | 00,090,112 | ---- | C] () -- C:\WINDOWS\libbz2.dll
[2005/11/02 22:11:38 | 00,000,148 | ---- | C] () -- C:\WINDOWS\Fnynlvks.ini
[2005/11/02 22:09:43 | 00,000,417 | ---- | C] () -- C:\WINDOWS\tuptr.dll
[2005/10/25 09:09:28 | 00,000,029 | ---- | C] () -- C:\WINDOWS\RRK.INI
[2005/10/25 09:06:22 | 00,000,603 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2005/10/25 09:05:18 | 00,000,112 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/10/18 20:02:14 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/10/10 12:22:59 | 04,252,734 | -H-- | C] () -- C:\Documents and Settings\Julie Ross\Local Settings\Application Data\IconCache.db
[2005/10/10 12:16:01 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Julie Ross\Application Data\desktop.ini
[2005/10/10 11:59:25 | 00,000,548 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/10/10 11:59:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL
[2005/10/10 11:59:02 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll
[2005/10/10 11:58:45 | 00,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini
[2005/10/10 04:54:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/03/31 08:00:00 | 00,000,737 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 08:00:00 | 00,000,243 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512B5648
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:20 PM

Posted 27 October 2009 - 05:34 PM

We're getting there. Once you run Malwarebytes and have it remove whatever it detects, please post a new log from OTL so I can see what's left.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 inderhmr

inderhmr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 30 October 2009 - 07:22 AM

Malwarebytes still would not run, nor would Microsofts anti-maleware.

I had another idea that I should have thought of from the beginning. Took the hard drive out of the infected computer and connected to my good computer through the black box usb connection. Scanned the drive using malwarebytes and removed the viruses. Reinstalled the drive into the original computer and was able to re-run malwarebytes on that bad computer this time. Malwarebytes seemed to clean up the registry some more.

As of now everything seems to be fixed and running again.

Thanks for your help. Go Hoosiers!

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:20 PM

Posted 30 October 2009 - 04:51 PM

Do you not want me to review your log to see if anything is left?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:20 PM

Posted 10 November 2009 - 06:17 PM

Now that your problem appears to be resolved, this topic will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users