Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Status: Hooked by "Lbd.sys" at address 0xf858887e


  • This topic is locked This topic is locked
25 replies to this topic

#1 rraa497

rraa497

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 28 October 2009 - 07:47 PM

I posted this in Am I infected and was helped out. Now I was told to post the information over here.
It all started when the wife downloaded a virus - a "x" with a red circle around it. I tried to run Malwarebytes but I couldn't. I then ran McAfee, Adaware, and Windows Defender and came up with only a couple of things. Then it just got worse! I decided to run a repair install of windows xp and it was going fine until it said that it couldn't find some files. I went back and manually copied them to the hard drive off of my disk. Now I still can't get on the internet, malwarebytes won't work and now when I try to shut down something pops up and says I exceeded my profile storage space and won't let me turn off my computer! Help!

[url="http://www.bleepingcomputer.com/forums/t/266765/cant-run-malwarebytes-cant-get-on-internet-cant-do-anything/"]

Here are all of the logs that I was told to run:


DDS (Ver_09-10-26.01) - NTFSx86
Run by Ryan Renner at 20:00:14.35 on Wed 10/28/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.263 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\proquota.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Ryan Renner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uWindow Title = Windows Internet Explorer provided by Comcast
mWindow Title = Windows Internet Explorer provided by Comcast
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [calc] rundll32.exe c:\docume~1\networ~1\ntuser.dll,_IWMPEvents@0
mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [veyekagar] Rundll32.exe "c:\windows\system32\ropenoya.dll",a
StartupFolder: c:\docume~1\ryanre~1\startm~1\programs\startup\scandisk.lnk - c:\windows\system32\rundll32.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - hxxps://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\kbdnet.dll gewofawu.dll nukubufa.dll c:\windows\system32\ropenoya.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: vojovofig - {e39f8ac8-8edb-4c4e-8ed7-4c3186614a1b} - c:\windows\system32\ropenoya.dll
STS: {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - No File
STS: jugezatag: {e39f8ac8-8edb-4c4e-8ed7-4c3186614a1b} - c:\windows\system32\ropenoya.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli rimomuzo.dll tokivafa.dll mijejabe.dll nukubufa.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-27 64160]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]

=============== Created Last 30 ================

2009-10-28 01:41:58 8173 ----a-w- c:\windows\system32\ncmd.cfxxe
2009-10-28 01:41:58 236544 ----a-w- c:\windows\system32\pev.exe
2009-10-25 14:32:39 135168 ----a-w- c:\windows\system32\igfxres.dll
2009-10-25 14:25:56 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2009-10-25 14:24:59 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2009-10-25 14:23:58 78848 -c--a-w- c:\windows\system32\dllcache\dayi.ime
2009-10-25 14:20:31 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-10-25 14:20:24 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-10-25 14:20:24 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-10-25 14:20:24 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-10-25 14:20:24 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-10-25 14:19:57 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-10-25 14:19:44 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2009-10-25 14:19:40 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2009-10-25 14:19:39 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2009-10-25 01:52:37 0 d-----w- c:\docume~1\alluse~1\applic~1\45272525
2009-10-25 01:16:53 7680 ----a-w- c:\windows\system32\migregdb.exe
2009-10-25 01:10:23 16384 ----a-w- c:\windows\system32\isignup.exe
2009-10-25 01:08:08 32768 ----a-w- c:\windows\system32\icwdl.dll
2009-10-25 01:07:11 20480 ----a-w- c:\windows\system32\inetwiz.exe
2009-10-25 01:06:59 86016 ----a-w- c:\windows\system32\icwconn2.exe
2009-10-25 00:43:31 22339 ----a-r- c:\windows\SETA2.tmp
2009-10-25 00:43:31 10559 ----a-r- c:\windows\SETA3.tmp
2009-10-25 00:43:17 13753 ----a-r- c:\windows\SET6D.tmp
2009-10-25 00:43:14 1086058 ----a-r- c:\windows\SET61.tmp
2009-10-25 00:43:11 1042903 ----a-r- c:\windows\SET5E.tmp
2009-10-24 02:15:39 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-24 02:15:37 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 02:15:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 00:32:37 22339 ----a-r- c:\windows\SETA0.tmp
2009-10-24 00:32:37 10559 ----a-r- c:\windows\SETA1.tmp
2009-10-24 00:32:27 13753 ----a-r- c:\windows\SET6C.tmp
2009-10-24 00:32:24 1086058 ----a-r- c:\windows\SET60.tmp
2009-10-24 00:32:22 1042903 ----a-r- c:\windows\SET5D.tmp
2009-10-23 22:46:42 0 d-----w- c:\docume~1\alluse~1\applic~1\73022519
2009-10-23 22:46:39 0 d-----w- c:\docume~1\alluse~1\applic~1\49525732
2009-10-23 22:44:40 34709 ----a-w- c:\windows\system32\uses32.dat
2009-10-23 22:34:08 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2009-10-23 22:34:08 214528 ----a-w- c:\windows\system32\icwconn1.exe
2009-10-23 17:06:54 22339 ----a-r- c:\windows\SET9E.tmp
2009-10-23 17:06:54 10559 ----a-r- c:\windows\SET9F.tmp
2009-10-23 17:06:45 13753 ----a-r- c:\windows\SET6B.tmp
2009-10-23 17:06:42 1086058 ----a-r- c:\windows\SET5F.tmp
2009-10-23 17:06:40 1042903 ----a-r- c:\windows\SET5C.tmp
2009-10-23 03:01:25 22339 ----a-r- c:\windows\SET10A.tmp
2009-10-23 03:01:25 10559 ----a-r- c:\windows\SET10B.tmp
2009-10-23 03:01:24 7334 -c--a-w- c:\windows\system32\dllcache\wmerrenu.cat
2009-10-23 03:01:15 13753 ----a-r- c:\windows\SETD7.tmp
2009-10-23 03:01:13 1086058 ----a-r- c:\windows\SETCB.tmp
2009-10-23 03:01:11 1042903 ----a-r- c:\windows\SETC8.tmp
2009-10-23 01:00:13 45568 ----a-w- c:\docume~1\ryanre~1\applic~1\svcst.exe
2009-10-23 01:00:12 45568 ----a-w- c:\docume~1\ryanre~1\applic~1\seres.exe
2009-10-22 22:49:55 0 d-----w- c:\windows\dell
2009-10-22 01:26:51 245408 ----a-w- c:\windows\system32\unicows.dll
2009-10-22 01:16:58 0 ----a-w- c:\windows\system32\AAWService_2009_10_21_21_16_58.dmp
2009-10-21 19:41:33 2713 --sh--w- c:\windows\system32\biluguki.exe
2009-10-21 01:44:16 236 ----a-w- c:\windows\system32\pugohawu.bat
2009-10-21 01:43:31 0 d-----w- c:\docume~1\alluse~1\applic~1\13752321
2009-10-21 01:41:29 0 ----a-w- c:\windows\system32\AVR09.exe
2009-10-21 01:41:28 0 ----a-w- c:\windows\system32\winhelper.dll
2009-10-16 01:45:04 4438 ----a-w- c:\windows\imsins.BAK
2009-10-02 02:26:57 264933 ----a-w- c:\windows\setupapi.old
2009-10-01 19:04:47 2713 --sh--w- c:\windows\system32\dehehoji.exe
2009-10-01 08:18:07 0 ----a-w- c:\windows\system32\11478.exe
2009-10-01 07:18:07 0 ----a-w- c:\windows\system32\15724.exe
2009-10-01 06:18:07 0 ----a-w- c:\windows\system32\19169.exe
2009-10-01 05:18:07 0 ----a-w- c:\windows\system32\26500.exe
2009-10-01 04:18:07 0 ----a-w- c:\windows\system32\6334.exe

==================== Find3M ====================

2009-10-25 14:19:07 23428 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-10-05 19:32:23 3398 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-26 02:48:20 15341 ----a-w- c:\windows\vidikeni.exe
2009-09-26 02:48:19 15874 ----a-w- c:\windows\qobofozufy.exe
2009-09-26 02:48:19 15331 ----a-w- c:\program files\common files\rypyhy.ban
2009-09-26 02:48:19 12872 ----a-w- c:\docume~1\alluse~1\applic~1\ivibup.dll
2009-09-26 02:48:19 12827 ----a-w- c:\windows\usanobuwi.bin
2009-09-26 02:48:19 11587 ----a-w- c:\windows\system32\bebul.exe
2009-09-26 02:48:18 11506 ----a-w- c:\program files\common files\hywadijyg.exe
2009-09-26 02:21:01 19576 ----a-w- c:\program files\common files\ixypewiva.dat
2009-09-26 02:21:01 19094 ----a-w- c:\windows\system32\vuziba.com
2009-09-26 02:21:01 18202 ----a-w- c:\program files\common files\xero.sys
2009-09-26 02:21:01 15753 ----a-w- c:\windows\system32\aguriz.dat
2009-09-26 02:21:01 14978 ----a-w- c:\program files\common files\asaquho.bin
2009-09-26 02:21:01 14828 ----a-w- c:\windows\system32\tekite.scr
2009-09-26 02:21:01 13582 ----a-w- c:\windows\system32\ylyh.dat
2009-09-26 02:21:01 10111 ----a-w- c:\windows\zamyzyjaw.exe
2009-09-26 02:06:52 15844 ----a-w- c:\windows\ajajoha.scr
2009-09-26 02:06:52 12996 ----a-w- c:\windows\system32\kevudumu.dat
2009-09-26 02:06:52 11313 ----a-w- c:\program files\common files\gonywoj.dl
2009-09-26 02:06:52 10390 ----a-w- c:\windows\system32\agorol.exe
2009-09-26 02:06:51 16209 ----a-w- c:\program files\common files\supekewyki.dll
2009-09-26 02:06:51 15894 ----a-w- c:\docume~1\ryanre~1\applic~1\gyfo.dat
2009-09-26 02:06:51 15344 ----a-w- c:\windows\ywijosida.reg
2009-09-26 02:06:51 13411 ----a-w- c:\docume~1\ryanre~1\applic~1\memivonen.pif
2009-09-26 02:06:51 12593 ----a-w- c:\windows\system32\newemiceq.bin
2009-09-26 02:06:50 11117 ----a-w- c:\program files\common files\lejizu.bat
2009-09-25 21:59:27 15885 ----a-w- c:\docume~1\alluse~1\applic~1\loficysah.scr
2009-09-25 21:59:27 15884 ----a-w- c:\windows\system32\seny.dll
2009-09-25 21:59:27 15761 ----a-w- c:\windows\dicovojo.bat
2009-09-25 21:59:27 11499 ----a-w- c:\program files\common files\nifyza._dl
2009-09-25 21:59:26 19651 ----a-w- c:\windows\omafisi.pif
2009-09-25 21:59:26 18684 ----a-w- c:\windows\system32\tocarotik.dll
2009-09-25 21:59:26 15448 ----a-w- c:\program files\common files\urotose.bin
2009-09-25 21:59:26 12880 ----a-w- c:\docume~1\alluse~1\applic~1\momojujygi.exe
2009-09-25 21:59:26 10892 ----a-w- c:\windows\fycomiwu.exe
2009-09-22 02:52:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-16 14:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-07-21 01:42:49 27136 --sha-w- c:\windows\system32\zagubura.exe
2008-08-19 20:05:37 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 20:01:06.65 ===============
__________________________________________________________________________________
Win32Diag.exe


Running from: C:\Documents and Settings\Administrator\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!


___________________________________________________________
Log file


Volume in drive C has no label.
Volume Serial Number is 2C10-7806

Directory of C:\WINDOWS\system32

08/04/2004 06:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\system32

08/04/2004 06:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

08/04/2004 06:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\system32\dllcache

08/04/2004 06:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\system32\dllcache

08/04/2004 06:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32\dllcache

08/04/2004 06:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Total Files Listed:
6 File(s) 1,286,144 bytes
0 Dir(s) 50,497,282,048 bytes free

Attached File  Attach.txt   7.4KB   9 downloads
Attached File  RootRepeal_report_10_28_09__20_13_36_.txt   2.03KB   1 downloads

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:22 AM

Posted 03 November 2009 - 06:42 AM

Hello rraa497

Welcome to BleepingComputer :(

See if you can get these to run
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 rraa497

rraa497
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 03 November 2009 - 08:44 PM

OTL logfile created on: 11/3/2009 6:06:34 PM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Ryan Renner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 277.71 Mb Available Physical Memory | 54.45% Memory free
1.22 Gb Paging File | 0.98 Gb Available in Paging File | 80.55% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.87 Gb Total Space | 46.53 Gb Free Space | 65.66% Space Free | Partition Type: NTFS
Drive D: | 581.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.95% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADULTS
Current User Name: Ryan Renner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ryan Renner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\proquota.exe (Microsoft Corporation)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ryan Renner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\serwvdrv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\umdmxfrm.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (sprtsvc_ddoctorv2) -- File not found
SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (NetSvc) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (LexBceS) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (cercsr6) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (E100B) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/22 20:20:49 | 00,000,000 | ---D | M]

[2009/04/24 19:33:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Renner\Application Data\Mozilla\Extensions
[2009/04/24 19:33:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Renner\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL File not found
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [veyekagar] C:\WINDOWS\System32\ropenoya.DLL File not found
O4 - HKCU..\Run: [calc] C:\DOCUME~1\NETWOR~1\ntuser.DLL File not found
O4 - Startup: C:\Documents and Settings\Ryan Renner\Start Menu\Programs\Startup\scandisk.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdnet.dll) - C:\WINDOWS\system32\kbdnet.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (gewofawu.dll) - File not found
O20 - AppInit_DLLs: (nukubufa.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\ropenoya.dll) - C:\WINDOWS\System32\ropenoya.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: vojovofig - {e39f8ac8-8edb-4c4e-8ed7-4c3186614a1b} - C:\WINDOWS\System32\ropenoya.dll File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - gsajkfh873whdngo8wuidgs4rgfr4 - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {e39f8ac8-8edb-4c4e-8ed7-4c3186614a1b} - jugezatag - C:\WINDOWS\System32\ropenoya.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 07:00:00 | 00,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/03 18:05:34 | 00,527,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan Renner\Desktop\OTL.exe
[2009/10/28 19:05:04 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Ryan Renner\Desktop\RootRepeal.exe
[2009/10/27 20:10:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Renner\My Documents\bleepingcomputer
[2009/10/25 09:32:39 | 00,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2009/10/25 09:29:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/10/25 09:26:14 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/10/25 09:26:14 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/10/25 09:26:14 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/10/25 09:26:13 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/10/25 09:26:13 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/10/25 09:26:13 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/10/25 09:26:11 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/10/25 09:26:11 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/10/25 09:26:09 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/10/25 09:26:08 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/10/25 09:26:08 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/10/25 09:26:04 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/10/25 09:26:04 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/10/25 09:26:03 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/10/25 09:26:02 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/10/25 09:26:02 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/10/25 09:26:01 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/10/25 09:26:01 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/10/25 09:26:01 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/10/25 09:26:00 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/10/25 09:26:00 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/10/25 09:26:00 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/10/25 09:25:56 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/10/25 09:25:53 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/10/25 09:25:52 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2009/10/25 09:25:52 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/10/25 09:25:52 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2009/10/25 09:25:52 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/10/25 09:25:52 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2009/10/25 09:25:52 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/10/25 09:25:52 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2009/10/25 09:25:52 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/10/25 09:25:52 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2009/10/25 09:25:51 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/10/25 09:25:51 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/10/25 09:25:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/10/25 09:25:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/10/25 09:25:50 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2009/10/25 09:25:50 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/10/25 09:25:50 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/10/25 09:25:50 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/10/25 09:25:50 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/10/25 09:25:50 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/10/25 09:25:50 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/10/25 09:25:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/10/25 09:25:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/10/25 09:25:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/10/25 09:25:50 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/10/25 09:25:49 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/10/25 09:25:49 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/10/25 09:25:49 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/10/25 09:25:49 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/10/25 09:25:48 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/10/25 09:25:42 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/10/25 09:25:42 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/10/25 09:25:40 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/10/25 09:25:40 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/10/25 09:25:39 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/10/25 09:25:39 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2009/10/25 09:25:38 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/10/25 09:25:37 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/10/25 09:25:36 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/10/25 09:25:34 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/10/25 09:25:34 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2009/10/25 09:25:34 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/10/25 09:25:33 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/10/25 09:25:30 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/10/25 09:25:30 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\plugin.ocx
[2009/10/25 09:25:30 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/10/25 09:25:30 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/10/25 09:25:30 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/10/25 09:25:29 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/10/25 09:25:29 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/10/25 09:25:29 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/10/25 09:25:28 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/10/25 09:25:27 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/10/25 09:25:27 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/10/25 09:25:27 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/10/25 09:25:27 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/10/25 09:25:22 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/10/25 09:25:16 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/10/25 09:25:16 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2009/10/25 09:25:10 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/10/25 09:25:10 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/10/25 09:24:59 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2009/10/25 09:24:58 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/10/25 09:24:58 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/10/25 09:24:56 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/10/25 09:24:55 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/10/25 09:24:55 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2009/10/25 09:24:54 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2009/10/25 09:24:53 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/10/25 09:24:52 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/10/25 09:24:52 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/10/25 09:24:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/10/25 09:24:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/10/25 09:24:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/10/25 09:24:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/10/25 09:24:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/10/25 09:24:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/10/25 09:24:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/10/25 09:24:48 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/10/25 09:24:48 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/10/25 09:24:48 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/10/25 09:24:48 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2009/10/25 09:24:48 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2009/10/25 09:24:47 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/10/25 09:24:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/10/25 09:24:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/10/25 09:24:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/10/25 09:24:46 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2009/10/25 09:24:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/10/25 09:24:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/10/25 09:24:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/10/25 09:24:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/10/25 09:24:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/10/25 09:24:46 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/10/25 09:24:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2009/10/25 09:24:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/10/25 09:24:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/10/25 09:24:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/10/25 09:24:45 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/10/25 09:24:45 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/10/25 09:24:44 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/10/25 09:24:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2009/10/25 09:24:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/10/25 09:24:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2009/10/25 09:24:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/10/25 09:24:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/10/25 09:24:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/10/25 09:24:42 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2009/10/25 09:24:40 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/10/25 09:24:40 | 00,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/10/25 09:24:39 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/10/25 09:24:39 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2009/10/25 09:24:39 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2009/10/25 09:24:39 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/10/25 09:24:39 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/10/25 09:24:39 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/10/25 09:24:38 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/10/25 09:24:38 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/10/25 09:24:38 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2009/10/25 09:24:38 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2009/10/25 09:24:38 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009/10/25 09:24:38 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/10/25 09:24:38 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/10/25 09:24:37 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/10/25 09:24:37 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/10/25 09:24:37 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/10/25 09:24:37 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/10/25 09:24:37 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/10/25 09:24:37 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/10/25 09:24:37 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/10/25 09:24:36 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/10/25 09:24:30 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/10/25 09:24:20 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/10/25 09:24:19 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2009/10/25 09:24:18 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/10/25 09:24:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/10/25 09:24:13 | 00,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2009/10/25 09:24:13 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2009/10/25 09:24:12 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/10/25 09:24:11 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/10/25 09:24:10 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2009/10/25 09:24:10 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2009/10/25 09:24:10 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/10/25 09:24:10 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2009/10/25 09:24:10 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2009/10/25 09:24:09 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/10/25 09:24:09 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/10/25 09:24:09 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/10/25 09:23:58 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/10/25 09:23:55 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/10/25 09:23:54 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2009/10/25 09:23:51 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/10/25 09:23:51 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/10/25 09:23:51 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/10/25 09:23:51 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/10/25 09:23:50 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/10/25 09:23:50 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/10/25 09:23:49 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/10/25 09:23:49 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/10/25 09:23:49 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/10/25 09:23:49 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/10/25 09:23:49 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/10/25 09:23:48 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/10/25 09:23:47 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/10/25 09:23:46 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2009/10/25 09:23:46 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/10/25 09:23:46 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/10/25 09:23:33 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2009/10/25 09:23:33 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/10/25 09:23:32 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2009/10/25 09:23:32 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2009/10/25 09:23:32 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2009/10/25 09:23:32 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2009/10/25 09:23:32 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2009/10/25 09:23:31 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2009/10/25 09:23:30 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/10/25 09:23:22 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2009/10/25 09:23:21 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2009/10/25 09:23:21 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2009/10/25 09:23:21 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2009/10/25 09:23:13 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/10/25 09:23:13 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2009/10/25 09:23:12 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2009/10/25 09:23:12 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2009/10/25 09:23:12 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2009/10/25 09:23:12 | 00,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2009/10/25 09:23:12 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/10/25 09:23:12 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2009/10/25 09:23:12 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/10/25 09:23:12 | 00,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2009/10/25 09:23:11 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/10/25 09:23:11 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2009/10/25 09:23:11 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2009/10/25 09:23:11 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/10/25 09:23:11 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2009/10/25 09:23:11 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2009/10/25 09:23:10 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2009/10/25 09:23:10 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2009/10/25 09:23:10 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2009/10/25 09:23:09 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2009/10/25 09:23:04 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2009/10/25 09:19:57 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/10/25 09:19:44 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2009/10/25 09:19:40 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2009/10/25 09:19:39 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2009/10/25 09:08:41 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/10/25 09:08:41 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/10/25 09:08:41 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/10/25 09:08:41 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/10/24 20:52:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\45272525
[2009/10/24 20:16:53 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\migregdb.exe
[2009/10/24 20:10:23 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isignup.exe
[2009/10/24 20:08:08 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdl.dll
[2009/10/24 20:07:11 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetwiz.exe
[2009/10/24 20:06:59 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwconn2.exe
[2009/10/23 21:15:39 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/23 21:15:37 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/23 21:15:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/23 17:46:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\73022519
[2009/10/23 17:46:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\49525732
[2009/10/23 17:34:08 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwconn1.exe
[2009/10/23 17:34:08 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2009/10/22 17:49:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\dell
[2009/10/21 20:26:51 | 00,245,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2009/10/20 20:43:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\13752321
[2009/10/15 20:46:07 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/12 15:12:27 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/12 15:12:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/12 15:12:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[27 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/03 18:08:30 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan Renner\Desktop\OTL.exe
[2009/11/03 18:02:27 | 00,444,132 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/03 18:02:27 | 00,383,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/03 18:02:27 | 00,054,276 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/03 18:01:37 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/03 17:58:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/03 17:58:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/03 17:58:33 | 53,482,7008 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/28 19:05:40 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\Desktop\settings.dat
[2009/10/28 19:02:40 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\Desktop\dds.scr
[2009/10/27 20:41:58 | 00,236,544 | ---- | M] () -- C:\WINDOWS\System32\pev.exe
[2009/10/27 20:41:58 | 00,008,173 | ---- | M] () -- C:\WINDOWS\System32\ncmd.cfxxe
[2009/10/27 20:20:04 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\Desktop\Win32kDiag.exe
[2009/10/27 20:19:10 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Ryan Renner\Desktop\RootRepeal.exe
[2009/10/27 20:07:00 | 04,194,304 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\ntuser.dat
[2009/10/27 20:07:00 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Ryan Renner\ntuser.ini
[2009/10/27 20:05:54 | 00,034,709 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2009/10/27 20:02:22 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\Desktop\rkill.scr
[2009/10/25 17:13:32 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\gufahulo
[2009/10/25 09:27:35 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/10/25 09:21:51 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/10/25 09:21:49 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/25 09:21:49 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/25 09:21:31 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/25 09:20:31 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/10/25 09:20:31 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/10/25 09:20:09 | 00,000,835 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/25 09:19:07 | 00,023,428 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/25 09:18:09 | 00,001,066 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/10/25 09:13:24 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/10/25 09:09:08 | 00,004,200 | ---- | M] () -- C:\INFCACHE.1
[2009/10/25 09:08:47 | 00,000,467 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/24 21:00:00 | 00,264,933 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/10/24 20:19:38 | 00,004,438 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/23 21:17:03 | 00,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/23 21:12:07 | 00,796,986 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\My Documents\backup ccleaner 10-23-09.reg
[2009/10/23 20:55:41 | 03,788,022 | -H-- | M] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\IconCache.db
[2009/10/22 22:40:01 | 00,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/22 21:43:44 | 00,012,361 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/10/22 21:31:14 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/22 21:31:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper.dll
[2009/10/22 21:31:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR09.exe
[2009/10/22 20:00:11 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\Application Data\svcst.exe
[2009/10/22 20:00:11 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\Application Data\seres.exe
[2009/10/21 20:16:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AAWService_2009_10_21_21_16_58.dmp
[2009/10/21 14:41:33 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\biluguki.exe
[2009/10/20 21:03:17 | 00,000,655 | -HS- | M] () -- C:\Documents and Settings\Ryan Renner\Start Menu\Programs\Startup\scandisk.lnk
[2009/10/20 20:44:16 | 00,000,236 | ---- | M] () -- C:\WINDOWS\System32\pugohawu.bat
[2009/10/05 21:51:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/05 14:32:23 | 00,003,398 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/10/05 14:32:23 | 00,000,104 | RHS- | M] () -- C:\WINDOWS\System32\4A6534F8FF.sys
[27 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/28 19:16:47 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Desktop\Win32kDiag.exe
[2009/10/28 19:05:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Desktop\settings.dat
[2009/10/28 18:59:44 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Desktop\dds.scr
[2009/10/28 18:57:44 | 53,482,7008 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/27 20:41:58 | 00,236,544 | ---- | C] () -- C:\WINDOWS\System32\pev.exe
[2009/10/27 20:41:58 | 00,008,173 | ---- | C] () -- C:\WINDOWS\System32\ncmd.cfxxe
[2009/10/27 20:01:23 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Desktop\rkill.scr
[2009/10/25 09:26:26 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/10/25 09:25:31 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/10/25 09:25:31 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/10/25 09:25:29 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/10/25 09:24:54 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/10/25 09:24:53 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/10/25 09:24:39 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/10/25 09:24:38 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/10/25 09:24:36 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/10/25 09:24:24 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/10/25 09:24:18 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/10/25 09:24:13 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009/10/25 09:23:51 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/10/25 09:23:46 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/10/25 09:23:46 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/10/25 09:23:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/10/25 09:23:45 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/10/25 09:23:45 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/10/25 09:23:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/10/25 09:23:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/10/25 09:23:44 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/10/25 09:23:44 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/10/25 09:23:44 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/10/25 09:23:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/10/25 09:23:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/10/25 09:23:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/10/25 09:23:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/10/25 09:23:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/10/25 09:23:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/10/25 09:23:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/10/25 09:23:42 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/10/25 09:23:42 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/10/25 09:23:42 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/10/25 09:23:42 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/10/25 09:23:42 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/10/25 09:23:42 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/10/25 09:23:42 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/10/25 09:23:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/10/25 09:23:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/10/25 09:23:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/10/25 09:23:40 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/10/25 09:23:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/10/25 09:23:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/10/25 09:23:39 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/10/25 09:23:39 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/10/25 09:23:39 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/10/25 09:23:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/10/25 09:23:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/10/25 09:23:38 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/10/25 09:23:37 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/10/25 09:20:31 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/10/25 09:08:28 | 00,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2009/10/25 09:08:28 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/10/25 09:08:28 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/10/25 09:08:28 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/10/25 09:08:28 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/10/25 09:08:28 | 00,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/10/25 09:08:28 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/10/25 09:08:27 | 02,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/10/25 09:08:27 | 01,086,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/10/25 09:08:27 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/10/25 09:08:27 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/10/25 09:08:27 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/10/25 09:08:27 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/10/25 09:08:27 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/10/25 09:08:27 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/10/25 09:08:27 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/10/25 09:08:26 | 00,382,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/10/23 21:15:40 | 00,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/23 21:11:46 | 00,796,986 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\My Documents\backup ccleaner 10-23-09.reg
[2009/10/23 17:44:40 | 00,034,709 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2009/10/22 22:01:24 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/10/22 20:00:13 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Application Data\svcst.exe
[2009/10/22 20:00:12 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Application Data\seres.exe
[2009/10/22 17:37:13 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/21 20:16:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AAWService_2009_10_21_21_16_58.dmp
[2009/10/21 14:41:33 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\biluguki.exe
[2009/10/20 20:44:16 | 00,000,236 | ---- | C] () -- C:\WINDOWS\System32\pugohawu.bat
[2009/10/20 20:41:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR09.exe
[2009/10/20 20:41:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\winhelper.dll
[2009/10/15 20:45:04 | 00,004,438 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/09/25 21:48:19 | 00,018,272 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\ykoruruci.ban
[2009/09/25 21:48:19 | 00,017,169 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\tirerah.dat
[2009/09/25 21:48:19 | 00,016,360 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wyxalakopo._sy
[2009/09/25 21:48:19 | 00,015,331 | ---- | C] () -- C:\Program Files\Common Files\rypyhy.ban
[2009/09/25 21:48:19 | 00,013,578 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\upazima.dat
[2009/09/25 21:48:19 | 00,012,872 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ivibup.dll
[2009/09/25 21:48:19 | 00,010,485 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\ulifute.inf
[2009/09/25 21:48:18 | 00,011,506 | ---- | C] () -- C:\Program Files\Common Files\hywadijyg.exe
[2009/09/25 21:21:01 | 00,019,576 | ---- | C] () -- C:\Program Files\Common Files\ixypewiva.dat
[2009/09/25 21:21:01 | 00,019,211 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Application Data\gizitylu.inf
[2009/09/25 21:21:01 | 00,018,202 | ---- | C] () -- C:\Program Files\Common Files\xero.sys
[2009/09/25 21:21:01 | 00,017,674 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\potudov._sy
[2009/09/25 21:21:01 | 00,014,978 | ---- | C] () -- C:\Program Files\Common Files\asaquho.bin
[2009/09/25 21:21:01 | 00,014,946 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\xypezujube.dll
[2009/09/25 21:21:01 | 00,013,524 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qici.ban
[2009/09/25 21:06:52 | 00,017,885 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\labato.lib
[2009/09/25 21:06:52 | 00,011,313 | ---- | C] () -- C:\Program Files\Common Files\gonywoj.dl
[2009/09/25 21:06:51 | 00,018,240 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\isuny.bat
[2009/09/25 21:06:51 | 00,016,209 | ---- | C] () -- C:\Program Files\Common Files\supekewyki.dll
[2009/09/25 21:06:51 | 00,015,894 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Application Data\gyfo.dat
[2009/09/25 21:06:51 | 00,013,411 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Application Data\memivonen.pif
[2009/09/25 21:06:51 | 00,011,073 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\bylid.dll
[2009/09/25 21:06:51 | 00,010,476 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\urajebe.dl
[2009/09/25 21:06:51 | 00,010,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ixym.dl
[2009/09/25 21:06:50 | 00,012,255 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\irakuxo.ban
[2009/09/25 21:06:50 | 00,011,630 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\eryvep.bin
[2009/09/25 21:06:50 | 00,011,117 | ---- | C] () -- C:\Program Files\Common Files\lejizu.bat
[2009/09/25 19:31:44 | 00,016,635 | ---- | C] () -- C:\Program Files\Common Files\esatit.com
[2009/09/25 19:31:44 | 00,015,283 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\izulacylyj.vbs
[2009/09/25 19:31:44 | 00,014,154 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\orixa.reg
[2009/09/25 19:31:44 | 00,014,000 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\sotec.bin
[2009/09/25 19:31:43 | 00,016,831 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\equr.lib
[2009/09/25 19:31:43 | 00,011,791 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ovyqix.pif
[2009/09/25 19:31:42 | 00,017,829 | ---- | C] () -- C:\Program Files\Common Files\idelovuwe.ban
[2009/09/25 19:31:42 | 00,015,528 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Application Data\afamupahum.ban
[2009/09/25 19:31:42 | 00,015,126 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uperojyp.com
[2009/09/25 19:31:42 | 00,011,183 | ---- | C] () -- C:\Program Files\Common Files\juxobevim.dll
[2009/09/25 19:31:41 | 00,017,391 | ---- | C] () -- C:\Program Files\Common Files\wexawo.sys
[2009/09/25 19:31:41 | 00,012,410 | ---- | C] () -- C:\Program Files\Common Files\xaso.inf
[2009/09/25 16:59:27 | 00,015,885 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\loficysah.scr
[2009/09/25 16:59:27 | 00,015,884 | ---- | C] () -- C:\WINDOWS\System32\seny.dll
[2009/09/25 16:59:27 | 00,011,499 | ---- | C] () -- C:\Program Files\Common Files\nifyza._dl
[2009/09/25 16:59:26 | 00,018,684 | ---- | C] () -- C:\WINDOWS\System32\tocarotik.dll
[2009/09/25 16:59:26 | 00,015,448 | ---- | C] () -- C:\Program Files\Common Files\urotose.bin
[2009/09/25 16:59:26 | 00,012,880 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\momojujygi.exe
[2009/04/12 19:46:59 | 00,773,548 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2007/10/10 22:59:22 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\fusioncache.dat
[2006/09/23 12:34:47 | 00,000,027 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2006/08/24 06:42:58 | 00,000,182 | ---- | C] () -- C:\WINDOWS\KA.INI
[2006/08/22 10:03:58 | 00,000,663 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/05/26 17:20:16 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/08 10:56:34 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/04 16:20:21 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Application Data\PFP120JPR.{PB
[2006/03/04 16:20:21 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Application Data\PFP120JCM.{PB
[2006/03/01 21:40:05 | 00,046,776 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/12/14 17:38:34 | 00,003,398 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/14 17:38:34 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\4A6534F8FF.sys
[2005/11/29 22:34:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/11/29 20:33:31 | 00,000,369 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/11/29 20:00:14 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/29 19:50:40 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Ryan Renner\Application Data\desktop.ini
[2005/11/29 19:50:39 | 03,788,022 | -H-- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\IconCache.db
[2005/11/23 08:46:37 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/23 08:31:33 | 00,000,705 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/23 08:04:46 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/11/23 08:04:34 | 00,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 09:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/10 13:51:28 | 00,000,835 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 13:51:26 | 00,000,467 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/10 13:51:16 | 00,020,580 | ---- | C] () -- C:\WINDOWS\batmeter16.dll
[2004/08/04 05:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 05:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/03 19:56:46 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/18 05:46:38 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2002/11/13 10:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 06:40:06 | 00,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini

========== LOP Check ==========

[2009/10/20 20:43:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\13752321
[2009/10/24 21:00:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\45272525
[2009/10/23 17:52:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\49525732
[2009/10/23 17:52:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\73022519
[2008/01/26 22:38:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2007/02/14 11:54:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/01/26 22:32:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/11/05 21:12:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/11/23 08:29:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/19 12:13:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/27 21:48:51 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2007/07/23 22:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Renner\Application Data\Corel
[2006/03/01 21:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Renner\Application Data\Corel Photo Album
[2005/11/29 21:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Renner\Application Data\Leadertech
[2009/10/05 21:51:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2008/03/15 00:00:01 | 00,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/10/01 00:00:01 | 00,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/10/22 21:31:14 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/11/03 17:58:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:288A91F8
< End of report >

OTL Extras logfile created on: 11/3/2009 6:06:34 PM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Ryan Renner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 277.71 Mb Available Physical Memory | 54.45% Memory free
1.22 Gb Paging File | 0.98 Gb Available in Paging File | 80.55% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.87 Gb Total Space | 46.53 Gb Free Space | 65.66% Space Free | Partition Type: NTFS
Drive D: | 581.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.95% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADULTS
Current User Name: Ryan Renner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe" = C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe:*:Enabled:Bejeweled2 -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\GameHouse\TextTwist\TextTwist.exe" = C:\Program Files\GameHouse\TextTwist\TextTwist.exe:*:Enabled:Super TextTwist -- (GameHouse, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\WINDOWS\TEMP\71.tmp" = C:\WINDOWS\TEMP\71.tmp:*:Enabled:Enabled -- File not found
"C:\WINDOWS\system32\winlogon.exe" = C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- File not found
"C:\Program Files\McAfee\VirusScan\mcvsmap.exe" = C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap -- (McAfee, Inc.)
"C:\WINDOWS\system32\drwtsn32.exe" = C:\WINDOWS\system32\drwtsn32.exe:*:Enabled:drwtsn32 -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore -- (Microsoft Corporation)
"C:\Program Files\Windows Defender\MSASCui.exe" = C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:MSASCui -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:explorer -- (Microsoft Corporation)
"C:\Program Files\Windows Defender\MsMpEng.exe" = C:\Program Files\Windows Defender\MsMpEng.exe:*:Enabled:MsMpEng -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}" = SA30xx Media Converter
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}" = Philips Device Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FECA0B9-37A7-471C-AA8E-DB29FB0E936C}" = SA3020 Device Manager
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{67EC0571-4B4E-40C2-8A81-8C1B02D87DB0}" = iDEN Phonebook Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11022143}" = Scrabble Blast Deluxe
"{8307E622-89E1-435A-BC8A-678C678F6A43}" = SA30xx Media Converter
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{C4868E88-F5B5-4E45-9592-C7062BD97441}" = Symantec Technical Support Web Controls
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3" = Polar Bowler
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"a-squared Free_is1" = a-squared Free 4.0
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"C2D8F0E2-6978-4409-8351-BA8785DA11EE" = FATE
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"hp deskjet 3820 series" = hp deskjet 3820 series (Remove only)
"InterActual Player" = InterActual Player
"LameACM" = Lame ACM MP3 Codec
"Letters" = Sesame Street Letters
"Lexmark X1100 Series" = Lexmark X1100 Series
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Motorola MP3 Loader" = Motorola MP3 Loader
"MSC" = McAfee SecurityCenter
"MSNINST" = MSN
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SCRABBLE" = SCRABBLE
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Super TextTwist" = Super TextTwist
"TurboTax Premier 2005" = TurboTax Premier 2005
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT017844" = Jewel Quest
"wtwebdriver" = WildTangent Web Driver
"YInstHelper" = Yahoo! Install Manager
"ymb" = Yahoo! Mail Quick Select Tool (PhotoMail)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2009 8:47:50 PM | Computer Name = ADULTS | Source = SceCli | ID = 1000
Description = Security configuration was not backed up. Error 1208 to open database.

Error - 10/23/2009 9:55:35 PM | Computer Name = ADULTS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x9f6a10b3.

Error - 10/23/2009 10:00:30 PM | Computer Name = ADULTS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x9f6a10b3.

Error - 10/24/2009 9:14:33 PM | Computer Name = ADULTS | Source = SceCli | ID = 1000
Description = Security configuration was not backed up. Error 1208 to open database.

Error - 10/24/2009 10:00:57 PM | Computer Name = ADULTS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x9f5a10b3.

Error - 10/24/2009 10:15:36 PM | Computer Name = ADULTS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x9f6a10b3.

Error - 10/25/2009 10:22:38 AM | Computer Name = ADULTS | Source = SceCli | ID = 1000
Description = Security configuration was not backed up. Error 1208 to open database.

Error - 10/25/2009 12:43:36 PM | Computer Name = ADULTS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x9f6a10b3.

Error - 10/25/2009 12:43:51 PM | Computer Name = ADULTS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x9f6a10b3.

Error - 10/25/2009 12:50:50 PM | Computer Name = ADULTS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x9f6a10b3.

[ System Events ]
Error - 10/27/2009 9:09:22 PM | Computer Name = ADULTS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm mfehidk

Error - 10/27/2009 9:09:46 PM | Computer Name = ADULTS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/27/2009 9:10:12 PM | Computer Name = ADULTS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/27/2009 9:16:28 PM | Computer Name = ADULTS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/27/2009 9:25:57 PM | Computer Name = ADULTS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/27/2009 9:26:21 PM | Computer Name = ADULTS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/27/2009 9:28:11 PM | Computer Name = ADULTS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/27/2009 9:46:13 PM | Computer Name = ADULTS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/27/2009 9:47:14 PM | Computer Name = ADULTS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/27/2009 9:56:43 PM | Computer Name = ADULTS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-03 20:31:02
Windows 5.1.2600 Service Pack 2
Running: 5ht47lov.exe; Driver: C:\DOCUME~1\RYANRE~1\LOCALS~1\Temp\fwtdrpod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF858887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8588BFE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEF69A78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEF69A738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEF69A74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEF69A7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEF69A710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEF69A724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEF69A79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEF69A776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEF69A762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEF69A7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEF69A7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEF69A7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804FB0F3 7 Bytes JMP EF69A7B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056BD05 5 Bytes JMP EF69A766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 80570D48 5 Bytes JMP EF69A78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80572E81 5 Bytes JMP EF69A7E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 805732FC 7 Bytes JMP EF69A7CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80573C96 5 Bytes JMP EF69A714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80574045 7 Bytes JMP EF69A7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058041A 7 Bytes JMP EF69A750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 80582C2B 5 Bytes JMP EF69A7FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 80588972 5 Bytes JMP EF69A728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805AD33C 5 Bytes JMP EF69A73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062C193 5 Bytes JMP EF69A77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E3000A
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E30FA1
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E30096
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E3006F
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E30FB2
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E30FD4
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E30F69
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E30F86
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E300F1
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E30F58
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00E30F3D
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00E30FC3
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00E30025
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00E300B1
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00E30036
.text C:\WINDOWS\system32\services.exe[692] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00E300D6
.text C:\WINDOWS\system32\services.exe[692] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E10FA1
.text C:\WINDOWS\system32\services.exe[692] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E10FB2
.text C:\WINDOWS\system32\services.exe[692] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E10FD7
.text C:\WINDOWS\system32\services.exe[692] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E10000
.text C:\WINDOWS\system32\services.exe[692] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E10022
.text C:\WINDOWS\system32\services.exe[692] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E10011
.text C:\WINDOWS\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00E2001B
.text C:\WINDOWS\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00E2005B
.text C:\WINDOWS\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00E20FD4
.text C:\WINDOWS\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00E20FE5
.text C:\WINDOWS\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00E20F9E
.text C:\WINDOWS\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00E20FB9
.text C:\WINDOWS\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00E20000
.text C:\WINDOWS\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00E20036
.text C:\WINDOWS\system32\services.exe[692] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CA0096
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CA0FA1
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CA0FB2
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CA0FC3
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CA0051
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CA0F86
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CA00CE
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CA0F3F
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CA0F5A
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00CA0F2E
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00CA0FD4
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00CA00B1
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00CA0040
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00CA002F
.text C:\WINDOWS\system32\lsass.exe[704] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00CA0F75
.text C:\WINDOWS\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00C90025
.text C:\WINDOWS\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00C90F8A
.text C:\WINDOWS\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00C90FD4
.text C:\WINDOWS\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00C90F9B
.text C:\WINDOWS\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00C90047
.text C:\WINDOWS\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00C90036
.text C:\WINDOWS\system32\lsass.exe[704] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80FAB
.text C:\WINDOWS\system32\lsass.exe[704] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C80FBC
.text C:\WINDOWS\system32\lsass.exe[704] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C80FDE
.text C:\WINDOWS\system32\lsass.exe[704] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\lsass.exe[704] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C80FCD
.text C:\WINDOWS\system32\lsass.exe[704] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\lsass.exe[704] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C70FEF
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008A000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008A0F83
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008A0F9E
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008A0FAF
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008A0062
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008A0051
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008A0F4D
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008A0093
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008A0F10
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008A0F2B
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 008A00C4
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 008A0FC0
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 008A001B
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 008A0F72
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 008A0036
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 008A0FE5
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 008A0F3C
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00890FC0
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00890F8A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00890011
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00890000
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00890FA5
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0089003D
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00890FE5
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 0089002C
.text C:\WINDOWS\system32\svchost.exe[868] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00880FCA
.text C:\WINDOWS\system32\svchost.exe[868] msvcrt.dll!system 77C293C7 5 Bytes JMP 00880FDB
.text C:\WINDOWS\system32\svchost.exe[868] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0088003A
.text C:\WINDOWS\system32\svchost.exe[868] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00880000
.text C:\WINDOWS\system32\svchost.exe[868] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0088004B
.text C:\WINDOWS\system32\svchost.exe[868] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0088001D
.text C:\WINDOWS\system32\svchost.exe[868] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0087000A
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009D0F97
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009D0FB2
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009D0080
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009D006F
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009D0040
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009D00C2
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009D0F70
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009D0F44
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009D0F55
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 009D0F33
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 009D0FC3
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 009D001B
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 009D009D
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 009D0FD4
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 009D00D3
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 009C0025
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 009C0F97
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 009C0014
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 009C0FDE
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 009C0FB2
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 009C0FC3
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 009C0040
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B0064
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B0053
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B001D
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B0038
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B0FE3
.text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01FF0000
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01FF0F77
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01FF006C
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01FF0051
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01FF0F94
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01FF0FCA
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01FF00A4
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01FF0F5C
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01FF0F15
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01FF0F30
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 01FF00C9
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 01FF0FAF
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01FF001B
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 01FF0087
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 01FF0FDB
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 01FF0036
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 01FF0F41
.text C:\WINDOWS\System32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 01FE0036
.text C:\WINDOWS\System32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01FE0069
.text C:\WINDOWS\System32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 01FE001B
.text C:\WINDOWS\System32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 01FE000A
.text C:\WINDOWS\System32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01FE0058
.text C:\WINDOWS\System32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01FE0FC0
.text C:\WINDOWS\System32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01FE0FEF
.text C:\WINDOWS\System32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01FE0047
.text C:\WINDOWS\System32\svchost.exe[980] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01FD0FA1
.text C:\WINDOWS\System32\svchost.exe[980] msvcrt.dll!system 77C293C7 5 Bytes JMP 01FD0FB2
.text C:\WINDOWS\System32\svchost.exe[980] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01FD0022
.text C:\WINDOWS\System32\svchost.exe[980] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01FD0000
.text C:\WINDOWS\System32\svchost.exe[980] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01FD0FC3
.text C:\WINDOWS\System32\svchost.exe[980] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01FD0011
.text C:\WINDOWS\System32\svchost.exe[980] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01FB0000
.text C:\WINDOWS\System32\svchost.exe[980] WININET.dll!InternetOpenW 771BAF05 5 Bytes JMP 01FC0FD4
.text C:\WINDOWS\System32\svchost.exe[980] WININET.dll!InternetOpenA 771C58C2 5 Bytes JMP 01FC0FE5
.text C:\WINDOWS\System32\svchost.exe[980] WININET.dll!InternetOpenUrlA 771C5B75 5 Bytes JMP 01FC0FC3
.text C:\WINDOWS\System32\svchost.exe[980] WININET.dll!InternetOpenUrlW 771D5B5A 5 Bytes JMP 01FC0016
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00740000
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00740F83
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00740078
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0074005B
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00740F9E
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00740039
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00740F5C
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007400AE
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007400C9
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00740F3A
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00740F15
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 0074004A
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00740FEF
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00740093
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00740FCD
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00740FDE
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00740F4B
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00730FA8
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00730F83
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00730FCD
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00730FDE
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0073004A
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0073002F
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00730FEF
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 0073001E
.text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00720FAF
.text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!system 77C293C7 5 Bytes JMP 0072003A
.text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00720018
.text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00720FEF
.text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00720029
.text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00720FDE
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00860FEF
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00860F59
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00860F7E
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00860058
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00860047
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0086002C
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00860F10
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00860F21
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00860EFF
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0086008E
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00860EE4
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00860FA5
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00860FD4
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00860F3E
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00860011
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00860000
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 0086007D
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00850FB9
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00850040
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00850FD4
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0085000A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00850F83
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00850025
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00850FEF
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00850F9E
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00840064
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!system 77C293C7 5 Bytes JMP 00840053
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00840FE3
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00840000
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00840038
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0084001D
.text C:\WINDOWS\system32\svchost.exe[1164] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00830000
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A000A
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A00AB
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A009A
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0FC0
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A007D
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F8F
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A00D7
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F52
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F63
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 001A0F37
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 001A0062
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 001A00BC
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 001A0051
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 001A0040
.text C:\WINDOWS\Explorer.EXE[1212] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 001A0F74
.text C:\WINDOWS\Explorer.EXE[1212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00280027
.text C:\WINDOWS\Explorer.EXE[1212] msvcrt.dll!system 77C293C7 5 Bytes JMP 0028000C
.text C:\WINDOWS\Explorer.EXE[1212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00280FB7
.text C:\WINDOWS\Explorer.EXE[1212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00280FEF
.text C:\WINDOWS\Explorer.EXE[1212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00280F9C
.text C:\WINDOWS\Explorer.EXE[1212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00280FD2
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0029001B
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00290076
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0029000A
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00290FD4
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0029005B
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290040
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290FEF
.text C:\WINDOWS\Explorer.EXE[1212] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290FB9
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetOpenW 771BAF05 5 Bytes JMP 002B000A
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetOpenA 771C58C2 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetOpenUrlA 771C5B75 5 Bytes JMP 002B0FC8
.text C:\WINDOWS\Explorer.EXE[1212] WININET.dll!InternetOpenUrlW 771D5B5A 5 Bytes JMP 002B001B
.text C:\WINDOWS\Explorer.EXE[1212] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 014F0000
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008F0000
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008F0093
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008F0082
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008F0FA8
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008F0065
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008F0036
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008F0F83
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008F00BF
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008F00E6
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008F0F57
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 008F00F7
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 008F0FB9
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 008F0011
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 008F00AE
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 008F0FCA
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 008F0FDB
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 008F0F68
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 007E0FCA
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 007E0F94
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 007E001B
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 007E005B
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 007E004A
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 007E0FE5
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 007E0FB9
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007D0075
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!system 77C293C7 5 Bytes JMP 007D005A
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007D0038
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007D0000
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007D0049
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007D0011
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007B0000
.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenW 771BAF05 5 Bytes JMP 007C0FEF
.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenA 771C58C2 5 Bytes JMP 007C000A
.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenUrlA 771C5B75 5 Bytes JMP 007C0FDE
.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenUrlW 771D5B5A 5 Bytes JMP 007C0FC1
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00AD0F79
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00AD006E
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00AD005D
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00AD0F94
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00AD0FAF
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00AD00B5
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00AD00A4
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AD0F2D
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AD0F3E
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00AD0F1C
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00AD0036
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00AD0093
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00AD0FC0
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00AD001B
.text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00AD00C6
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00AC0025
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00AC0F6F
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00AC0FD4
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00AC000A
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00AC0036
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00AC0F9E
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00AC0FB9
.text C:\WINDOWS\system32\svchost.exe[1584] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0FA8
.text C:\WINDOWS\system32\svchost.exe[1584] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0029
.text C:\WINDOWS\system32\svchost.exe[1584] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0018
.text C:\WINDOWS\system32\svchost.exe[1584] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[1584] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0FC3
.text C:\WINDOWS\system32\svchost.exe[1584] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0FDE

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:22 AM

Posted 04 November 2009 - 07:34 AM

Please delete your version of Combofix.
==========================
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL File not found
    O4 - HKLM..\Run: [veyekagar] C:\WINDOWS\System32\ropenoya.DLL File not found
    O4 - HKCU..\Run: [calc] C:\DOCUME~1\NETWOR~1\ntuser.DLL File not found
    O4 - Startup: C:\Documents and Settings\Ryan Renner\Start Menu\Programs\Startup\scandisk.lnk
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O20 - AppInit_DLLs: (gewofawu.dll) - File not found
    O20 - AppInit_DLLs: (nukubufa.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\ropenoya.dll) - C:\WINDOWS\System32\ropenoya.dll File not found
    O22 - SharedTaskScheduler: {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - gsajkfh873whdngo8wuidgs4rgfr4 - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {e39f8ac8-8edb-4c4e-8ed7-4c3186614a1b} - jugezatag - C:\WINDOWS\System32\ropenoya.dll File not found
    [2009/10/24 20:52:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\45272525
    [2009/10/23 17:46:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\73022519
    [2009/10/23 17:46:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\49525732
    [2009/10/25 17:13:32 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\gufahulo
    [2009/10/22 21:31:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper.dll
    [2009/10/22 21:31:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR09.exe
    [2009/10/22 20:00:11 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\Application Data\svcst.exe
    [2009/10/22 20:00:11 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\Application Data\seres.exe
    [2009/10/21 14:41:33 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\biluguki.exe
    [2009/10/20 21:03:17 | 00,000,655 | -HS- | M] () -- C:\Documents and Settings\Ryan Renner\Start Menu\Programs\Startup\scandisk.lnk
    [2009/10/20 20:44:16 | 00,000,236 | ---- | M] () -- C:\WINDOWS\System32\pugohawu.bat
    2009/09/25 21:48:19 | 00,018,272 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\ykoruruci.ban
    [2009/09/25 21:48:19 | 00,017,169 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\tirerah.dat
    [2009/09/25 21:48:19 | 00,016,360 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wyxalakopo._sy
    [2009/09/25 21:48:19 | 00,015,331 | ---- | C] () -- C:\Program Files\Common Files\rypyhy.ban
    [2009/09/25 21:48:19 | 00,013,578 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\upazima.dat
    [2009/09/25 21:48:19 | 00,012,872 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ivibup.dll
    [2009/09/25 21:48:19 | 00,010,485 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\ulifute.inf
    [2009/09/25 21:48:18 | 00,011,506 | ---- | C] () -- C:\Program Files\Common Files\hywadijyg.exe
    [2009/09/25 21:21:01 | 00,019,576 | ---- | C] () -- C:\Program Files\Common Files\ixypewiva.dat
    [2009/09/25 21:21:01 | 00,019,211 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Application Data\gizitylu.inf
    [2009/09/25 21:21:01 | 00,018,202 | ---- | C] () -- C:\Program Files\Common Files\xero.sys
    [2009/09/25 21:21:01 | 00,017,674 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\potudov._sy
    [2009/09/25 21:21:01 | 00,014,978 | ---- | C] () -- C:\Program Files\Common Files\asaquho.bin
    [2009/09/25 21:21:01 | 00,014,946 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\xypezujube.dll
    [2009/09/25 21:21:01 | 00,013,524 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qici.ban
    [2009/09/25 21:06:52 | 00,017,885 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\labato.lib
    [2009/09/25 21:06:52 | 00,011,313 | ---- | C] () -- C:\Program Files\Common Files\gonywoj.dl
    [2009/09/25 21:06:51 | 00,018,240 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\isuny.bat
    [2009/09/25 21:06:51 | 00,016,209 | ---- | C] () -- C:\Program Files\Common Files\supekewyki.dll
    [2009/09/25 21:06:51 | 00,015,894 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Application Data\gyfo.dat
    [2009/09/25 21:06:51 | 00,013,411 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Application Data\memivonen.pif
    [2009/09/25 21:06:51 | 00,011,073 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\bylid.dll
    [2009/09/25 21:06:51 | 00,010,476 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\urajebe.dl
    [2009/09/25 21:06:51 | 00,010,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ixym.dl
    [2009/09/25 21:06:50 | 00,012,255 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\irakuxo.ban
    [2009/09/25 21:06:50 | 00,011,630 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\eryvep.bin
    [2009/09/25 21:06:50 | 00,011,117 | ---- | C] () -- C:\Program Files\Common Files\lejizu.bat
    [2009/09/25 19:31:44 | 00,016,635 | ---- | C] () -- C:\Program Files\Common Files\esatit.com
    [2009/09/25 19:31:44 | 00,015,283 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\izulacylyj.vbs
    [2009/09/25 19:31:44 | 00,014,154 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\orixa.reg
    [2009/09/25 19:31:44 | 00,014,000 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\sotec.bin
    [2009/09/25 19:31:43 | 00,016,831 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\equr.lib
    [2009/09/25 19:31:43 | 00,011,791 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ovyqix.pif
    [2009/09/25 19:31:42 | 00,017,829 | ---- | C] () -- C:\Program Files\Common Files\idelovuwe.ban
    [2009/09/25 19:31:42 | 00,015,528 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Application Data\afamupahum.ban
    [2009/09/25 19:31:42 | 00,015,126 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uperojyp.com
    [2009/09/25 19:31:42 | 00,011,183 | ---- | C] () -- C:\Program Files\Common Files\juxobevim.dll
    [2009/09/25 19:31:41 | 00,017,391 | ---- | C] () -- C:\Program Files\Common Files\wexawo.sys
    [2009/09/25 19:31:41 | 00,012,410 | ---- | C] () -- C:\Program Files\Common Files\xaso.inf
    [2009/09/25 16:59:27 | 00,015,885 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\loficysah.scr
    [2009/09/25 16:59:27 | 00,015,884 | ---- | C] () -- C:\WINDOWS\System32\seny.dll
    [2009/09/25 16:59:27 | 00,011,499 | ---- | C] () -- C:\Program Files\Common Files\nifyza._dl
    [2009/09/25 16:59:26 | 00,018,684 | ---- | C] () -- C:\WINDOWS\System32\tocarotik.dll
    [2009/09/25 16:59:26 | 00,015,448 | ---- | C] () -- C:\Program Files\Common Files\urotose.bin
    [2009/09/25 16:59:26 | 00,012,880 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\momojujygi.exe
    
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
========================Combofix==========================
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

================================Malwarebytes' Anti-Malware=================================
Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Online scan=================================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 rraa497

rraa497
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 04 November 2009 - 06:14 PM

I copied and ran the fix in OTL and restarted the computer. When the computer started up again everything came up the same way as before I ran the scan. When I try to run Combofix.exe it says it has detected McAfee VirusScan to be active. The problem is I can't get into McAfee to disable it. Here is the OTL scan that I did get.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\calc deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\veyekagar deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\calc deleted successfully.
C:\Documents and Settings\Ryan Renner\Start Menu\Programs\Startup\scandisk.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:gewofawu.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:nukubufa.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\ropenoya.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{A2234B15-23F2-42AD-F4E4-00AAC39C0004} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2234B15-23F2-42AD-F4E4-00AAC39C0004}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{e39f8ac8-8edb-4c4e-8ed7-4c3186614a1b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e39f8ac8-8edb-4c4e-8ed7-4c3186614a1b}\ deleted successfully.
File move failed. C:\Documents and Settings\All Users\Application Data\45272525\ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\73022519\ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\49525732\ scheduled to be moved on reboot.
C:\WINDOWS\system32\gufahulo moved successfully.
C:\WINDOWS\system32\winhelper.dll moved successfully.
C:\WINDOWS\system32\AVR09.exe moved successfully.
C:\Documents and Settings\Ryan Renner\Application Data\svcst.exe moved successfully.
C:\Documents and Settings\Ryan Renner\Application Data\seres.exe moved successfully.
C:\WINDOWS\system32\biluguki.exe moved successfully.
File C:\Documents and Settings\Ryan Renner\Start Menu\Programs\Startup\scandisk.lnk not found.
C:\WINDOWS\system32\pugohawu.bat moved successfully.
C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\tirerah.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\wyxalakopo._sy moved successfully.
C:\Program Files\Common Files\rypyhy.ban moved successfully.
C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\upazima.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\ivibup.dll moved successfully.
C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\ulifute.inf moved successfully.
C:\Program Files\Common Files\hywadijyg.exe moved successfully.
C:\Program Files\Common Files\ixypewiva.dat moved successfully.
C:\Documents and Settings\Ryan Renner\Application Data\gizitylu.inf moved successfully.
C:\Program Files\Common Files\xero.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\potudov._sy moved successfully.
C:\Program Files\Common Files\asaquho.bin moved successfully.
C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\xypezujube.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\qici.ban moved successfully.
C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\labato.lib moved successfully.
C:\Program Files\Common Files\gonywoj.dl moved successfully.
C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\isuny.bat moved successfully.
C:\Program Files\Common Files\supekewyki.dll moved successfully.
C:\Documents and Settings\Ryan Renner\Application Data\gyfo.dat moved successfully.
C:\Documents and Settings\Ryan Renner\Application Data\memivonen.pif moved successfully.
C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\bylid.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\urajebe.dl moved successfully.
C:\Documents and Settings\All Users\Application Data\ixym.dl moved successfully.
C:\Documents and Settings\All Users\Application Data\irakuxo.ban moved successfully.
C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\eryvep.bin moved successfully.
C:\Program Files\Common Files\lejizu.bat moved successfully.
C:\Program Files\Common Files\esatit.com moved successfully.
C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\izulacylyj.vbs moved successfully.
C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\orixa.reg moved successfully.
C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\sotec.bin moved successfully.
C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\equr.lib moved successfully.
C:\Documents and Settings\All Users\Application Data\ovyqix.pif moved successfully.
C:\Program Files\Common Files\idelovuwe.ban moved successfully.
C:\Documents and Settings\Ryan Renner\Application Data\afamupahum.ban moved successfully.
C:\Documents and Settings\All Users\Application Data\uperojyp.com moved successfully.
C:\Program Files\Common Files\juxobevim.dll moved successfully.
C:\Program Files\Common Files\wexawo.sys moved successfully.
C:\Program Files\Common Files\xaso.inf moved successfully.
C:\Documents and Settings\All Users\Application Data\loficysah.scr moved successfully.
C:\WINDOWS\system32\seny.dll moved successfully.
C:\Program Files\Common Files\nifyza._dl moved successfully.
C:\WINDOWS\system32\tocarotik.dll moved successfully.
C:\Program Files\Common Files\urotose.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\momojujygi.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3606452 bytes
->Temporary Internet Files folder emptied: 5568132 bytes

User: All Users

User: Austin Renner
->Temp folder emptied: 8353599 bytes
->Temporary Internet Files folder emptied: 233005713 bytes

User: BB443B11-7D12-450c-9F85-2D32804655F9

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Guest
->Temp folder emptied: 224947 bytes
->Temporary Internet Files folder emptied: 6451676 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 38266 bytes

User: NetworkService
->Temp folder emptied: 354786 bytes
->Temporary Internet Files folder emptied: 34726 bytes

User: Rachel Renner
->Temp folder emptied: 879234947 bytes
->Temporary Internet Files folder emptied: 154492432 bytes
->Java cache emptied: 50695628 bytes

User: Ryan Renner
->Temp folder emptied: 10807899 bytes
->Temporary Internet Files folder emptied: 6160903 bytes
->Java cache emptied: 25494212 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 10897629 bytes
%systemroot%\System32 .tmp files removed: 12723969 bytes
Windows Temp folder emptied: 2832170 bytes
RecycleBin emptied: 101911 bytes

Total Files Cleaned = 1345.81 mb


OTL by OldTimer - Version 3.1.3.3 log created on 11042009_174543

Files\Folders moved on Reboot...
Folder move failed. C:\Documents and Settings\All Users\Application Data\45272525\ scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\73022519\ scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\49525732\ scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:22 AM

Posted 04 November 2009 - 08:59 PM

You will need to uninstall Mcafee temporarily.
You can reinstall it later.

Then run Combofix.
Then finish up with the online scanner please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 rraa497

rraa497
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 04 November 2009 - 09:32 PM

I'm trying to uninstall it but I can't no matter what I do! When I try to remove it just a box comes up and nothing else. I am being blocked from it. When I try to open McAfee it opens and closes for in a second.

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:22 AM

Posted 05 November 2009 - 05:37 AM

Yes the malware has corrupted it.
PLease click here and download the MCAfee removal utility.

Double click it to run it reboot once it has finished removing the product.
The run Combofix.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 rraa497

rraa497
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 05 November 2009 - 05:31 PM

I got Combofix to run. When I tried to open MBAM it wouldn't open and when I went to internet explorer and typed in and address a window opened and said "The requesed lookup key was not found in any active activation context". My desktop background is back like normal and I have a windows update icon on the taskbar. Here is the combofix log.

ComboFix 09-11-04.02 - Ryan Renner 11/05/2009 17:03.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.313 [GMT -5:00]
Running from: c:\documents and settings\Ryan Renner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Documents\ziwa.reg
c:\documents and settings\Rachel Renner\Application Data\iniasd.txt
c:\documents and settings\Rachel Renner\Application Data\pidipywo.reg
c:\documents and settings\Rachel Renner\Application Data\qimete.reg
c:\documents and settings\Rachel Renner\Application Data\seres.exe
c:\documents and settings\Rachel Renner\Application Data\svcst.exe
c:\documents and settings\Rachel Renner\Start Menu\Programs\Startup\scandisk.lnk
c:\documents and settings\Ryan Renner\Cookies\avuhylyzi.inf
c:\documents and settings\Ryan Renner\Cookies\digumy._dl
c:\documents and settings\Ryan Renner\Cookies\liho._sy
c:\documents and settings\Ryan Renner\Cookies\lopebef.com
c:\documents and settings\Ryan Renner\Cookies\nyxyme.dll
c:\documents and settings\Ryan Renner\Cookies\opibu.bin
c:\documents and settings\Ryan Renner\Cookies\opudabor.com
c:\documents and settings\Ryan Renner\Cookies\razotita.dat
c:\documents and settings\Ryan Renner\Cookies\telacetaro._dl
c:\documents and settings\Ryan Renner\Cookies\uzusal.vbs
c:\documents and settings\Ryan Renner\Cookies\vykulu.bin
c:\documents and settings\Ryan Renner\Cookies\yjepytusun.sys
c:\program files\Shared
c:\program files\Shared\lib.sig
c:\windows\ajajoha.scr
c:\windows\avokizine._sy
c:\windows\batmeter16.dll
c:\windows\byxunuv.scr
c:\windows\dicovojo.bat
c:\windows\fycomiwu.exe
c:\windows\jihiqivevu._sy
c:\windows\qobofozufy.exe
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\41.exe
c:\windows\system32\6334.exe
c:\windows\system32\bszip.dll
c:\windows\system32\dehehoji.exe
c:\windows\system32\mscert.dll
c:\windows\system32\ocyjiva.vbs
c:\windows\system32\rokiryvamu.vbs
c:\windows\vidikeni.exe
c:\windows\windows_messenger.exe
c:\windows\ywijosida.reg
c:\windows\zamyzyjaw.exe

----- BITS: Possible infected sites -----

hxxp://82.98.235.208
.
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-04 22:45 . 2009-11-04 22:45 -------- d-----w- C:\_OTL
2009-10-28 01:41 . 2009-10-28 01:41 236544 ----a-w- c:\windows\system32\pev.exe
2009-10-25 14:32 . 2005-09-20 14:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2009-10-25 14:25 . 2004-08-04 10:00 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2009-10-25 14:24 . 2004-08-04 10:00 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2009-10-25 14:23 . 2004-08-04 10:00 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe
2009-10-25 14:19 . 2004-08-04 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-10-25 14:19 . 2004-08-04 10:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2009-10-25 14:19 . 2004-08-04 10:00 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2009-10-25 14:19 . 2004-08-04 10:00 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2009-10-25 14:08 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-10-25 14:08 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-10-25 14:08 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-10-25 14:08 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-10-25 14:07 . 2009-10-25 14:07 -------- d-s---w- c:\windows\system32\config\systemprofile\History
2009-10-25 01:52 . 2009-10-25 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\45272525
2009-10-25 01:16 . 2004-08-04 10:00 7680 ----a-w- c:\windows\system32\migregdb.exe
2009-10-25 01:10 . 2004-08-04 10:00 16384 ----a-w- c:\windows\system32\isignup.exe
2009-10-25 01:08 . 2004-08-04 10:00 32768 ----a-w- c:\windows\system32\icwdl.dll
2009-10-25 01:07 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\inetwiz.exe
2009-10-25 01:06 . 2004-08-04 10:00 86016 ----a-w- c:\windows\system32\icwconn2.exe
2009-10-24 02:15 . 2008-12-03 23:53 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-24 02:15 . 2008-12-03 23:53 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 02:15 . 2009-10-24 02:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 22:46 . 2009-10-23 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\73022519
2009-10-23 22:46 . 2009-10-23 22:46 274 ----a-w- c:\documents and settings\All Users\Application Data\73022519\73022519.bat
2009-10-23 22:46 . 2009-10-23 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\49525732
2009-10-23 22:46 . 2009-10-23 22:46 274 ----a-w- c:\documents and settings\All Users\Application Data\49525732\49525732.bat
2009-10-23 22:44 . 2009-10-28 01:05 34709 ----a-w- c:\windows\system32\uses32.dat
2009-10-23 22:34 . 2004-08-04 10:00 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2009-10-23 22:34 . 2004-08-04 10:00 214528 ----a-w- c:\windows\system32\icwconn1.exe
2009-10-22 22:49 . 2009-10-22 22:49 -------- d-----w- c:\windows\dell
2009-10-22 01:27 . 2009-10-22 01:28 1244648 ----a-w- c:\documents and settings\Rachel Renner\Application Data\MSNInstaller\msnauins.exe
2009-10-22 01:27 . 2009-10-22 01:27 -------- d-----w- c:\documents and settings\Rachel Renner\Application Data\MSNInstaller
2009-10-22 01:26 . 2008-09-23 21:46 245408 ----a-w- c:\windows\system32\unicows.dll
2009-10-21 01:43 . 2009-10-21 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\13752321
2009-10-12 20:10 . 2009-10-12 20:10 152576 ----a-w- c:\documents and settings\Ryan Renner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 22:21 . 2009-03-27 03:25 -------- d-----w- c:\program files\a-squared Free
2009-10-25 14:19 . 2004-08-10 19:02 23428 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-10-25 14:18 . 2009-10-25 14:18 1663 ----a-w- c:\windows\inf\COME7.tmp
2009-10-25 01:06 . 2009-10-25 01:05 1663 ----a-w- c:\windows\inf\COMF5.tmp
2009-10-24 00:39 . 2009-10-24 00:39 1663 ----a-w- c:\windows\inf\COME5.tmp
2009-10-23 22:48 . 2007-05-26 02:32 46776 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 20:12 . 2005-11-23 13:22 -------- d-----w- c:\program files\Java
2009-10-05 19:32 . 2005-12-14 22:38 3398 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-05 19:32 . 2005-12-14 22:38 104 --sh--r- c:\windows\system32\4A6534F8FF.sys
2009-10-04 01:07 . 2009-10-03 12:01 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-01 02:20 . 2009-10-01 02:20 136 ----a-w- c:\documents and settings\Rachel Renner\Local Settings\Application Data\fusioncache.dat
2009-10-01 01:09 . 2009-10-01 01:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\5402604061
2009-10-01 01:03 . 2009-10-01 01:03 266 ----a-w- c:\documents and settings\Administrator\Application Data\5402604061\5402604061.bat
2009-09-26 02:48 . 2009-09-26 02:48 12827 ----a-w- c:\windows\usanobuwi.bin
2009-09-26 02:48 . 2009-09-26 02:48 11587 ----a-w- c:\windows\system32\bebul.exe
2009-09-26 02:21 . 2009-09-26 02:21 19094 ----a-w- c:\windows\system32\vuziba.com
2009-09-26 02:21 . 2009-09-26 02:21 15753 ----a-w- c:\windows\system32\aguriz.dat
2009-09-26 02:21 . 2009-09-26 02:21 14828 ----a-w- c:\windows\system32\tekite.scr
2009-09-26 02:21 . 2009-09-26 02:21 13582 ----a-w- c:\windows\system32\ylyh.dat
2009-09-26 02:06 . 2009-09-26 02:06 12996 ----a-w- c:\windows\system32\kevudumu.dat
2009-09-26 02:06 . 2009-09-26 02:06 10390 ----a-w- c:\windows\system32\agorol.exe
2009-09-26 02:06 . 2009-09-26 02:06 12593 ----a-w- c:\windows\system32\newemiceq.bin
2009-09-26 00:31 . 2009-09-26 00:31 15609 ----a-w- c:\windows\wahiviwize.bin
2009-09-26 00:31 . 2009-09-26 00:31 15516 ----a-w- c:\windows\ahylegotap.com
2009-09-26 00:31 . 2009-09-26 00:31 14003 ----a-w- c:\windows\cyvoxysa.com
2009-09-26 00:31 . 2009-09-26 00:31 10649 ----a-w- c:\windows\system32\gawywem.pif
2009-09-26 00:31 . 2009-09-26 00:31 19224 ----a-w- c:\windows\kusu.pif
2009-09-25 22:05 . 2009-09-25 22:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-25 21:59 . 2009-09-25 21:59 16922 ----a-w- c:\documents and settings\Rachel Renner\Application Data\nohu.dat
2009-09-25 21:59 . 2009-09-25 21:59 16136 ----a-w- c:\documents and settings\Rachel Renner\Application Data\osenigo.com
2009-09-25 21:59 . 2009-09-25 21:59 16136 ----a-w- c:\documents and settings\Rachel Renner\Application Data\osenigo.com
2009-09-25 21:59 . 2009-09-25 21:59 11295 ----a-w- c:\documents and settings\Rachel Renner\Application Data\pegykumap.pif
2009-09-25 21:59 . 2009-09-25 21:59 11295 ----a-w- c:\documents and settings\Rachel Renner\Application Data\pegykumap.pif
2009-09-25 21:59 . 2009-09-25 21:59 19651 ----a-w- c:\windows\omafisi.pif
2009-09-25 21:59 . 2009-09-25 21:59 17664 ----a-w- c:\documents and settings\Rachel Renner\Application Data\upydyhykew.dat
2009-09-25 20:04 . 2009-09-25 20:04 108 ----a-w- c:\windows\system32\temp32.bat
2009-09-11 22:15 . 2005-11-30 01:32 -------- d-----w- c:\program files\Lexmark X1100 Series
2009-09-09 15:04 . 2009-05-25 20:29 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 01:42 . 2009-07-21 01:42 27136 --sha-w- c:\windows\system32\zagubura.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\kbdnet.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ryan Renner^Start Menu^Programs^Startup^..]
path=c:\documents and settings\Ryan Renner\Start Menu\Programs\Startup\..
backup=c:\windows\pss\..Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"sprtsvc_ddoctorv2"=2 (0x2)
"NetSvc"=3 (0x3)
"MpfService"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"MBackMonitor"=3 (0x3)
"LexBceS"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)
"DSBrokerService"=3 (0x3)
"a2free"=2 (0x2)
"McShield"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\GameHouse\\TextTwist\\TextTwist.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\Program Files\\Windows Defender\\MSASCui.exe"=
"c:\\Program Files\\Windows Defender\\MsMpEng.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/27/2009 9:52 PM 64160]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1028432]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:52]

2009-10-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title = Windows Internet Explorer provided by Comcast
Trusted Zone: musicmatch.com\online
.
- - - - ORPHANS REMOVED - - - -

BHO-{A2234B15-23F2-42AD-F4E4-00AAC39C0004} - (no file)
SSODL-vojovofig-{e39f8ac8-8edb-4c4e-8ed7-4c3186614a1b} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 17:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\wuapi.dll.wusetup.147421.bak 430592 bytes executable
c:\windows\system32\wuauclt.exe.wusetup.150390.bak 111104 bytes executable
c:\windows\system32\wuaucpl.cpl.wusetup.151953.bak 162304 bytes executable
c:\windows\system32\wuaueng.dll.wusetup.153718.bak 1134592 bytes executable

scan completed successfully
hidden files: 4

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,11,f7,cd,31,61,39,44,b9,f9,fc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,11,f7,cd,31,61,39,44,b9,f9,fc,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(824)
c:\windows\system32\ieframe.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
.
**************************************************************************
.
Completion time: 2009-11-05 17:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-05 22:16

Pre-Run: 51,446,038,528 bytes free
Post-Run: 52,079,935,488 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

#10 rraa497

rraa497
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 05 November 2009 - 05:40 PM

Nevermind, I downloaded MBAM onto my flash drive off of my laptop and installed it onto my desktop. It is running now and when it is done I will post a log.

#11 rraa497

rraa497
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 05 November 2009 - 06:36 PM

Here is Malwarebytes log but I still can't go to the ESET website. It says the same thing.

Malwarebytes' Anti-Malware 1.41
Database version: 3107
Windows 5.1.2600 Service Pack 2

11/5/2009 6:26:47 PM
mbam-log-2009-11-05 (18-26-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 187920
Time elapsed: 45 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.Passwords) -> Data: c:\windows\system32\kbdnet.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.Passwords) -> Data: system32\kbdnet.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\13752321 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\45272525 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\49525732 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\73022519 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5402604061 (Rogue.SecurityTool) -> Quarantined and deleted successfully.

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\Rachel Renner\Application Data\seres.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Rachel Renner\Application Data\svcst.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mscert.dll.vir (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000041.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000042.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000059.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbdnet.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zagubura.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11042009_174543\C_Documents and Settings\Ryan Renner\Application Data\seres.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11042009_174543\C_Documents and Settings\Ryan Renner\Application Data\svcst.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\49525732\49525732.bat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\73022519\73022519.bat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5402604061\5402604061.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\5402604061\5402604061.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rachel Renner\Templates\data.tmp (Spyware.Passwords) -> Quarantined and deleted successfully.

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:22 AM

Posted 06 November 2009 - 07:45 AM

Ok can you use IE to navigate at all?
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Edited by kahdah, 06 November 2009 - 07:46 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 rraa497

rraa497
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 06 November 2009 - 08:56 PM

Status: My computer did a huge update and I have the service pack 3 now. It also fixed my internet by reinstalling my Internet Explorer 8 again. I was able to run the Eset scan and ran the OTL scan also.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=87e2298b32c85f4885ce87092d2a8878
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-07 01:48:25
# local_time=2009-11-06 08:48:25 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=76418
# found=0
# cleaned=0
# scan_time=2141


OTL logfile created on: 11/6/2009 8:51:16 PM - Run 3
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Ryan Renner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 259.67 Mb Available Physical Memory | 50.92% Memory free
1.22 Gb Paging File | 1.06 Gb Available in Paging File | 86.63% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.87 Gb Total Space | 45.88 Gb Free Space | 64.74% Space Free | Partition Type: NTFS
Drive D: | 581.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADULTS
Current User Name: Ryan Renner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ryan Renner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ryan Renner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\serwvdrv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\umdmxfrm.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (sprtsvc_ddoctorv2) -- File not found
SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (NetSvc) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (LexBceS) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (cercsr6) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (E100B) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/22 20:20:49 | 00,000,000 | ---D | M]

[2009/04/24 19:33:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Renner\Application Data\Mozilla\Extensions
[2009/04/24 19:33:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Renner\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 07:00:00 | 00,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3cedbfe5-613a-11da-8e2f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3cedbfe5-613a-11da-8e2f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3cedbfe5-613a-11da-8e2f-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2004/08/04 07:00:00 | 01,314,816 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/06 19:54:53 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/06 19:41:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/11/06 19:39:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/11/06 19:10:21 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/11/06 18:57:29 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/11/06 18:56:41 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/11/06 18:56:39 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/11/06 18:56:39 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/11/06 18:56:38 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/11/06 18:56:38 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/11/06 18:56:38 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/11/06 18:52:22 | 25,198,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/06 18:39:43 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/11/06 18:39:43 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/11/06 18:19:42 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/11/06 18:19:42 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/11/06 18:19:42 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/11/06 18:19:42 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/11/06 18:19:42 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/11/06 18:19:41 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/11/06 18:19:41 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/11/06 18:19:41 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/11/06 18:19:41 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/11/06 18:15:09 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/11/06 18:14:39 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/11/06 18:14:33 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/11/06 18:13:07 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/11/06 18:07:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2009/11/05 21:07:42 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ryan Renner\My Documents\mbam-setup.exe
[2009/11/05 18:31:04 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2009/11/05 18:31:03 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/11/05 18:29:27 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/11/05 18:29:27 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/11/05 18:29:27 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/11/05 18:29:27 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/11/05 17:37:24 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/05 17:37:22 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/05 17:37:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/05 17:37:06 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ryan Renner\Desktop\mbam-setup.exe
[2009/11/05 17:27:02 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/11/05 17:16:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/11/05 17:00:54 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/05 16:59:27 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/05 16:59:27 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/05 16:59:27 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/05 16:59:27 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/05 16:59:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/05 16:59:06 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/11/04 17:54:23 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/04 17:45:43 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/03 18:05:34 | 00,527,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan Renner\Desktop\OTL.exe
[2009/10/28 19:05:04 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Ryan Renner\Desktop\RootRepeal.exe
[2009/10/27 20:10:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Renner\My Documents\bleepingcomputer
[2009/10/25 09:32:39 | 00,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2009/10/25 09:26:14 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/10/25 09:26:14 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/10/25 09:26:14 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/10/25 09:26:13 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/10/25 09:26:13 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/10/25 09:26:13 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/10/25 09:26:11 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/10/25 09:26:11 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/10/25 09:26:09 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/10/25 09:26:08 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/10/25 09:26:08 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/10/25 09:26:04 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/10/25 09:26:04 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/10/25 09:26:03 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/10/25 09:26:02 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/10/25 09:26:02 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/10/25 09:26:01 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/10/25 09:26:01 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/10/25 09:26:01 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/10/25 09:26:00 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/10/25 09:26:00 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/10/25 09:26:00 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/10/25 09:25:56 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/10/25 09:25:53 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/10/25 09:25:52 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/10/25 09:25:52 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/10/25 09:25:51 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/10/25 09:25:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/10/25 09:25:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/10/25 09:25:50 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/10/25 09:25:50 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/10/25 09:25:50 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/10/25 09:25:50 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/10/25 09:25:50 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/10/25 09:25:50 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/10/25 09:25:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/10/25 09:25:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/10/25 09:25:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/10/25 09:25:50 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/10/25 09:25:49 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/10/25 09:25:49 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/10/25 09:25:49 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/10/25 09:25:49 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/10/25 09:25:48 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/10/25 09:25:42 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/10/25 09:25:42 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/10/25 09:25:40 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/10/25 09:25:40 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/10/25 09:25:38 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/10/25 09:25:37 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/10/25 09:25:36 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/10/25 09:25:34 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/10/25 09:25:34 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/10/25 09:25:33 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/10/25 09:25:30 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/10/25 09:25:30 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/10/25 09:25:30 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/10/25 09:25:30 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/10/25 09:25:29 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/10/25 09:25:29 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/10/25 09:25:29 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/10/25 09:25:28 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/10/25 09:25:27 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/10/25 09:25:27 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/10/25 09:25:27 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/10/25 09:25:27 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/10/25 09:25:22 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/10/25 09:25:16 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/10/25 09:25:10 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/10/25 09:25:10 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/10/25 09:24:58 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/10/25 09:24:58 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/10/25 09:24:56 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/10/25 09:24:53 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/10/25 09:24:52 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/10/25 09:24:52 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/10/25 09:24:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/10/25 09:24:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/10/25 09:24:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/10/25 09:24:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/10/25 09:24:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/10/25 09:24:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/10/25 09:24:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/10/25 09:24:48 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/10/25 09:24:48 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/10/25 09:24:48 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/10/25 09:24:47 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/10/25 09:24:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/10/25 09:24:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/10/25 09:24:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/10/25 09:24:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/10/25 09:24:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/10/25 09:24:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/10/25 09:24:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/10/25 09:24:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/10/25 09:24:46 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/10/25 09:24:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/10/25 09:24:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/10/25 09:24:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/10/25 09:24:45 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/10/25 09:24:45 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/10/25 09:24:44 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/10/25 09:24:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/10/25 09:24:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/10/25 09:24:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/10/25 09:24:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/10/25 09:24:40 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/10/25 09:24:40 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/10/25 09:24:39 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/10/25 09:24:39 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2009/10/25 09:24:39 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2009/10/25 09:24:39 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/10/25 09:24:39 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/10/25 09:24:39 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/10/25 09:24:38 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/10/25 09:24:38 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/10/25 09:24:38 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2009/10/25 09:24:38 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2009/10/25 09:24:38 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009/10/25 09:24:38 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/10/25 09:24:38 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/10/25 09:24:37 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/10/25 09:24:37 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/10/25 09:24:37 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/10/25 09:24:37 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/10/25 09:24:37 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/10/25 09:24:37 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/10/25 09:24:37 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/10/25 09:24:36 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/10/25 09:24:30 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/10/25 09:24:20 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/10/25 09:24:18 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/10/25 09:24:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/10/25 09:24:12 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/10/25 09:24:11 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/10/25 09:24:10 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/10/25 09:24:09 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/10/25 09:24:09 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/10/25 09:24:09 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/10/25 09:23:58 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/10/25 09:23:55 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/10/25 09:23:54 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2009/10/25 09:23:51 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/10/25 09:23:51 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/10/25 09:23:51 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/10/25 09:23:51 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/10/25 09:23:50 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/10/25 09:23:50 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/10/25 09:23:49 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/10/25 09:23:49 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/10/25 09:23:49 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/10/25 09:23:49 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/10/25 09:23:49 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/10/25 09:23:48 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/10/25 09:23:47 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/10/25 09:23:46 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/10/25 09:23:46 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/10/25 09:23:33 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/10/25 09:23:30 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/10/25 09:19:57 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/10/25 09:08:41 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/10/25 09:08:41 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/10/25 09:08:41 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/10/25 09:08:41 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/10/24 20:16:53 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\migregdb.exe
[2009/10/24 20:10:23 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isignup.exe
[2009/10/24 20:08:08 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdl.dll
[2009/10/24 20:07:11 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetwiz.exe
[2009/10/24 20:06:59 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwconn2.exe
[2009/10/23 17:34:08 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwconn1.exe
[2009/10/22 17:49:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\dell
[2009/10/21 20:26:51 | 00,245,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2009/10/15 20:46:07 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/10/12 15:12:27 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/12 15:12:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/12 15:12:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/06 19:55:41 | 00,444,132 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/06 19:55:41 | 00,383,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/06 19:55:41 | 00,054,276 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/06 19:52:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/06 19:51:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/06 19:51:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/06 19:51:19 | 53,482,7008 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/06 19:51:19 | 00,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/06 19:50:17 | 04,194,304 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\ntuser.dat
[2009/11/06 19:50:17 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Ryan Renner\ntuser.ini
[2009/11/06 19:40:18 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/11/06 19:24:10 | 00,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/05 17:41:26 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ryan Renner\My Documents\mbam-setup.exe
[2009/11/05 17:41:26 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ryan Renner\Desktop\mbam-setup.exe
[2009/11/05 17:37:26 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/05 17:22:47 | 00,000,253 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2009/11/05 17:10:59 | 00,000,467 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/05 17:10:09 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/05 17:01:07 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/05 16:59:10 | 00,608,344 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\Desktop\MCPR.exe
[2009/11/04 21:22:21 | 00,000,835 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/04 21:22:21 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/11/04 20:30:36 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/04 17:48:20 | 03,564,524 | R--- | M] () -- C:\Documents and Settings\Ryan Renner\Desktop\ComboFix.exe
[2009/11/03 18:10:06 | 00,291,328 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\My Documents\5ht47lov.exe
[2009/11/03 18:08:30 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan Renner\Desktop\OTL.exe
[2009/10/28 19:05:40 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\Desktop\settings.dat
[2009/10/28 19:02:40 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\Desktop\dds.scr
[2009/10/27 20:41:58 | 00,236,544 | ---- | M] () -- C:\WINDOWS\System32\pev.exe
[2009/10/27 20:41:58 | 00,008,173 | ---- | M] () -- C:\WINDOWS\System32\ncmd.cfxxe
[2009/10/27 20:20:04 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\Desktop\Win32kDiag.exe
[2009/10/27 20:19:10 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Ryan Renner\Desktop\RootRepeal.exe
[2009/10/27 20:02:22 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\Desktop\rkill.scr
[2009/10/25 09:27:35 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/10/25 09:21:49 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/25 09:21:49 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/25 09:21:31 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/25 09:20:31 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/10/25 09:20:31 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/10/25 09:19:07 | 00,023,428 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/25 09:18:09 | 00,001,066 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/10/25 09:09:08 | 00,004,200 | ---- | M] () -- C:\INFCACHE.1
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/24 21:00:00 | 00,264,933 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/10/23 21:12:07 | 00,796,986 | ---- | M] () -- C:\Documents and Settings\Ryan Renner\My Documents\backup ccleaner 10-23-09.reg
[2009/10/23 20:55:41 | 03,788,022 | -H-- | M] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\IconCache.db
[2009/10/22 21:31:14 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/21 20:16:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AAWService_2009_10_21_21_16_58.dmp
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/05 17:37:26 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/05 17:01:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/11/05 17:00:58 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/05 16:59:27 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/05 16:59:27 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/05 16:59:27 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/05 16:59:27 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/05 16:59:27 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/05 16:55:41 | 00,608,344 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Desktop\MCPR.exe
[2009/11/04 21:20:33 | 53,482,7008 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/04 17:53:38 | 03,564,524 | R--- | C] () -- C:\Documents and Settings\Ryan Renner\Desktop\ComboFix.exe
[2009/11/03 18:15:22 | 00,291,328 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\My Documents\5ht47lov.exe
[2009/10/28 19:16:47 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Desktop\Win32kDiag.exe
[2009/10/28 19:05:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Desktop\settings.dat
[2009/10/28 18:59:44 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Desktop\dds.scr
[2009/10/27 20:41:58 | 00,236,544 | ---- | C] () -- C:\WINDOWS\System32\pev.exe
[2009/10/27 20:41:58 | 00,008,173 | ---- | C] () -- C:\WINDOWS\System32\ncmd.cfxxe
[2009/10/27 20:01:23 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Desktop\rkill.scr
[2009/10/25 09:26:26 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/10/25 09:25:31 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/10/25 09:25:31 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/10/25 09:25:29 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/10/25 09:24:54 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/10/25 09:24:53 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/10/25 09:24:39 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/10/25 09:24:38 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/10/25 09:24:36 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/10/25 09:24:24 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/10/25 09:24:18 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/10/25 09:23:51 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/10/25 09:23:46 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/10/25 09:23:46 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/10/25 09:23:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/10/25 09:23:45 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/10/25 09:23:45 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/10/25 09:23:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/10/25 09:23:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/10/25 09:23:44 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/10/25 09:23:44 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/10/25 09:23:44 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/10/25 09:23:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/10/25 09:23:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/10/25 09:23:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/10/25 09:23:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/10/25 09:23:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/10/25 09:23:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/10/25 09:23:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/10/25 09:23:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/10/25 09:23:42 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/10/25 09:23:42 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/10/25 09:23:42 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/10/25 09:23:42 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/10/25 09:23:42 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/10/25 09:23:42 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/10/25 09:23:42 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/10/25 09:23:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/10/25 09:23:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/10/25 09:23:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/10/25 09:23:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/10/25 09:23:40 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/10/25 09:23:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/10/25 09:23:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/10/25 09:23:39 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/10/25 09:23:39 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/10/25 09:23:39 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/10/25 09:23:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/10/25 09:23:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/10/25 09:23:38 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/10/25 09:23:37 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/10/25 09:20:31 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/10/25 09:20:24 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/10/25 09:08:28 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/10/25 09:08:28 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/10/25 09:08:28 | 00,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/10/25 09:08:27 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/10/25 09:08:27 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/10/25 09:08:27 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/10/25 09:08:27 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/10/23 21:11:46 | 00,796,986 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\My Documents\backup ccleaner 10-23-09.reg
[2009/10/23 17:44:40 | 00,000,253 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2009/10/22 22:01:24 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/10/22 17:37:13 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/21 20:16:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AAWService_2009_10_21_21_16_58.dmp
[2009/10/15 20:45:04 | 00,002,675 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/09/25 21:48:19 | 00,018,272 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\ykoruruci.ban
[2009/04/12 19:46:59 | 00,773,548 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2007/10/10 22:59:22 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\fusioncache.dat
[2006/09/23 12:34:47 | 00,000,027 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2006/08/24 06:42:58 | 00,000,182 | ---- | C] () -- C:\WINDOWS\KA.INI
[2006/08/22 10:03:58 | 00,000,663 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/05/26 17:20:16 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/08 10:56:34 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/04 16:20:21 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Application Data\PFP120JPR.{PB
[2006/03/04 16:20:21 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Application Data\PFP120JCM.{PB
[2006/03/01 21:40:05 | 00,046,776 | ---- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/12/14 17:38:34 | 00,003,398 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/14 17:38:34 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\4A6534F8FF.sys
[2005/11/29 22:34:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/11/29 20:33:31 | 00,000,369 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/11/29 20:00:14 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/29 19:50:40 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Ryan Renner\Application Data\desktop.ini
[2005/11/29 19:50:39 | 03,788,022 | -H-- | C] () -- C:\Documents and Settings\Ryan Renner\Local Settings\Application Data\IconCache.db
[2005/11/23 08:46:37 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/23 08:31:33 | 00,000,705 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/23 08:04:46 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/11/23 08:04:34 | 00,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 09:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/10 13:51:28 | 00,000,835 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 13:51:26 | 00,000,467 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/03 19:56:46 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/18 05:46:38 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2002/11/13 10:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 06:40:06 | 00,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:288A91F8
< End of report >

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:22 AM

Posted 07 November 2009 - 10:52 AM

Great.


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2009/11/05 17:22:47 | 00,000,253 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.
==========
AFter that let me know how things are running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 rraa497

rraa497
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 07 November 2009 - 12:11 PM

The computer is running good now! It is fast again! How do I go about reinstalling McAfee or do you recommend a different virus protection? Also, should I keep all of the programs that I downloaded to solve this issue or delete them? Thanks a lot for all of your time and help!!!


========== OTL ==========
C:\WINDOWS\system32\uses32.dat moved successfully.

OTL by OldTimer - Version 3.1.3.3 log created on 11072009_120831




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users