Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant run programs, greatfeedmill


  • This topic is locked This topic is locked
11 replies to this topic

#1 culen20

culen20

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 02 November 2009 - 08:40 PM

Hello Budapest told me to come here here is a link to my other forum http://www.bleepingcomputer.com/forums/t/267189/slow-computer-unable-to-get-into-safe-mode/

I couldnt run the dds it said this program couldnt run in dos mode

so here is my Rooter log and Root reapeal

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/02 20:36
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: ABP480N5.SYS
Image Path: ABP480N5.SYS
Address: 0xF77A4000 Size: 23552 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF73AD000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2057728 File Visible: - Signed: -
Status: -

Name: adpu160m.sys
Image Path: adpu160m.sys
Address: 0xF730E000 Size: 101888 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xED870000 Size: 138368 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF75CC000 Size: 42368 File Visible: - Signed: -
Status: -

Name: agpCPQ.sys
Image Path: agpCPQ.sys
Address: 0xF75FC000 Size: 44928 File Visible: - Signed: -
Status: -

Name: aha154x.sys
Image Path: aha154x.sys
Address: 0xF78FC000 Size: 12800 File Visible: - Signed: -
Status: -

Name: aic78u2.sys
Image Path: aic78u2.sys
Address: 0xF753C000 Size: 55168 File Visible: - Signed: -
Status: -

Name: aic78xx.sys
Image Path: aic78xx.sys
Address: 0xF750C000 Size: 56960 File Visible: - Signed: -
Status: -

Name: aliide.sys
Image Path: aliide.sys
Address: 0xF79E0000 Size: 5248 File Visible: - Signed: -
Status: -

Name: alim1541.sys
Image Path: alim1541.sys
Address: 0xF75DC000 Size: 42752 File Visible: - Signed: -
Status: -

Name: amdagp.sys
Image Path: amdagp.sys
Address: 0xF75EC000 Size: 43008 File Visible: - Signed: -
Status: -

Name: amsint.sys
Image Path: amsint.sys
Address: 0xF7908000 Size: 12032 File Visible: - Signed: -
Status: -

Name: asc.sys
Image Path: asc.sys
Address: 0xF7774000 Size: 26496 File Visible: - Signed: -
Status: -

Name: asc3350p.sys
Image Path: asc3350p.sys
Address: 0xF77AC000 Size: 22400 File Visible: - Signed: -
Status: -

Name: asc3550.sys
Image Path: asc3550.sys
Address: 0xF790C000 Size: 14848 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF7327000 Size: 95360 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7BA2000 Size: 3072 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF78F4000 Size: 16384 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7A52000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF78EC000 Size: 12288 File Visible: - Signed: -
Status: -

Name: cbidf2k.sys
Image Path: cbidf2k.sys
Address: 0xF7914000 Size: 13952 File Visible: - Signed: -
Status: -

Name: cd20xrnt.sys
Image Path: cd20xrnt.sys
Address: 0xF79EC000 Size: 7680 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBA40D000 Size: 63744 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBA40D000 Size: 63744 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: Cdr4_xp.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS
Address: 0xF762C000 Size: 44288 File Visible: - Signed: -
Status: -

Name: Cdralw2k.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdralw2k.SYS
Address: 0xF781C000 Size: 24832 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF763C000 Size: 49536 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF759C000 Size: 53248 File Visible: - Signed: -
Status: -

Name: cmdide.sys
Image Path: cmdide.sys
Address: 0xF79E2000 Size: 6656 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF78F0000 Size: 9344 File Visible: - Signed: -
Status: -

Name: cpqarray.sys
Image Path: cpqarray.sys
Address: 0xF78F8000 Size: 14976 File Visible: - Signed: -
Status: -

Name: CVPNDRVA.sys
Image Path: C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
Address: 0xBA150000 Size: 544768 File Visible: - Signed: -
Status: -

Name: dac2w2k.sys
Image Path: dac2w2k.sys
Address: 0xF72E2000 Size: 179584 File Visible: - Signed: -
Status: -

Name: dac960nt.sys
Image Path: dac960nt.sys
Address: 0xF7904000 Size: 14720 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF758C000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF7357000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF79EA000 Size: 5888 File Visible: - Signed: -
Status: -

Name: dne2000.sys
Image Path: C:\WINDOWS\system32\DRIVERS\dne2000.sys
Address: 0xF559F000 Size: 112928 File Visible: - Signed: -
Status: -

Name: dpti2o.sys
Image Path: dpti2o.sys
Address: 0xF77B4000 Size: 20192 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF0EAF000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xED739000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xEE106000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF1C09000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xEE027000 Size: 4096 File Visible: - Signed: -
Status: -

Name: eeCtrl.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Address: 0xED774000 Size: 401408 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xED751000 Size: 143360 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xEE0AA000 Size: 34944 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF72C2000 Size: 128896 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7A50000 Size: 7936 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7A50000 Size: 7936 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF737D000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806CE000 Size: 81280 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF563C000 Size: 151552 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xEE02A000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xEDEF9000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF5167000 Size: 9600 File Visible: - Signed: -
Status: -

Name: hpn.sys
Image Path: hpn.sys
Address: 0xF77C4000 Size: 25952 File Visible: - Signed: -
Status: -

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xF5661000 Size: 717952 File Visible: - Signed: -
Status: -

Name: HSF_DPV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
Address: 0xF5711000 Size: 1035008 File Visible: - Signed: -
Status: -

Name: HSFHWBS2.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Address: 0xF580E000 Size: 231168 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xBA047000 Size: 262784 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF7A4E000 Size: 8192 File Visible: - Signed: -
Status: -

Name: i2omp.sys
Image Path: i2omp.sys
Address: 0xF7784000 Size: 18560 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF7099000 Size: 52736 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF7089000 Size: 41856 File Visible: - Signed: -
Status: -

Name: ini910u.sys
Image Path: ini910u.sys
Address: 0xF7910000 Size: 16000 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF79E8000 Size: 5504 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xED8BA000 Size: 134912 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xED933000 Size: 74752 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF74DC000 Size: 35840 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7804000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xF556F000 Size: 14848 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF79DC000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB896A000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF5847000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF72AB000 Size: 92544 File Visible: - Signed: -
Status: -

Name: MCSTRM.SYS
Image Path: C:\WINDOWS\System32\Drivers\MCSTRM.SYS
Address: 0xEE114000 Size: 7360 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xB9ECD000 Size: 12544 File Visible: - Signed: -
Status: -

Name: mfeapfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfeapfk.sys
Address: 0xB9804000 Size: 67456 File Visible: - Signed: -
Status: -

Name: mfeavfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfeavfk.sys
Address: 0xB97C7000 Size: 83072 File Visible: - Signed: -
Status: -

Name: mfebopk.sys
Image Path: C:\WINDOWS\system32\drivers\mfebopk.sys
Address: 0xB991D000 Size: 35424 File Visible: - Signed: -
Status: -

Name: mfehidk.sys
Image Path: mfehidk.sys
Address: 0xF7171000 Size: 331840 File Visible: - Signed: -
Status: -

Name: mfetdik.sys
Image Path: C:\WINDOWS\system32\drivers\mfetdik.sys
Address: 0xF0E7F000 Size: 55584 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7A54000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF7824000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF78A4000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xF7071000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF74EC000 Size: 42240 File Visible: - Signed: -
Status: -

Name: mraid35x.sys
Image Path: mraid35x.sys
Address: 0xF777C000 Size: 17280 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xBA455000 Size: 179584 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xBA455000 Size: 179584 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xED7D6000 Size: 453632 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xEDEE9000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF769C000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF79C0000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF71C3000 Size: 107904 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF71DE000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7079000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xBA7C4000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF5588000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF76AC000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF0712000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xED892000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xEDEE1000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF720B000 Size: 574464 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF720B000 Size: 574464 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2057728 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xEDA8E000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF012000 Size: 6111232 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xF58B5000 Size: 6554496 File Visible: - Signed: -
Status: -

Name: NVENETFD.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
Address: 0xF76CC000 Size: 34048 File Visible: - Signed: -
Status: -

Name: nvnetbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
Address: 0xF707D000 Size: 12928 File Visible: - Signed: -
Status: -

Name: NVNRM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS
Address: 0xF55F2000 Size: 303104 File Visible: - Signed: -
Status: -

Name: NVSNPU.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS
Address: 0xF55BB000 Size: 225280 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF588D000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7764000 Size: 18688 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF739C000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7AA4000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF775C000 Size: 28672 File Visible: - Signed: -
Status: -

Name: perc2.sys
Image Path: perc2.sys
Address: 0xF77BC000 Size: 27296 File Visible: - Signed: -
Status: -

Name: perc2hib.sys
Image Path: perc2hib.sys
Address: 0xF79EE000 Size: 5504 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2057728 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xED966000 Size: 139264 File Visible: - Signed: -
Status: -

Name: processr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\processr.sys
Address: 0xF765C000 Size: 35328 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF5577000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF788C000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF77CC000 Size: 19936 File Visible: - Signed: -
Status: -

Name: ql1080.sys
Image Path: ql1080.sys
Address: 0xF755C000 Size: 40320 File Visible: - Signed: -
Status: -

Name: ql10wnt.sys
Image Path: ql10wnt.sys
Address: 0xF751C000 Size: 33152 File Visible: - Signed: -
Status: -

Name: ql12160.sys
Image Path: ql12160.sys
Address: 0xF757C000 Size: 45312 File Visible: - Signed: -
Status: -

Name: ql1240.sys
Image Path: ql1240.sys
Address: 0xF752C000 Size: 40448 File Visible: - Signed: -
Status: -

Name: ql1280.sys
Image Path: ql1280.sys
Address: 0xF756C000 Size: 49024 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xEE0E6000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF766C000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF767C000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF768C000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF7894000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2057728 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xED845000 Size: 174592 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7A56000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF51B3000 Size: 196864 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF764C000 Size: 57472 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB7571000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xF1F71000 Size: 4083712 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Address: 0xF733F000 Size: 98304 File Visible: - Signed: -
Status: -

Name: sisagp.sys
Image Path: sisagp.sys
Address: 0xF75AC000 Size: 41088 File Visible: - Signed: -
Status: -

Name: sparrow.sys
Image Path: sparrow.sys
Address: 0xF776C000 Size: 19072 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB9FA5000 Size: 333184 File Visible: - Signed: -
Status: -

Name: sunkfilt.sys
Image Path: C:\WINDOWS\System32\Drivers\sunkfilt.sys
Address: 0xF1D01000 Size: 24640 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7A3C000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sym_hi.sys
Image Path: sym_hi.sys
Address: 0xF7794000 Size: 28384 File Visible: - Signed: -
Status: -

Name: sym_u3.sys
Image Path: sym_u3.sys
Address: 0xF779C000 Size: 30688 File Visible: - Signed: -
Status: -

Name: symc810.sys
Image Path: symc810.sys
Address: 0xF7900000 Size: 16256 File Visible: - Signed: -
Status: -

Name: symc8xx.sys
Image Path: symc8xx.sys
Address: 0xF778C000 Size: 32640 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xEE08A000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xED8DB000 Size: 360320 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xED8DB000 Size: 360320 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF782C000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF5F36000 Size: 40704 File Visible: - Signed: -
Status: -

Name: toside.sys
Image Path: toside.sys
Address: 0xF79E4000 Size: 4992 File Visible: - Signed: -
Status: -

Name: ultra.sys
Image Path: ultra.sys
Address: 0xF754C000 Size: 36736 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF517F000 Size: 209408 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF0B6E000 Size: 31616 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7A60000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7814000 Size: 26624 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF76BC000 Size: 57600 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xF780C000 Size: 17024 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF586A000 Size: 143360 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xF68D2000 Size: 25856 File Visible: - Signed: -
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xEE0EE000 Size: 15104 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF0850000 Size: 26496 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xEDEF1000 Size: 20992 File Visible: - Signed: -
Status: -

Name: viaagp.sys
Image Path: viaagp.sys
Address: 0xF75BC000 Size: 42240 File Visible: - Signed: -
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xF79E6000 Size: 5376 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF58A1000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF74FC000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xEE09A000 Size: 34560 File Visible: - Signed: -
Status: -

Name: wanatw4.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanatw4.sys
Address: 0xF789C000 Size: 20512 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF78C4000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xBA683000 Size: 82944 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF7884000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF76DC000 Size: 61440 File Visible: No Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF79DE000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2057728 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF7298000 Size: 77568 File Visible: - Signed: -
Status: -



Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 15 Model 47 Stepping 2, AuthenticAMD
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
.
C:\ [Fixed-NTFS] .. ( Total:181 Go - Free:100 Go )
D:\ [Fixed-FAT32] .. ( Total:4 Go - Free:2 Go )
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
K:\ [Removable]
.
Scan : 20:34.49
Path : C:\Documents and Settings\Owner\Desktop\Rooter.exe
User : Owner ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (820)
______ \??\C:\WINDOWS\system32\csrss.exe (936)
______ \??\C:\WINDOWS\system32\winlogon.exe (960)
______ C:\WINDOWS\system32\services.exe (1008)
______ C:\WINDOWS\system32\lsass.exe (1028)
______ C:\WINDOWS\system32\svchost.exe (1212)
______ C:\WINDOWS\system32\svchost.exe (1264)
______ C:\WINDOWS\System32\svchost.exe (1428)
______ C:\WINDOWS\system32\svchost.exe (1512)
______ C:\WINDOWS\system32\svchost.exe (1696)
______ C:\WINDOWS\system32\svchost.exe (1868)
______ C:\WINDOWS\system32\spoolsv.exe (288)
______ C:\WINDOWS\system32\rundll32.exe (520)
______ C:\Program Files\QuickTime\qttask.exe (528)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (536)
______ C:\Program Files\Digital Media Reader\shwiconem.exe (544)
______ C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (124)
______ C:\WINDOWS\RTHDCPL.EXE (600)
______ (616)
______ C:\WINDOWS\explorer.exe (740)
______ C:\WINDOWS\system32\svchost.exe (896)
______ C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (1164)
______ C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (1248)
______ C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (1344)
______ C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (1392)
______ C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (1404)
______ C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (1644)
______ C:\WINDOWS\eHome\ehRecvr.exe (1792)
______ C:\WINDOWS\eHome\ehSched.exe (1900)
______ C:\Program Files\ICQ6Toolbar\ICQ Service.exe (2012)
______ C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (412)
______ C:\Program Files\McAfee\Common Framework\FrameworkService.exe (448)
______ C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (2144)
______ C:\WINDOWS\system32\mfevtps.exe (2220)
______ C:\WINDOWS\system32\nvsvc32.exe (2240)
______ C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (2316)
______ C:\WINDOWS\system32\svchost.exe (2352)
______ C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (2480)
______ C:\Program Files\Internet Explorer\iexplore.exe (2524)
______ C:\WINDOWS\system32\svchost.exe (2604)
______ C:\WINDOWS\System32\ups.exe (2736)
______ C:\WINDOWS\ehome\mcrdsvc.exe (2768)
______ C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (2860)
______ C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (2972)
______ C:\Program Files\Canon\CAL\CALMAIN.exe (3104)
______ C:\WINDOWS\system32\dllhost.exe (392)
______ C:\WINDOWS\System32\alg.exe (2272)
______ C:\Program Files\Internet Explorer\iexplore.exe (3312)
______ C:\WINDOWS\System32\svchost.exe (2408)
______ C:\WINDOWS\system32\ctfmon.exe (4196)
______ C:\DOCUME~1\Owner\LOCALS~1\Temp\notepad.exe (4284)
______ C:\DOCUME~1\Owner\LOCALS~1\Temp\mdm.exe (4328)
______ C:\Program Files\Internet Explorer\iexplore.exe (4628)
______ C:\Program Files\Internet Explorer\iexplore.exe (5836)
______ c:\program files\aol\aol toolbar 3.1\aoltbhelper.exe (784)
______ C:\Program Files\Internet Explorer\iexplore.exe (5128)
______ C:\Program Files\Internet Explorer\iexplore.exe (2424)
______ C:\Documents and Settings\Owner\Desktop\Rooter.exe (2680)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:4737761280 | Length:195301048320)
\Device\Harddisk0\Partition2 (Start_Offset:32256 | Length:4737729024)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\DOCUME~1\Owner\Desktop\Games\Command & Conquer Generals\keygen.exe
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 20:35.30
.
C:\Rooter$\Rooter_2.txt - (02/11/2009 | 20:35.30).c

BC AdBot (Login to Remove)

 


#2 culen20

culen20
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 05 November 2009 - 07:03 PM

hey i understand that you guys are all very busy but should i just do a system restore?4

Hello culen20,

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by The weatherman, 06 November 2009 - 06:59 PM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:09 AM

Posted 08 November 2009 - 06:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

http://www.trendmicro.com/vinfo/grayware/v...=CRCK_KEYGEN.BB

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

http://blog.trendmicro.com/crack-sites-dis...rux-and-fakeav/


When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


If you still need assistance please remove all cracked software from your system. Namely the:
  • Command & Conquer
.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 culen20

culen20
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 08 November 2009 - 10:31 PM

OTL Extras logfile created on: 11/8/2009 10:13:06 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 63.57 Mb Available Physical Memory | 6.21% Memory free
2.21 Gb Paging File | 1.36 Gb Available in Paging File | 61.22% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.89 Gb Total Space | 100.44 Gb Free Space | 55.22% Space Free | Partition Type: NTFS
Drive D: | 4.40 Gb Total Space | 2.38 Gb Free Space | 54.07% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRONSON
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.scr [@ = AutoCADScriptFile] -- C:\WINDOWS\NOTEPAD.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- ()
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1130652600\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1130652600\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\ICQLite\ICQLite.exe" = C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Program Files\Common Files\AOL\1130652600\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1130652600\EE\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1130652600\EE\aim6.exe" = C:\Program Files\Common Files\AOL\1130652600\EE\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II -- (Electronic Arts Inc.)
"C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\patchget.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\patchget.dat:*:Disabled:patchgrabber -- (Electronic Arts)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\taskmgr.exe" = C:\WINDOWS\system32\taskmgr.exe:*:Enabled:taskmgr -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore -- (Microsoft Corporation)
"C:\Program Files\Common Files\e.exe" = C:\Program Files\Common Files\e.exe:*:Enabled:e -- ()
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe:*:Enabled:PDVDServ -- (Cyberlink Corp.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5783F2D7-0103-0409-0000-0060B0CE6BBA}" = Mechanical Desktop 6
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 3.57
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{9024562E-CBEC-48B5-894A-1C59269302FE}" = Broderbund Home Design 5.1
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B1A78D39-93C0-4BBE-BA50-51F9C9D8F67E}" = Questions and Answers to Help You Pass the Real Estate Appraisal Exams
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}" = Canon MP450
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"4G_1.0" = JumpStart 4th Grade v1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"AIM_6" = AIM 6
"AMA" = AutoCAD Mechanical 6 Migration Assistance
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"AnswerWorks" = AnswerWorks Runtime
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"BigFix" = BigFix
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CIF USB CAMERA" = CIF USB CAMERA
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"CompuCram Appraisal" = CompuCram Appraisal
"CSCLIB" = Canon Camera Support Core Library
"DnsUpdater1" = DNS Changer (remove only)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"eMusic Download Manager" = eMusic Download Manager 4.0.0.5
"Encyclopaedia Britannica 2006 Ultimate Reference Suite DVD" = Encyclopaedia Britannica 2006 Ultimate Reference Suite DVD
"EOS Utility" = Canon Utilities EOS Utility
"EuroTalk Talk Now Multi-Language" = EuroTalk Talk Now Multi-Language
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"InstallShield_{9024562E-CBEC-48B5-894A-1C59269302FE}" = Broderbund Home Design 5.1
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Internet Explorer Security Plugin 2006" = Internet Explorer Security Plugin 2006
"Internet Security Add-On" = Internet Security Add-On
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"MDTAMA" = Mechanical Desktop 6 Migration Assistance
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator 2.0" = Canon MP Navigator 2.0
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"PokerStars.net" = PokerStars.net
"Port Magic" = Pure Networks Port Magic
"QuickTime" = QuickTime
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Sierra Utilities" = Sierra Utilities
"Skype_is1" = Skype 2.0
"Snood 4_is1" = Snood 4
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-976086106-2868554521-2455347450-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/26/2009 9:09:36 PM | Computer Name = BRONSON | Source = Application Error | ID = 1000
Description = Faulting application snood.exe, version 0.0.0.0, faulting module dmusic.dll,
version 5.3.2600.2180, fault address 0x0000d405.

Error - 11/26/2009 9:09:56 PM | Computer Name = BRONSON | Source = Application Error | ID = 1000
Description = Faulting application snood.exe, version 0.0.0.0, faulting module dmusic.dll,
version 5.3.2600.2180, fault address 0x0000d405.

Error - 11/29/2009 2:56:09 PM | Computer Name = BRONSON | Source = Application Error | ID = 1000
Description = Faulting application snood.exe, version 0.0.0.0, faulting module dmusic.dll,
version 5.3.2600.2180, fault address 0x0000d40a.

Error - 11/29/2009 2:56:12 PM | Computer Name = BRONSON | Source = Application Error | ID = 1001
Description = Fault bucket 442764910.

Error - 11/29/2009 2:56:16 PM | Computer Name = BRONSON | Source = Application Error | ID = 1000
Description = Faulting application snood.exe, version 0.0.0.0, faulting module dmusic.dll,
version 5.3.2600.2180, fault address 0x0000d40a.

Error - 11/29/2009 2:56:26 PM | Computer Name = BRONSON | Source = Application Error | ID = 1001
Description = Fault bucket 442764910.

Error - 11/29/2009 3:01:23 PM | Computer Name = BRONSON | Source = Application Error | ID = 1000
Description = Faulting application snood.exe, version 0.0.0.0, faulting module dmusic.dll,
version 5.3.2600.2180, fault address 0x0000d40a.

Error - 11/29/2009 3:01:25 PM | Computer Name = BRONSON | Source = Application Error | ID = 1001
Description = Fault bucket 442764910.

Error - 12/2/2008 5:30:41 PM | Computer Name = BRONSON | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 6.0.12.1483, faulting module
rjbviz.dll, version 1.0.2.3892, fault address 0x0000c0f7.

Error - 12/10/2008 4:14:25 PM | Computer Name = BRONSON | Source = Application Error | ID = 1000
Description = Faulting application ccapp.exe, version 104.0.7.3, faulting module
msvcr71.dll, version 7.10.3052.4, fault address 0x000017fb.

[ Application Events ]
Error - 11/26/2009 9:09:36 PM | Computer Name = BRONSON | Source = Application Error | ID = 1000
Description = Faulting application snood.exe, version 0.0.0.0, faulting module dmusic.dll,
version 5.3.2600.2180, fault address 0x0000d405.

Error - 11/26/2009 9:09:56 PM | Computer Name = BRONSON | Source = Application Error | ID = 1000
Description = Faulting application snood.exe, version 0.0.0.0, faulting module dmusic.dll,
version 5.3.2600.2180, fault address 0x0000d405.

Error - 11/29/2009 2:56:09 PM | Computer Name = BRONSON | Source = Application Error | ID = 1000
Description = Faulting application snood.exe, version 0.0.0.0, faulting module dmusic.dll,
version 5.3.2600.2180, fault address 0x0000d40a.

Error - 11/29/2009 2:56:12 PM | Computer Name = BRONSON | Source = Application Error | ID = 1001
Description = Fault bucket 442764910.

Error - 11/29/2009 2:56:16 PM | Computer Name = BRONSON | Source = Application Error | ID = 1000
Description = Faulting application snood.exe, version 0.0.0.0, faulting module dmusic.dll,
version 5.3.2600.2180, fault address 0x0000d40a.

Error - 11/29/2009 2:56:26 PM | Computer Name = BRONSON | Source = Application Error | ID = 1001
Description = Fault bucket 442764910.

Error - 11/29/2009 3:01:23 PM | Computer Name = BRONSON | Source = Application Error | ID = 1000
Description = Faulting application snood.exe, version 0.0.0.0, faulting module dmusic.dll,
version 5.3.2600.2180, fault address 0x0000d40a.

Error - 11/29/2009 3:01:25 PM | Computer Name = BRONSON | Source = Application Error | ID = 1001
Description = Fault bucket 442764910.

Error - 12/2/2008 5:30:41 PM | Computer Name = BRONSON | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 6.0.12.1483, faulting module
rjbviz.dll, version 1.0.2.3892, fault address 0x0000c0f7.

Error - 12/10/2008 4:14:25 PM | Computer Name = BRONSON | Source = Application Error | ID = 1000
Description = Faulting application ccapp.exe, version 104.0.7.3, faulting module
msvcr71.dll, version 7.10.3052.4, fault address 0x000017fb.

[ System Events ]
Error - 11/2/2009 8:12:13 PM | Computer Name = BRONSON | Source = Service Control Manager | ID = 7000
Description = The McAfee Engine Service service failed to start due to the following
error: %%5

Error - 11/2/2009 8:12:18 PM | Computer Name = BRONSON | Source = Service Control Manager | ID = 7000
Description = The McAfee Engine Service service failed to start due to the following
error: %%5

Error - 11/2/2009 8:12:23 PM | Computer Name = BRONSON | Source = Service Control Manager | ID = 7000
Description = The McAfee Engine Service service failed to start due to the following
error: %%5

Error - 11/2/2009 8:12:28 PM | Computer Name = BRONSON | Source = Service Control Manager | ID = 7000
Description = The McAfee Engine Service service failed to start due to the following
error: %%5

Error - 11/2/2009 8:12:33 PM | Computer Name = BRONSON | Source = Service Control Manager | ID = 7000
Description = The McAfee Engine Service service failed to start due to the following
error: %%5

Error - 11/2/2009 8:12:38 PM | Computer Name = BRONSON | Source = Service Control Manager | ID = 7000
Description = The McAfee Engine Service service failed to start due to the following
error: %%5

Error - 11/2/2009 8:19:57 PM | Computer Name = BRONSON | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/2/2009 9:16:31 PM | Computer Name = BRONSON | Source = Service Control Manager | ID = 7000
Description = The McAfee Engine Service service failed to start due to the following
error: %%5

Error - 11/2/2009 9:16:35 PM | Computer Name = BRONSON | Source = Service Control Manager | ID = 7022
Description = The Canon Camera Access Library 8 service hung on starting.

Error - 11/2/2009 9:16:47 PM | Computer Name = BRONSON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.


< End of report >

OTL logfile created on: 11/8/2009 10:13:06 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 63.57 Mb Available Physical Memory | 6.21% Memory free
2.21 Gb Paging File | 1.36 Gb Available in Paging File | 61.22% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.89 Gb Total Space | 100.44 Gb Free Space | 55.22% Space Free | Partition Type: NTFS
Drive D: | 4.40 Gb Total Space | 2.38 Gb Free Space | 54.07% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRONSON
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/08 22:12:29 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/11/08 22:02:47 | 00,023,044 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Temp\services.exe
PRC - [2009/11/08 19:46:02 | 00,023,044 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Temp\setup.exe
PRC - [2009/11/08 17:25:43 | 00,023,044 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Temp\cmd.exe
PRC - [2009/11/08 17:25:42 | 00,023,044 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Temp\winamp.exe
PRC - [2009/11/08 17:25:41 | 00,023,044 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Temp\login.exe
PRC - [2009/11/08 15:09:04 | 00,023,044 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Temp\csrss.exe
PRC - [2009/11/08 15:09:03 | 00,023,044 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Temp\user.exe
PRC - [2009/11/08 12:54:08 | 00,023,044 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Temp\mdm.exe
PRC - [2009/11/08 12:54:07 | 00,023,044 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Temp\win.exe
PRC - [2009/11/08 12:54:06 | 00,023,044 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Temp\win16.exe
PRC - [2009/04/21 21:34:24 | 12,314,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/09/29 07:07:00 | 00,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2008/09/29 07:07:00 | 00,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/09/29 07:07:00 | 00,067,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2008/09/29 07:07:00 | 00,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2008/09/29 07:07:00 | 00,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2008/06/10 18:26:28 | 00,222,456 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2008/05/02 21:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/03/14 03:00:00 | 00,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/14 03:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/01/29 16:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/23 22:19:03 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/05/15 17:24:33 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/04/19 13:27:28 | 00,045,056 | ---- | M] (AOL LLC) -- c:\Program Files\AOL\AOL Toolbar 3.1\aoltbhelper.exe
PRC - [2006/04/19 13:27:28 | 00,045,056 | ---- | M] (AOL LLC) -- c:\Program Files\AOL\AOL Toolbar 3.1\aoltbhelper.exe
PRC - [2006/03/24 10:03:32 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/10/30 00:59:46 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/10/11 08:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2005/09/30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/09/22 12:36:20 | 14,854,144 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/08/12 16:37:50 | 01,504,256 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2004/11/15 17:04:32 | 00,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
PRC - [2004/11/02 22:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 00,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/07/21 16:26:36 | 00,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2003/05/08 11:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2003/05/08 11:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe


========== Modules (SafeList) ==========

MOD - [2009/11/08 22:12:29 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009/11/04 17:36:29 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\system32\yewufuba.dll
MOD - [2009/08/08 17:38:24 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\system32\livugafo.dll
MOD - [2009/08/08 05:38:11 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\system32\payujepi.dll
MOD - [2009/07/28 05:32:10 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\system32\wakadewi.dll
MOD - [2009/03/21 09:18:57 | 00,023,552 | -HS- | M] (Microsoft) -- C:\WINDOWS\system32\calc.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 14:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2003/05/08 11:00:46 | 00,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/09/29 07:07:00 | 00,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2008/09/29 07:07:00 | 00,067,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2008/09/29 07:07:00 | 00,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2008/09/29 07:07:00 | 00,019,456 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/06/10 18:26:28 | 00,222,456 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008/06/04 21:25:38 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/05/02 21:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/03/14 03:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/01/29 16:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/05/15 17:24:33 | 02,086,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/05/15 17:24:33 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/10/30 00:59:46 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/10/11 08:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2005/09/30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/08/12 16:37:50 | 01,504,256 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/10 14:00:00 | 00,061,440 | ---- | M] () -- C:\WINDOWS\system32\Iasv32.dll -- (Ias)
SRV - [2004/08/10 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2004/07/21 16:26:36 | 00,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV - [2008/09/29 07:07:00 | 00,340,592 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/09/29 07:07:00 | 00,090,360 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/09/29 07:07:00 | 00,074,648 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/09/29 07:07:00 | 00,064,432 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2008/09/29 07:07:00 | 00,062,704 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/09/29 07:07:00 | 00,042,424 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/05/02 21:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/12/25 12:14:34 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/11/30 04:00:00 | 00,387,384 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2005/10/05 15:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/09/23 17:56:28 | 03,966,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/08/12 16:35:56 | 00,305,739 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/07/29 19:11:04 | 00,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 19:11:02 | 00,034,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/07/22 11:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:10 | 00,231,168 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 11:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/17 03:51:34 | 00,005,315 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/05/13 04:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/01/26 04:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/01/07 19:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2005/01/07 19:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/11/15 19:41:54 | 00,036,804 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/11/10 19:30:18 | 00,024,832 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 19:27:34 | 00,044,288 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/10/27 12:32:02 | 00,146,888 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2004/09/16 13:26:40 | 00,012,634 | ---- | M] () -- C:\WINDOWS\system32\drivers\AdfuUd.sys -- (AdfuUd)
DRV - [2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 14:00:00 | 00,002,304 | ---- | M] () -- C:\WINDOWS\system32\isapeep.sys -- (isapeep)
DRV - [2004/08/04 09:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 09:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/06/17 17:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/10/16 00:58:18 | 00,112,380 | R--- | M] () -- C:\WINDOWS\system32\drivers\pfc027.sys -- (CIF USB CAMERA Service)
DRV - [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/18 00:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 00:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 00:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 00:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 00:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 23:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 23:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 23:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 23:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 23:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 23:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 23:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 23:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 23:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 23:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001/08/17 13:58:00 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ysu.edu/
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
IE - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\S-1-5-21-976086106-2868554521-2455347450-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2008/12/30 22:46:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2009/10/23 02:06:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:32 | 00,000,000 | ---D | M]


O1 HOSTS File: (713 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Protection Bar) - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\..\Toolbar\ShellBrowser: (no name) - {9EE802E8-C931-47AB-B570-AA8F791598CA} - No CLSID value found.
O3 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL (Microsoft)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [DnsUpdater] C:\Program Files\Common Files\e.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130652600\EE\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe File not found
O4 - HKLM..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe File not found
O4 - HKLM..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe File not found
O4 - HKLM..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe File not found
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe File not found
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [pibevopanu] C:\WINDOWS\System32\wagebuba.dll ()
O4 - HKLM..\Run: [Pure Networks Port Magic] C:\Program Files\Pure Networks\Port Magic\PortAOL.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [torivekov] C:\WINDOWS\System32\livugafo.DLL ()
O4 - HKLM..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe File not found
O4 - HKLM..\Run: [VSOCheckTask] C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe File not found
O4 - HKU\.DEFAULT..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\WINDOWS\Temp\avp.exe ()
O4 - HKU\S-1-5-18..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\WINDOWS\Temp\avp.exe ()
O4 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006..\Run: [calc] C:\Documents and Settings\NetworkService\ntuser.dll (Microsoft)
O4 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006..\Run: [pibevopanu] C:\WINDOWS\System32\wagebuba.dll ()
O4 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe ()
O4 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\Documents and Settings\Owner\Local Settings\Temp\csrss.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\BigFix.exe (BigFix Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: pmsngr.exe =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: rare =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 3.1\resources\en-us\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
O15 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-976086106-2868554521-2455347450-1006\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1256180191651 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\MDT6\AcPreview.ocx (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wakadewi.dll) - C:\WINDOWS\System32\wakadewi.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\livugafo.dll) - C:\WINDOWS\system32\livugafo.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\yewufuba.dll) - C:\WINDOWS\system32\yewufuba.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\payujepi.dll) - C:\WINDOWS\system32\payujepi.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O21 - SSODL: jayoyevot - {846df6a5-d3fb-4c3c-9c6c-c88b33c2a189} - C:\WINDOWS\system32\yewufuba.dll ()
O21 - SSODL: nufazitaj - {ff012544-5a3d-471a-9bb0-6d3b66ca03dc} - C:\WINDOWS\system32\yewufuba.dll ()
O21 - SSODL: tofewilih - {87d6ef2f-38f9-4db9-90cd-3b2d44140dd8} - C:\WINDOWS\system32\livugafo.dll ()
O22 - SharedTaskScheduler: {1b17f1db-790e-4d42-8e0c-d4d19123ee5b} - coronally - C:\WINDOWS\System32\xnvaogd.dll File not found
O22 - SharedTaskScheduler: {846df6a5-d3fb-4c3c-9c6c-c88b33c2a189} - tokatiluy - C:\WINDOWS\system32\yewufuba.dll ()
O22 - SharedTaskScheduler: {87d6ef2f-38f9-4db9-90cd-3b2d44140dd8} - jugezatag - C:\WINDOWS\system32\livugafo.dll ()
O22 - SharedTaskScheduler: {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - gsajkfh873whdngo8wuidgs4rgfr4 - C:\WINDOWS\system32\b7dnc.dll ()
O22 - SharedTaskScheduler: {ff012544-5a3d-471a-9bb0-6d3b66ca03dc} - kupuhivus - C:\WINDOWS\system32\yewufuba.dll ()
O24 - Desktop Components:0 () - http://images.allrecipes.com/images/14743.gif
O24 - Desktop Components:1 () - https://portal.pasreo.com/Portals/_default/...dia/body_bg.gif
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 20:13:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/27 14:43:52 | 00,305,672 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\dxwebsetup.exe
[2009/11/27 14:39:08 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/11/27 14:38:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/11/08 22:08:44 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/02 20:36:23 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/02 19:03:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\147BCE03C0F14C9F81576A89B6D2D973.TMP
[2009/10/28 23:45:26 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/10/28 23:44:22 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/10/28 20:53:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware
[2009/10/27 19:29:10 | 14,827,320 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Owner\Desktop\6m3ze36z.exe
[2009/10/27 19:19:48 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/10/27 18:49:15 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/27 18:49:12 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/27 18:49:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/27 17:22:19 | 00,288,654 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\SafeBootKeyRepair.exe
[2009/10/26 09:53:27 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/10/25 19:51:41 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\ilyuh.exe
[2009/10/25 19:50:29 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\qsdhs.exe
[2009/10/23 20:18:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/10/23 02:08:09 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/10/22 18:56:00 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/10/22 18:56:00 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[544 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[38 C:\*.tmp files -> C:\*.tmp -> ]
[28 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/08 22:27:21 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\segakawi
[2009/11/08 22:12:29 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/08 22:00:01 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\gfiudouo.job
[2009/11/08 12:49:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/08 12:49:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win32k.sys
[2009/11/08 12:49:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/08 12:48:54 | 10,731,39712 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/08 12:35:45 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/08 12:34:57 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/08 12:33:53 | 05,931,104 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/11/07 20:42:55 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/07 12:04:10 | 00,000,431 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to DSCN2602.lnk
[2009/11/07 11:42:17 | 00,000,821 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/07 11:41:04 | 00,175,896 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/07 05:38:40 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\kelaworu.dll
[2009/11/06 05:37:57 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\zadirowe.dll
[2009/11/05 05:36:52 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\gelapaze.dll
[2009/11/04 17:36:29 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\System32\yewufuba.dll
[2009/11/02 20:36:34 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/02 20:36:24 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/02 20:28:42 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/01 13:26:54 | 00,525,834 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 13:26:54 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 13:26:54 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/30 16:35:47 | 00,000,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/30 16:34:03 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/10/30 16:32:46 | 00,000,562 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rick.Reg
[2009/10/28 23:44:22 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/10/28 20:50:57 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/28 14:27:56 | 00,026,630 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/10/27 19:29:10 | 14,827,320 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Owner\Desktop\6m3ze36z.exe
[2009/10/27 19:10:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/27 18:17:16 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2009/10/27 18:07:17 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.scr
[2009/10/27 17:22:27 | 00,288,654 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\SafeBootKeyRepair.exe
[2009/10/27 16:30:12 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/27 16:30:12 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/10/26 10:08:21 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\jahiyaso.dll
[2009/10/26 09:54:29 | 00,000,452 | RHS- | M] () -- C:\Documents and Settings\Owner\ntuser.pol
[2009/10/25 19:52:36 | 00,079,360 | ---- | M] () -- C:\xrqu.exe
[2009/10/25 19:52:34 | 00,052,736 | ---- | M] () -- C:\bedwe.exe
[2009/10/25 19:52:33 | 00,031,232 | ---- | M] () -- C:\pvhvkt.exe
[2009/10/25 19:52:33 | 00,022,016 | ---- | M] () -- C:\yidaduh.exe
[2009/10/25 19:52:33 | 00,010,752 | ---- | M] () -- C:\rbgknu.exe
[2009/10/25 19:51:51 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\cg2xknbw.dll
[2009/10/25 19:51:43 | 00,246,272 | ---- | M] (Microsoft Corporation) -- C:\ilyuh.exe
[2009/10/25 19:50:35 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\b7dnc.dll
[2009/10/25 19:50:32 | 00,246,272 | ---- | M] (Microsoft Corporation) -- C:\qsdhs.exe
[2009/10/25 19:50:30 | 00,052,736 | ---- | M] () -- C:\ldvx.exe
[2009/10/25 19:50:24 | 00,333,312 | ---- | M] () -- C:\WINDOWS\System32\~.exe
[2009/10/25 14:52:47 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\3741 Weekly Worksheet Hospital 09.doc
[2009/10/25 13:29:35 | 00,209,408 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/24 03:18:53 | 00,240,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/22 22:38:34 | 00,012,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tab.wps
[2009/10/21 21:34:56 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fermentation.wps
[2009/10/21 19:10:46 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Snood.lnk
[2009/10/15 14:05:51 | 03,777,921 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Penguin Slide.a2w
[2009/10/15 02:07:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/14 21:34:10 | 00,024,512 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Perioperative Nursing.wps.rtf
[2009/10/14 21:33:46 | 00,049,664 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Perioperative Nursing.wps
[2009/10/14 16:01:28 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Perioperative Nursing.doc
[2009/10/13 20:18:50 | 00,580,790 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Exercise 5-1 number 3.a2w
[2009/10/13 20:00:23 | 00,004,674 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Robot Remote Control.a2w
[2009/10/13 20:00:09 | 00,000,145 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Robot control.a2w
[2009/10/13 18:08:12 | 00,810,405 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Flight Simulator-Alternate Version.a2w
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[544 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[38 C:\*.tmp files -> C:\*.tmp -> ]
[28 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/07 12:04:10 | 00,000,431 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to DSCN2602.lnk
[2009/11/07 05:38:40 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kelaworu.dll
[2009/11/06 05:37:57 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zadirowe.dll
[2009/11/05 05:36:52 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\gelapaze.dll
[2009/11/04 17:36:29 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\yewufuba.dll
[2009/11/04 05:35:38 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\gfiudouo.job
[2009/11/02 20:36:34 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/02 20:28:34 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/10/30 16:32:46 | 00,000,562 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rick.Reg
[2009/10/28 23:33:10 | 10,731,39712 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/27 19:20:42 | 00,000,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/27 19:10:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/27 18:16:18 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2009/10/27 16:59:48 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.scr
[2009/10/27 16:30:10 | 00,001,540 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
[2009/10/27 16:30:10 | 00,000,629 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2009/10/26 10:08:21 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\jahiyaso.dll
[2009/10/26 09:54:29 | 00,000,452 | RHS- | C] () -- C:\Documents and Settings\Owner\ntuser.pol
[2009/10/25 19:51:51 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\cg2xknbw.dll
[2009/10/25 19:51:41 | 00,052,736 | ---- | C] () -- C:\bedwe.exe
[2009/10/25 19:51:41 | 00,031,232 | ---- | C] () -- C:\pvhvkt.exe
[2009/10/25 19:51:41 | 00,010,752 | ---- | C] () -- C:\rbgknu.exe
[2009/10/25 19:51:40 | 00,022,016 | ---- | C] () -- C:\yidaduh.exe
[2009/10/25 19:51:38 | 00,079,360 | ---- | C] () -- C:\xrqu.exe
[2009/10/25 19:50:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\win32k.sys
[2009/10/25 19:50:35 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\b7dnc.dll
[2009/10/25 19:50:29 | 00,052,736 | ---- | C] () -- C:\ldvx.exe
[2009/10/25 19:50:23 | 00,333,312 | ---- | C] () -- C:\WINDOWS\System32\~.exe
[2009/10/25 14:52:39 | 00,044,544 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\3741 Weekly Worksheet Hospital 09.doc
[2009/10/21 21:34:56 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fermentation.wps
[2009/10/21 19:10:46 | 00,000,618 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Snood.lnk
[2009/10/15 13:47:30 | 03,777,921 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Penguin Slide.a2w
[2009/10/14 21:34:10 | 00,024,512 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Perioperative Nursing.wps.rtf
[2009/10/14 16:25:36 | 00,049,664 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Perioperative Nursing.wps
[2009/10/14 16:01:28 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Perioperative Nursing.doc
[2009/10/13 20:18:48 | 00,580,790 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Exercise 5-1 number 3.a2w
[2009/10/13 20:00:09 | 00,000,145 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Robot control.a2w
[2009/10/13 18:26:40 | 00,004,674 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Robot Remote Control.a2w
[2009/10/13 17:45:38 | 00,810,405 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Flight Simulator-Alternate Version.a2w
[2009/08/08 17:38:24 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\livugafo.dll
[2009/08/08 17:38:24 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\hagipugo.dll
[2009/08/08 17:38:23 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\mamotapi.dll
[2009/08/08 05:38:12 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\finoriha.dll
[2009/08/08 05:38:11 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\payujepi.dll
[2009/08/08 05:38:11 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\mitufufe.dll
[2009/08/07 17:37:49 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jihofoju.dll
[2009/08/07 17:37:48 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\likizedo.dll
[2009/08/07 05:37:24 | 00,028,672 | -HS- | C] () -- C:\WINDOWS\System32\jabedupu.dll
[2009/08/07 05:37:23 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\kinufedu.dll
[2009/08/07 05:37:23 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\davikuze.dll
[2009/08/06 17:37:07 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\yenegeki.dll
[2009/08/06 17:37:06 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\bagefilu.dll
[2009/08/06 17:37:06 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\gojowahu.dll
[2009/08/06 05:36:44 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\meberomu.dll
[2009/08/06 05:36:44 | 00,018,432 | -HS- | C] () -- C:\WINDOWS\System32\lavigizi.dll
[2009/08/06 05:36:43 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\hehosere.dll
[2009/08/05 19:23:22 | 00,017,408 | ---- | C] () -- C:\Program Files\Common Files\e.exe
[2009/08/05 17:36:28 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\vesiyena.dll
[2009/08/05 17:36:27 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\miwunado.dll
[2009/08/05 17:36:27 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\pubibizo.dll
[2009/08/05 05:36:04 | 00,036,864 | -HS- | C] () -- C:\WINDOWS\System32\noyutala.dll
[2009/08/05 05:36:02 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\jofesere.dll
[2009/08/05 05:36:02 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\kisugeve.dll
[2009/08/04 17:36:00 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\bojeviyu.dll
[2009/08/04 17:36:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jovobure.dll
[2009/08/04 17:36:00 | 00,009,216 | -HS- | C] () -- C:\WINDOWS\System32\pivezuba.dll
[2009/08/04 05:35:37 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\nokarelu.dll
[2009/08/04 05:35:36 | 00,060,416 | -HS- | C] () -- C:\WINDOWS\System32\daravome.dll
[2009/08/04 05:35:36 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\wusinubi.dll
[2009/08/03 17:35:20 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fadoyuva.dll
[2009/08/03 17:35:19 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\hizelamo.dll
[2009/08/03 05:35:09 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\fepugopa.dll
[2009/08/03 05:35:09 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\nanumiti.dll
[2009/08/02 17:34:41 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\nahufiwa.dll
[2009/08/02 17:34:41 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\banivatu.dll
[2009/08/02 05:34:22 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\kulebipu.dll
[2009/08/02 05:34:22 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\nosayutu.dll
[2009/08/01 17:33:54 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\tilawago.dll
[2009/08/01 17:33:54 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\muhoyawa.dll
[2009/08/01 05:33:52 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\mubafuju.dll
[2009/08/01 05:33:52 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jiredaju.dll
[2009/07/31 17:33:34 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\renogifo.dll
[2009/07/31 17:33:34 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\dokakalu.dll
[2009/07/31 05:33:12 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zuvikoza.dll
[2009/07/30 17:32:44 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\kotatada.dll
[2009/07/30 17:32:44 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yegitubu.dll
[2009/07/30 05:32:26 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\lujegofe.dll
[2009/07/30 05:32:26 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\puvekasu.dll
[2009/07/29 17:32:02 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\susebidu.dll
[2009/07/29 17:32:02 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\woluzivo.dll
[2009/07/29 05:31:56 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\yinazeku.dll
[2009/07/29 05:31:56 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zizakohe.dll
[2009/07/28 17:31:34 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\dabavibo.dll
[2009/07/28 05:32:10 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\wakadewi.dll
[2009/07/28 05:32:10 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\wagebuba.dll
[2009/07/28 05:32:10 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\luyehuda.dll
[2009/07/28 05:31:34 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\parakodo.dll
[2009/07/28 05:31:33 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\pekebera.dll
[2009/07/27 17:32:01 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\rugalilu.dll
[2009/07/27 17:32:00 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\deluguba.dll
[2009/07/25 20:01:49 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\latavija.dll
[2007/12/16 12:30:46 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\ktdll.dll
[2007/08/16 02:01:40 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/10/23 14:10:11 | 00,181,176 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/10/23 14:10:10 | 00,189,440 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/03/26 20:46:50 | 05,931,104 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2006/03/24 10:07:00 | 00,006,449 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/03/15 12:07:37 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/14 07:07:56 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/03/13 16:28:39 | 00,112,380 | R--- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
[2006/03/11 16:21:42 | 00,008,802 | R--- | C] () -- C:\WINDOWS\AmvTransform.ini
[2006/03/11 16:21:42 | 00,007,763 | R--- | C] () -- C:\WINDOWS\AmvPlayer.ini
[2006/03/11 16:21:42 | 00,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/03/11 16:21:42 | 00,006,565 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/03/11 16:21:42 | 00,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2006/03/04 16:19:09 | 00,000,804 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/02/16 22:51:02 | 00,209,408 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/13 15:12:58 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/09 20:27:27 | 00,000,658 | ---- | C] () -- C:\WINDOWS\KA.INI
[2006/02/07 16:07:46 | 00,026,630 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/02/05 13:17:20 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/02/05 13:01:12 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7I.DLL
[2006/01/30 08:30:16 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/01/30 08:30:16 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/29 19:31:39 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2006/01/29 19:31:38 | 00,013,104 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/10/30 01:11:56 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2005/10/30 01:11:56 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2005/10/30 01:05:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/29 23:40:59 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/10/29 23:40:59 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/10/29 23:40:58 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/10/29 23:40:57 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/10/29 23:40:57 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/10/29 23:40:56 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/08/06 00:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 12:38:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 18:49:16 | 00,001,460 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 18:49:16 | 00,000,506 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 18:48:33 | 00,000,821 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/09 18:48:30 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/01/09 18:48:25 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004464_.tmp.dll
[2005/01/09 18:48:07 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Iasv32.dll
[2005/01/09 18:48:07 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2005/01/09 18:48:07 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\isapeep.sys
[2005/01/09 18:48:06 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004496_.tmp.dll
[2005/01/09 18:48:02 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\eventlog.dll
[2005/01/09 12:00:14 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/09/16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\AdfuUd.sys
[2004/09/16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/18 16:50:28 | 00,202,752 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826C
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:09 AM

Posted 09 November 2009 - 04:53 AM

Hi,

you have been infected with Vundo (and more). We are going to try to fix this by running Combofix:
Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 culen20

culen20
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 09 November 2009 - 04:36 PM

I've clicked on both links i can't seem to download them it will say "this program cannot run in dos mode"

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:09 AM

Posted 09 November 2009 - 05:43 PM

Hi,

please try the following steps then, I believe malware is blocking the program from being executed:

Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Download and run renamed Combofix
Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • rename it to fun.exe
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 culen20

culen20
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 09 November 2009 - 06:09 PM

hey buddy i ran rkill and that worked. When i try to download the Combofix it keeps saying "This program cannot run in dos mode" i dont know what dos mode is am i in some kind of mode that i am not aware of or something?

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:09 AM

Posted 09 November 2009 - 06:32 PM

Hi,

what do you mean by " When i try to download the Combofix it keeps saying "This program cannot run in dos mode"? Usually this message is shown when the file got damaged during download and can not be executed successfully.

Could you please try to run TFC to empty your browser cache and retry to download Combofix:
Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 culen20

culen20
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 09 November 2009 - 08:44 PM

I ran TCF and then i ran the combofix and it worked.
ComboFix 09-11-08.03 - Owner 11/09/2009 19:21.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.573 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bedwe.exe
c:\docume~1\Owner\LOCALS~1\Temp\winlogon.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\LocalService\ntuser.dll
c:\documents and settings\LocalService\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\LocalService\Start Menu\Programs\Startup\scandisk.lnk
c:\documents and settings\NetworkService\ntuser.dll
c:\documents and settings\Owner\My Documents\ZbThumbnail.info
c:\documents and settings\Owner\ntuser.dll
c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.lnk
C:\ilyuh.exe
C:\ldvx.exe
c:\program files\Common Files\e.exe
C:\pvhvkt.exe
C:\qsdhs.exe
C:\rbgknu.exe
c:\recycler\S-1-5-21-11457409-3420883336-2810106368-500
c:\recycler\S-1-5-21-1590580893-40798335-178600853-500
c:\recycler\S-1-5-21-3462389463-4017558345-1778031126-500
c:\recycler\S-1-5-21-4148369516-415066616-1619009671-500
c:\windows\kb913800.exe
c:\windows\mlkel.old
c:\windows\system32\_000220_.tmp.dll
c:\windows\system32\_000231_.tmp.dll
c:\windows\system32\_000233_.tmp.dll
c:\windows\system32\_004453_.tmp.dll
c:\windows\system32\_004454_.tmp.dll
c:\windows\system32\_004455_.tmp.dll
c:\windows\system32\_004456_.tmp.dll
c:\windows\system32\_004463_.tmp.dll
c:\windows\system32\_004464_.tmp.dll
c:\windows\system32\_004465_.tmp.dll
c:\windows\system32\_004466_.tmp.dll
c:\windows\system32\_004468_.tmp.dll
c:\windows\system32\_004469_.tmp.dll
c:\windows\system32\_004472_.tmp.dll
c:\windows\system32\_004473_.tmp.dll
c:\windows\system32\_004475_.tmp.dll
c:\windows\system32\_004476_.tmp.dll
c:\windows\system32\_004477_.tmp.dll
c:\windows\system32\_004479_.tmp.dll
c:\windows\system32\_004482_.tmp.dll
c:\windows\system32\_004483_.tmp.dll
c:\windows\system32\_004487_.tmp.dll
c:\windows\system32\_004488_.tmp.dll
c:\windows\system32\_004490_.tmp.dll
c:\windows\system32\_004493_.tmp.dll
c:\windows\system32\_004495_.tmp.dll
c:\windows\system32\_004496_.tmp.dll
c:\windows\system32\_004497_.tmp.dll
c:\windows\system32\_004498_.tmp.dll
c:\windows\system32\_004499_.tmp.dll
c:\windows\system32\_004502_.tmp.dll
c:\windows\system32\_004503_.tmp.dll
c:\windows\system32\_004504_.tmp.dll
c:\windows\system32\_004505_.tmp.dll
c:\windows\system32\_004506_.tmp.dll
c:\windows\system32\_004511_.tmp.dll
c:\windows\system32\_004513_.tmp.dll
c:\windows\system32\~.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\b7DNc.dll
c:\windows\system32\bagefilu.dll
c:\windows\system32\banivatu.dll
c:\windows\system32\bojeviyu.dll
c:\windows\system32\calc.dll
c:\windows\system32\certstore.dat
c:\windows\system32\cg2xknbw.dll
c:\windows\system32\dabavibo.dll
c:\windows\system32\daravome.dll
c:\windows\system32\davikuze.dll
c:\windows\system32\deluguba.dll
c:\windows\system32\dokakalu.dll
c:\windows\system32\fadoyuva.dll
c:\windows\system32\fepugopa.dll
c:\windows\system32\finoriha.dll
c:\windows\system32\gelapaze.dll
c:\windows\system32\gojowahu.dll
c:\windows\system32\hagipugo.dll
c:\windows\system32\hehosere.dll
c:\windows\system32\hiduhozo.dll
c:\windows\system32\hikagazu.dll
c:\windows\system32\hizelamo.dll
c:\windows\system32\hulesoge.dll
c:\windows\system32\husamiza.dll
c:\windows\system32\Iasv32.dll
c:\windows\system32\isapeep.sys
c:\windows\system32\jabedupu.dll
c:\windows\system32\jahiyaso.dll
c:\windows\system32\jenuhisu.dll
c:\windows\system32\jihofoju.dll
c:\windows\system32\jiredaju.dll
c:\windows\system32\jofesere.dll
c:\windows\system32\jovobure.dll
c:\windows\system32\kelaworu.dll
c:\windows\system32\kinemimi.dll
c:\windows\system32\kinufedu.dll
c:\windows\system32\kisugeve.dll
c:\windows\system32\kotatada.dll
c:\windows\system32\kulebipu.dll
c:\windows\system32\latavija.dll
c:\windows\system32\latuwusa.dll
c:\windows\system32\lavigizi.dll
c:\windows\system32\likizedo.dll
c:\windows\system32\livugafo.dll
c:\windows\system32\lujegofe.dll
c:\windows\system32\MabryObj.dll
c:\windows\system32\mamotapi.dll
c:\windows\system32\meberomu.dll
c:\windows\system32\mitufufe.dll
c:\windows\system32\miwunado.dll
c:\windows\system32\mubafuju.dll
c:\windows\system32\muhoyawa.dll
c:\windows\system32\nahufiwa.dll
c:\windows\system32\nanumiti.dll
c:\windows\system32\nijopido.exe
c:\windows\system32\nokarelu.dll
c:\windows\system32\nosayutu.dll
c:\windows\system32\noyutala.dll
c:\windows\system32\parakodo.dll
c:\windows\system32\payujepi.dll
c:\windows\system32\pekebera.dll
c:\windows\system32\pivezuba.dll
c:\windows\system32\pubibizo.dll
c:\windows\system32\puvekasu.dll
c:\windows\system32\renogifo.dll
c:\windows\system32\rojolutu.dll
c:\windows\system32\rugalilu.dll
c:\windows\system32\suduhiji.dll
c:\windows\system32\susebidu.dll
c:\windows\system32\temp#01.exe
c:\windows\system32\tilawago.dll
c:\windows\system32\vesiyena.dll
c:\windows\system32\woluzivo.dll
c:\windows\system32\wusinubi.dll
c:\windows\system32\yegitubu.dll
c:\windows\system32\yenegeki.dll
c:\windows\system32\yewasitu.dll
c:\windows\system32\yewufuba.dll
c:\windows\system32\yinazeku.dll
c:\windows\system32\zadirowe.dll
c:\windows\system32\zenilaru.dll
c:\windows\system32\zizakohe.dll
c:\windows\system32\zuvikoza.dll
c:\windows\Tasks\gfiudouo.job
C:\xrqu.exe
C:\yidaduh.exe
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://82.98.231.100
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IAS
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_Ias
-------\Legacy_isapeep
-------\Service_isapeep


((((((((((((((((((((((((( Files Created from 2009-10-10 to 2009-11-10 )))))))))))))))))))))))))))))))
.

2009-11-27 19:39 . 2009-11-10 00:36 -------- d--h--w- c:\windows\msdownld.tmp
2009-11-27 19:38 . 2009-11-27 19:38 -------- d-----w- c:\windows\Logs
2009-10-29 04:45 . 2009-11-03 01:35 -------- d-----w- C:\Rooter$
2009-10-27 23:49 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-27 23:49 . 2009-10-29 01:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-27 23:49 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-27 23:28 . 2009-09-10 18:54 269648 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\mbamservice.exe
2009-10-27 23:28 . 2009-09-10 18:54 420176 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\mbamgui.exe
2009-10-27 23:28 . 2009-09-10 18:54 79696 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\zlib.dll
2009-10-27 23:28 . 2009-09-10 18:54 46416 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\ssubtmr6.dll
2009-10-27 23:28 . 2009-09-10 18:53 70992 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\mbamext.dll
2009-10-27 23:28 . 2009-10-27 23:28 -------- d-----w- c:\documents and settings\Malwarebytes' Anti-Malware\Languages
2009-10-27 23:28 . 2009-09-10 18:53 163664 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\mbam.dll
2009-10-27 23:28 . 2009-10-27 23:29 -------- d-----w- c:\documents and settings\Malwarebytes' Anti-Malware
2009-10-27 23:28 . 2009-10-27 23:29 11073 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\unins000.dat
2009-10-27 23:28 . 2009-10-27 23:28 699216 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\unins000.exe
2009-10-27 22:32 . 2009-10-27 22:32 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-26 14:53 . 2009-10-26 14:53 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-10-26 00:50 . 2009-11-09 23:51 0 ----a-r- c:\windows\win32k.sys
2009-10-24 01:18 . 2009-10-24 01:18 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-23 07:08 . 2009-10-23 07:08 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-22 23:56 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-15 07:24 . 2009-10-15 07:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-14 03:08 . 2009-10-14 03:09 127872 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 00:47 . 2009-01-15 01:08 -------- d-----w- c:\program files\PokerStars.NET
2009-10-28 19:27 . 2006-02-07 21:07 26630 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-10-24 01:18 . 2005-01-10 01:26 65864 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-14 03:09 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-10-14 03:09 . 2008-10-05 18:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-09-16 21:36 . 2009-09-16 21:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Learn2.com
2009-09-11 14:33 . 2009-06-08 00:53 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2005-01-09 23:48 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2005-01-09 23:48 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:16 . 2005-01-09 23:49 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-07-29 10:31 . 2009-07-29 10:31 1052192 --sha-w- c:\windows\system32\kazuzori.exe
2009-07-26 01:01 . 2009-07-26 01:01 1051682 --sha-w- c:\windows\system32\latavija.exe
2009-07-30 10:32 . 2009-07-30 10:32 1054752 --sha-w- c:\windows\system32\sorudebu.exe
2009-08-06 22:37 . 2009-08-06 22:37 114176 --sha-w- c:\windows\system32\vikijiri.exe
2009-07-28 10:31 . 2009-07-28 10:31 1050656 --sha-w- c:\windows\system32\zodaveru.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-02-23 19544104]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-03-24 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-24 180269]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"HostManager"="c:\program files\Common Files\AOL\1130652600\ee\AOLSoftware.exe" [2006-09-26 50736]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2005-05-03 543232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2006-2-6 221295]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2005-10-30 1742384]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130652600\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130652600\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130652600\\EE\\aim6.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\patchget.dat"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\McAfee\\VirusScan Enterprise\\shstat.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\Program Files\\AOL\\AOL Toolbar 3.1\\aoltbhelper.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\TFC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7/26/2008 9:26 AM 222456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/26/2009 10:18 PM 67904]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [9/29/2008 7:07 AM 19456]
S3 CIF USB CAMERA Service;CIF USB CAMERA;c:\windows\system32\drivers\pfc027.sys [3/13/2006 4:28 PM 112380]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/26/2009 10:18 PM 64432]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ysu.edu/
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {6CD9602A-947A-48DF-B052-2BB3D25ECD18} = 95.211.97.20,95.211.97.21
TCP: {A37B8880-4BA1-458F-87FA-64BE7D8637E6} = 77.74.48.113
.
- - - - ORPHANS REMOVED - - - -

BHO-{fb1c54bd-a311-46ae-af74-c3c78a7be144} - hiduhozo.dll
HKCU-Run-Aim6 - (no file)
HKCU-Run-pibevopanu - wagebuba.dll
HKLM-Run-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
HKLM-Run-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe
HKLM-Run-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
HKLM-Run-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe
HKLM-Run-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
HKLM-Run-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
HKLM-Run-MCAgentExe - c:\progra~1\mcafee.com\agent\McAgent.exe
HKLM-Run-DnsUpdater - c:\program files\Common Files\e.exe
HKLM-Run-torivekov - c:\windows\system32\livugafo.dll
HKLM-Run-pibevopanu - kinemimi.dll
SharedTaskScheduler-{ff012544-5a3d-471a-9bb0-6d3b66ca03dc} - c:\windows\system32\payujepi.dll
SharedTaskScheduler-{7626e65a-60cd-4708-a098-8f0e8fa6b4c6} - c:\windows\system32\zenilaru.dll
SharedTaskScheduler-{8cff4088-95eb-406f-8898-413486080d6c} - c:\windows\system32\zenilaru.dll
SharedTaskScheduler-{d3e2323e-6fe7-44bb-aab6-0745e544f157} - c:\windows\system32\livugafo.dll
SSODL-nufazitaj-{ff012544-5a3d-471a-9bb0-6d3b66ca03dc} - c:\windows\system32\payujepi.dll
SSODL-yegomesup-{7626e65a-60cd-4708-a098-8f0e8fa6b4c6} - c:\windows\system32\zenilaru.dll
SSODL-jezunayok-{8cff4088-95eb-406f-8898-413486080d6c} - c:\windows\system32\zenilaru.dll
SSODL-godizuzun-{d3e2323e-6fe7-44bb-aab6-0745e544f157} - c:\windows\system32\livugafo.dll
AddRemove-4G_1.0 - c:\ka\4G\DeIsL1.isu
AddRemove-DnsUpdater1 - c:\program files\Common Files\e.exe
AddRemove-Internet Explorer Security Plugin 2006 - c:\program files\Video ActiveX Object\iesuninst.exe
AddRemove-Internet Security Add-On - c:\program files\Video ActiveX Object\isauninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 19:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\LastGood

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,fc,99,26,2e,9f,a3,46,b3,48,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,fc,99,26,2e,9f,a3,46,b3,48,3e,\

[HKEY_USERS\S-1-5-21-976086106-2868554521-2455347450-1006\Software\SecuROM\License information*]
"datasecu"=hex:54,03,2d,7d,ea,d6,f6,09,e7,05,07,db,5d,61,84,ec,89,ff,2c,ba,e3,
ff,16,ac,5c,ad,b7,a0,14,b5,32,47,84,c3,ae,78,3c,16,98,47,15,77,ed,c0,62,aa,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'explorer.exe'(2260)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft Office\OFFICE11\WINWORD.EXE
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-11-10 20:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-10 01:10

Pre-Run: 108,198,350,848 bytes free
Post-Run: 108,219,564,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - FB89C4AA3F24FA586B8CE7F84EA130A8

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:09 AM

Posted 10 November 2009 - 05:38 AM

Hi,

that was a nice collection of malware, that combofix removed there!

and there is more to come still:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\kazuzori.exe
c:\windows\system32\latavija.exe
c:\windows\system32\sorudebu.exe
c:\windows\system32\vikijiri.exe
c:\windows\system32\zodaveru.exe
c:\windows\win32k.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\taskmgr.exe"=-


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please also run the following tools:

Download and run Win32kDiag:We need to scan the system with this special tool as well.
  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.
Please post back the logs from Combofix, win32kdiag and junction in your next reply.

My nick changed from _temp_ to myrti tonight. I hope this won't create too much confusion.
regards myrti

Edited by myrti, 10 November 2009 - 05:38 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:09 AM

Posted 16 November 2009 - 09:31 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users