Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Personal Guard Problems


  • This topic is locked This topic is locked
11 replies to this topic

#1 tmaher24

tmaher24

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 15 November 2009 - 05:21 PM

I cannot get rid of personal guard. No matter what I do it keeps coming back and the pop ups are causing my computer to run very slow. I have read the removal guide for this and have downloaded and tried to run Malwarebytes but it won't locate it on my computer.
Please help
Thanks



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:36 PM, on 11/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\SYSTEM32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\WINDOWS\system32\CTsvcCDA.EXE
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\wwSecure.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\Explorer.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1681
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [BrMfcWnd] F:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] F:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] F:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ddoctorv2] "F:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SpyHunter Security Suite] F:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [personalguard] F:\Program Files\Personal Guard 2009\personalguard.exe
O4 - HKLM\..\Run: [wigegelil] Rundll32.exe "f:\windows\system32\mohohimu.dll",a
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.microsoft.com/objects/ocget.dll
O20 - AppInit_DLLs: poraheva.dll f:\windows\system32\mohohimu.dll
O21 - SSODL: SysNet - {25B4E279-FE3B-4B3F-B5AC-61719FF02A99} - F:\Documents and Settings\All Users\Microsoft AData\sysnet.dll
O21 - SSODL: logosalop - {86061baa-8356-4b80-becb-120c0ded3cf1} - f:\windows\system32\mohohimu.dll
O22 - SharedTaskScheduler: jugezatag - {86061baa-8356-4b80-becb-120c0ded3cf1} - f:\windows\system32\mohohimu.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - F:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - F:\WINDOWS\system32\wwSecure.exe

--
End of file - 4374 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:05 PM

Posted 16 November 2009 - 08:19 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %systemdrive%\*.exe
    %systemroot%\system32\drivers\*.sys


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


=============


The next log will show us any hidden files that are present.
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 tmaher24

tmaher24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 16 November 2009 - 11:06 PM

Thanks for responding Sam. Here is the OTL Log.

OTL logfile created on: 11/16/2009 10:59:55 PM - Run 2
OTL by OldTimer - Version 3.1.5.0 Folder = F:\Documents and Settings\Tim\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

511.42 Mb Total Physical Memory | 164.55 Mb Available Physical Memory | 32.17% Memory free
1.22 Gb Paging File | 0.95 Gb Available in Paging File | 77.45% Paging File free
Paging file location(s): F:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 19.53 Gb Total Space | 11.97 Gb Free Space | 61.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 19.53 Gb Total Space | 1.53 Gb Free Space | 7.83% Space Free | Partition Type: NTFS
Drive G: | 989.27 Mb Total Space | 980.88 Mb Free Space | 99.15% Space Free | Partition Type: NTFS
Drive H: | 109.01 Gb Total Space | 55.16 Gb Free Space | 50.60% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: MASTER
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/16 22:52:44 | 00,529,408 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Tim\Desktop\OTL.exe
PRC - [2009/11/07 08:27:52 | 00,908,248 | ---- | M] (Mozilla Corporation) -- F:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/30 09:41:04 | 00,866,200 | ---- | M] (Enigma Software Group USA, LLC.) -- F:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
PRC - [2008/05/27 09:50:30 | 00,413,696 | ---- | M] (Apple Inc.) -- F:\Program Files\QuickTime\QTTask.exe
PRC - [2008/04/24 13:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- F:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- F:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
PRC - [2006/05/15 17:24:33 | 00,100,032 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/05/20 14:53:52 | 00,486,400 | ---- | M] (Webroot Software, Inc.) -- F:\WINDOWS\system32\wwSecure.exe
PRC - [2003/09/17 10:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- F:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/16 22:52:44 | 00,529,408 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Tim\Desktop\OTL.exe
MOD - [2009/08/16 22:11:55 | 00,091,648 | -HS- | M] () -- F:\WINDOWS\system32\wenijalu.dll
MOD - [2009/08/13 18:21:21 | 00,050,688 | -HS- | M] () -- F:\WINDOWS\system32\poraheva.dll
MOD - [2007/04/19 14:21:40 | 00,116,264 | ---- | M] (SupportSoft, Inc.) -- F:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/19 07:59:41 | 00,094,720 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\iphlpapi.dll
MOD - [2004/08/04 02:56:46 | 00,022,528 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\wsock32.dll
MOD - [2004/08/04 02:56:43 | 00,413,696 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\msvcp60.dll
MOD - [2004/08/04 02:56:42 | 00,640,000 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\dbghelp.dll
MOD - [2004/08/04 02:56:42 | 00,185,856 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2002/08/13 06:10:10 | 00,155,648 | ---- | M] () -- F:\WINDOWS\ssleay32.dll
MOD - [2002/08/13 06:09:50 | 00,684,032 | ---- | M] () -- F:\WINDOWS\libeay32.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- F:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/04/24 13:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- F:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006/06/22 16:13:06 | 00,208,896 | ---- | M] (Nero AG) -- F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/05/15 17:24:33 | 02,086,592 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/05/15 17:24:33 | 00,100,032 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/05/20 14:53:52 | 00,486,400 | ---- | M] (Webroot Software, Inc.) -- F:\WINDOWS\system32\wwSecure.exe -- (wwSecSvc)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/04 02:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2001/08/17 17:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- F:\WINDOWS\system32\pctspk.exe -- (Pctspk)
SRV - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://ie.search.msn.com
IE - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\S-1-5-21-1757981266-484061587-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\S-1-5-21-1757981266-484061587-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = actsvr.comcastonline.com
IE - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\S-1-5-21-1757981266-484061587-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:1681

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgff&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=slv5-ab-&p="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 3296
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,cgi*.ebay.com,disney.go.com,msa_e1.ebay.com,rhapsody_app*.listen.com"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/11 20:24:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2009/11/07 18:01:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2009/11/07 08:28:00 | 00,000,000 | ---D | M]

[2009/09/06 15:01:04 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Extensions
[2009/09/06 15:01:04 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/18 08:04:13 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/11/16 22:24:13 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\extensions
[2009/09/11 20:26:23 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2005/09/13 23:00:40 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2007/11/12 18:15:46 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2005/09/13 23:00:40 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\extensions\{cc6ef5ab-35be-4300-bd07-d12850fc97ff}
[2005/09/13 23:00:40 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}
[2005/09/13 23:07:51 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2005/09/13 23:00:36 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\extensions\ScribbliesKids
[2009/06/30 21:00:58 | 00,002,246 | ---- | M] () -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\searchplugins\espn.xml
[2009/11/10 20:53:08 | 00,001,846 | ---- | M] () -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\searchplugins\weather.xml
[2009/11/16 22:24:13 | 00,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions
[2009/11/07 08:28:00 | 00,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/07 15:21:24 | 00,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/19 07:56:55 | 00,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/11/07 08:27:52 | 00,023,512 | ---- | M] (Mozilla Foundation) -- F:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/07 08:27:52 | 00,137,176 | ---- | M] (Mozilla Foundation) -- F:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2004/09/08 22:03:50 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- F:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2006/11/20 10:08:00 | 00,379,392 | ---- | M] () -- F:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2009/02/06 11:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2003/11/18 13:37:32 | 00,241,664 | ---- | M] (Musicnotes, Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2009/11/07 08:27:54 | 00,064,984 | ---- | M] (mozilla.org) -- F:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2006/10/22 23:24:32 | 00,091,768 | ---- | M] (Adobe Systems Inc.) -- F:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2004/12/24 10:29:43 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- F:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008/07/25 09:27:48 | 00,143,360 | ---- | M] (Apple Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/07/25 09:27:48 | 00,143,360 | ---- | M] (Apple Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/07/25 09:27:48 | 00,143,360 | ---- | M] (Apple Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/07/25 09:27:49 | 00,143,360 | ---- | M] (Apple Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/07/25 09:27:49 | 00,143,360 | ---- | M] (Apple Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/07/25 09:27:49 | 00,143,360 | ---- | M] (Apple Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/07/25 09:27:49 | 00,143,360 | ---- | M] (Apple Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2005/04/27 15:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- F:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2004/12/24 10:29:53 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- F:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2004/12/24 10:29:34 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- F:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/07/30 02:24:20 | 00,001,394 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/30 02:24:20 | 00,002,193 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/30 02:24:20 | 00,001,534 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/30 02:24:20 | 00,002,344 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/30 02:24:20 | 00,002,371 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/30 02:24:20 | 00,001,178 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/30 02:24:20 | 00,000,792 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (1277 bytes) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.igetnet.com
O1 - Hosts: 127.0.0.1 code.ignphrases.com
O1 - Hosts: 127.0.0.1 clear-search.com
O1 - Hosts: 127.0.0.1 r1.clrsch.com
O1 - Hosts: 127.0.0.1 sds.clrsch.com
O1 - Hosts: 127.0.0.1 status.clrsch.com
O1 - Hosts: 127.0.0.1 www.clrsch.com
O1 - Hosts: 127.0.0.1 clr-sch.com
O1 - Hosts: 127.0.0.1 sds-qckads.com
O1 - Hosts: 127.0.0.1 status.qckads.com
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BrMfcWnd] F:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
O4 - HKLM..\Run: [ControlCenter3] F:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CTSysVol] F:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ddoctorv2] F:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [QuickTime Task] F:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SbUsb AudCtrl] F:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [SetDefPrt] F:\Program Files\Brother\Brmfl06b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SpyHunter Security Suite] F:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [wigegelil] F:\WINDOWS\System32\wenijalu.DLL ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O15 - HKLM\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\..Trusted Domains: 5 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} http://activex.microsoft.com/objects/ocget.dll (SdcNetCheckCtl Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.microsoft.com/security/prot...b?1095382347313 (MSSecurityAdvisor Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - F:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - F:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - F:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (poraheva.dll) - F:\WINDOWS\System32\poraheva.dll ()
O20 - AppInit_DLLs: (f:\windows\system32\wenijalu.dll) - F:\WINDOWS\system32\wenijalu.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (logon.exe) - File not found
O21 - SSODL: SysNet - {25B4E279-FE3B-4B3F-B5AC-61719FF02A99} - F:\Documents and Settings\All Users\Microsoft AData\sysnet.dll ()
O21 - SSODL: tenivilun - {39851ee5-f862-4e63-b997-bb83fed73d80} - F:\WINDOWS\system32\wenijalu.dll ()
O22 - SharedTaskScheduler: {39851ee5-f862-4e63-b997-bb83fed73d80} - mujuzedij - F:\WINDOWS\system32\wenijalu.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9b28bc7b-e6e6-11dd-a4cd-0002a5d862de}\Shell - "" = AutoRun
O33 - MountPoints2\{9b28bc7b-e6e6-11dd-a4cd-0002a5d862de}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b28bc7b-e6e6-11dd-a4cd-0002a5d862de}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ad99f21a-3708-11db-9f02-0002a5d862de}\Shell - "" = AutoRun
O33 - MountPoints2\{ad99f21a-3708-11db-9f02-0002a5d862de}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad99f21a-3708-11db-9f02-0002a5d862de}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e3b36712-4b29-11de-a4d7-0002a5d862de}\Shell\AutoRun\command - "" = I:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e3b36712-4b29-11de-a4d7-0002a5d862de}\Shell\install\command - "" = I:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e3b36712-4b29-11de-a4d7-0002a5d862de}\Shell\usermanualEnglish\command - "" = I:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e3b36712-4b29-11de-a4d7-0002a5d862de}\Shell\usermanualFrench\command - "" = I:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e3b36712-4b29-11de-a4d7-0002a5d862de}\Shell\usermanualSpanish\command - "" = I:\rcaeasyrip_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - F:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - F:\WINDOWS\system32\ias [2004/09/16 17:36:06 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - F:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/16 22:58:35 | 00,472,064 | ---- | C] ( ) -- F:\Documents and Settings\Tim\Desktop\RootRepeal.exe
[2009/11/16 22:52:49 | 00,529,408 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Tim\Desktop\OTL.exe
[2009/11/15 17:26:33 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Tim\Desktop\Autoruns
[2009/11/15 10:59:40 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/15 10:59:37 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2009/11/15 10:59:37 | 00,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware
[2009/11/09 22:58:44 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- F:\WINDOWS\System32\drivers\pavboot.sys
[2009/11/09 17:01:43 | 00,000,000 | ---D | C] -- F:\Program Files\Enigma Software Group
[2009/11/07 08:14:55 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- F:\Documents and Settings\Tim\Desktop\HJTsetup.exe
[2009/11/06 21:27:36 | 00,000,000 | ---D | C] -- F:\Program Files\Personal Guard 2009
[2009/11/06 21:27:33 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Microsoft AData
[2006/07/26 12:37:26 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- F:\Program Files\RngInterstitial.dll
[2006/02/19 02:28:56 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- F:\WINDOWS\Fonts\RandFont.dll
[2004/12/04 21:38:09 | 00,059,392 | ---- | C] ( ) -- F:\WINDOWS\System32\a3d.dll
[35 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]
[1 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/16 23:00:01 | 00,000,296 | ---- | M] () -- F:\WINDOWS\tasks\wrxudwny.job
[2009/11/16 22:59:11 | 00,006,456 | -H-- | M] () -- F:\WINDOWS\System32\salowugi
[2009/11/16 22:58:29 | 00,472,064 | ---- | M] ( ) -- F:\Documents and Settings\Tim\Desktop\RootRepeal.exe
[2009/11/16 22:52:44 | 00,529,408 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Tim\Desktop\OTL.exe
[2009/11/16 22:47:39 | 00,029,696 | ---- | M] () -- F:\Documents and Settings\Tim\My Documents\Name Ionic Compounds that have Polyatomic ions.doc
[2009/11/16 22:11:54 | 00,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2009/11/16 22:11:15 | 00,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2009/11/16 22:11:07 | 00,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2009/11/16 22:10:58 | 53,633,4336 | -HS- | M] () -- F:\hiberfil.sys
[2009/11/16 03:03:00 | 00,000,000 | ---- | M] () -- F:\WINDOWS\usexplorer.exe
[2009/11/16 03:03:00 | 00,000,000 | ---- | M] () -- F:\WINDOWS\spoov.exe
[2009/11/16 03:03:00 | 00,000,000 | ---- | M] () -- F:\WINDOWS\securits.com
[2009/11/16 03:03:00 | 00,000,000 | ---- | M] () -- F:\WINDOWS\regred.exe
[2009/11/16 03:03:00 | 00,000,000 | ---- | M] () -- F:\WINDOWS\certsystem.exe
[2009/11/14 12:08:51 | 00,000,000 | ---- | M] () -- F:\WINDOWS\microsoftdef.dll
[2009/11/13 06:34:22 | 00,016,604 | ---- | M] () -- F:\Documents and Settings\Tim\Desktop\Keller TRF.doc
[2009/11/09 23:27:26 | 00,005,507 | ---- | M] () -- F:\Documents and Settings\Tim\Desktop\Ham Volleyball cover letter.doc
[2009/11/09 23:25:07 | 00,009,536 | ---- | M] () -- F:\Documents and Settings\Tim\Desktop\Volleyball resume.doc
[2009/11/09 23:23:16 | 00,035,100 | ---- | M] () -- F:\Documents and Settings\Tim\Application Data\wklnhst.dat
[2009/11/09 22:57:31 | 00,177,240 | ---- | M] () -- F:\Documents and Settings\Tim\Desktop\activescan2_en.exe
[2009/11/07 11:43:31 | 06,815,744 | ---- | M] () -- F:\Documents and Settings\Tim\ntuser.dat
[2009/11/07 11:43:31 | 00,000,178 | -HS- | M] () -- F:\Documents and Settings\Tim\ntuser.ini
[2009/11/07 11:42:18 | 00,020,992 | ---- | M] () -- F:\Documents and Settings\Tim\Desktop\All Star11_07.xls
[2009/11/07 08:15:42 | 00,001,734 | ---- | M] () -- F:\Documents and Settings\Tim\Desktop\HijackThis.lnk
[2009/11/07 08:14:55 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- F:\Documents and Settings\Tim\Desktop\HJTsetup.exe
[2009/11/06 21:27:38 | 00,380,416 | ---- | M] () -- F:\WINDOWS\System32\winsc.exe
[2009/11/03 18:48:18 | 00,443,368 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2009/11/03 18:48:18 | 00,072,224 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[35 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]
[1 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/16 22:47:38 | 00,029,696 | ---- | C] () -- F:\Documents and Settings\Tim\My Documents\Name Ionic Compounds that have Polyatomic ions.doc
[2009/11/13 06:34:24 | 00,016,604 | ---- | C] () -- F:\Documents and Settings\Tim\Desktop\Keller TRF.doc
[2009/11/12 15:09:39 | 00,000,296 | ---- | C] () -- F:\WINDOWS\tasks\wrxudwny.job
[2009/11/09 23:27:26 | 00,005,507 | ---- | C] () -- F:\Documents and Settings\Tim\Desktop\Ham Volleyball cover letter.doc
[2009/11/09 23:23:16 | 00,009,536 | ---- | C] () -- F:\Documents and Settings\Tim\Desktop\Volleyball resume.doc
[2009/11/09 22:57:30 | 00,177,240 | ---- | C] () -- F:\Documents and Settings\Tim\Desktop\activescan2_en.exe
[2009/11/07 11:42:18 | 00,020,992 | ---- | C] () -- F:\Documents and Settings\Tim\Desktop\All Star11_07.xls
[2009/11/07 08:15:42 | 00,001,734 | ---- | C] () -- F:\Documents and Settings\Tim\Desktop\HijackThis.lnk
[2009/11/06 21:27:38 | 00,380,416 | ---- | C] () -- F:\WINDOWS\System32\winsc.exe
[2009/11/06 21:27:36 | 00,000,000 | ---- | C] () -- F:\WINDOWS\usexplorer.exe
[2009/11/06 21:27:36 | 00,000,000 | ---- | C] () -- F:\WINDOWS\spoov.exe
[2009/11/06 21:27:36 | 00,000,000 | ---- | C] () -- F:\WINDOWS\securits.com
[2009/11/06 21:27:36 | 00,000,000 | ---- | C] () -- F:\WINDOWS\regred.exe
[2009/11/06 21:27:36 | 00,000,000 | ---- | C] () -- F:\WINDOWS\microsoftdef.dll
[2009/11/06 21:27:36 | 00,000,000 | ---- | C] () -- F:\WINDOWS\certsystem.exe
[2009/09/14 06:40:21 | 00,079,872 | ---- | C] () -- F:\WINDOWS\System32\drivers\ad6b54267d9c80126f5c0906.sys
[2009/08/16 22:11:55 | 00,091,648 | -HS- | C] () -- F:\WINDOWS\System32\wenijalu.dll
[2009/08/16 22:11:55 | 00,037,888 | -HS- | C] () -- F:\WINDOWS\System32\midogiru.dll
[2009/08/15 22:02:42 | 00,089,600 | -HS- | C] () -- F:\WINDOWS\System32\kowozatu.dll
[2009/08/15 22:02:42 | 00,038,400 | -HS- | C] () -- F:\WINDOWS\System32\jeleguja.dll
[2009/08/15 10:02:38 | 00,089,088 | -HS- | C] () -- F:\WINDOWS\System32\mohohimu.dll
[2009/08/15 10:02:38 | 00,038,400 | -HS- | C] () -- F:\WINDOWS\System32\veyoroda.dll
[2009/08/14 22:02:10 | 00,089,088 | -HS- | C] () -- F:\WINDOWS\System32\bajoduza.dll
[2009/08/14 22:02:10 | 00,037,888 | -HS- | C] () -- F:\WINDOWS\System32\hakolike.dll
[2009/08/13 18:21:21 | 00,050,688 | -HS- | C] () -- F:\WINDOWS\System32\timepimi.dll
[2009/08/13 18:21:21 | 00,050,688 | -HS- | C] () -- F:\WINDOWS\System32\sutuhoha.dll
[2009/08/13 18:21:21 | 00,050,688 | -HS- | C] () -- F:\WINDOWS\System32\poraheva.dll
[2009/08/13 18:20:49 | 00,089,600 | -HS- | C] () -- F:\WINDOWS\System32\zalahobe.dll
[2009/08/13 18:20:49 | 00,050,688 | -HS- | C] () -- F:\WINDOWS\System32\jiruludi.dll
[2009/08/13 18:20:49 | 00,039,424 | -HS- | C] () -- F:\WINDOWS\System32\zumidiba.dll
[2009/08/13 06:21:06 | 00,090,112 | -HS- | C] () -- F:\WINDOWS\System32\wemipipo.dll
[2009/08/13 06:21:06 | 00,039,424 | -HS- | C] () -- F:\WINDOWS\System32\fenoyoyu.dll
[2009/08/12 15:09:38 | 00,090,112 | -HS- | C] () -- F:\WINDOWS\System32\pulewogo.dll
[2009/08/12 15:09:38 | 00,061,440 | -HS- | C] () -- F:\WINDOWS\System32\pogogiso.dll
[2009/08/12 15:09:38 | 00,038,912 | -HS- | C] () -- F:\WINDOWS\System32\dogobuzo.dll
[2009/08/12 03:09:23 | 00,038,912 | -HS- | C] () -- F:\WINDOWS\System32\rumenite.dll
[2009/08/11 03:08:28 | 00,052,736 | -HS- | C] () -- F:\WINDOWS\System32\bagahone.dll
[2009/08/11 03:08:28 | 00,038,400 | -HS- | C] () -- F:\WINDOWS\System32\sosagatu.dll
[2009/08/09 15:07:55 | 00,090,112 | -HS- | C] () -- F:\WINDOWS\System32\zubadira.dll
[2009/08/09 15:07:55 | 00,051,200 | -HS- | C] () -- F:\WINDOWS\System32\sazukojo.dll
[2009/08/09 15:07:55 | 00,038,400 | -HS- | C] () -- F:\WINDOWS\System32\vasidifu.dll
[2009/08/08 09:32:15 | 00,091,136 | -HS- | C] () -- F:\WINDOWS\System32\hazoboyi.dll
[2009/08/08 09:32:15 | 00,051,200 | -HS- | C] () -- F:\WINDOWS\System32\yujopona.dll
[2009/08/08 09:32:15 | 00,039,424 | -HS- | C] () -- F:\WINDOWS\System32\zeyebome.dll
[2009/08/07 21:32:00 | 00,039,424 | -HS- | C] () -- F:\WINDOWS\System32\nomajale.dll
[2009/04/05 23:38:17 | 00,000,012 | ---- | C] () -- F:\Documents and Settings\Tim\Application Data\examview.tlx
[2009/01/05 23:43:47 | 00,000,021 | ---- | C] () -- F:\WINDOWS\atid.ini
[2008/12/20 18:46:37 | 00,001,008 | ---- | C] () -- F:\WINDOWS\EQNEDIT.INI
[2008/07/24 06:13:20 | 00,617,529 | -HS- | C] () -- F:\WINDOWS\System32\hidopaqw.ini
[2008/05/17 02:03:04 | 00,000,118 | ---- | C] () -- F:\WINDOWS\System32\MRT.INI
[2007/12/10 22:57:27 | 00,000,156 | ---- | C] () -- F:\WINDOWS\KPCMS.INI
[2007/12/10 22:56:59 | 00,210,944 | ---- | C] () -- F:\WINDOWS\System32\MSVCRT10.DLL
[2007/11/27 22:33:42 | 00,000,376 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2007/06/19 23:01:32 | 00,000,419 | ---- | C] () -- F:\WINDOWS\BRWMARK.INI
[2007/06/19 23:01:32 | 00,000,027 | ---- | C] () -- F:\WINDOWS\BRPP2KA.INI
[2007/06/19 23:00:15 | 00,000,214 | ---- | C] () -- F:\WINDOWS\Brpfx04a.ini
[2007/06/19 23:00:15 | 00,000,093 | ---- | C] () -- F:\WINDOWS\brpcfx.ini
[2007/06/19 22:58:09 | 00,106,496 | ---- | C] () -- F:\WINDOWS\System32\BrMuSNMP.dll
[2007/05/04 07:00:15 | 00,077,312 | ---- | C] () -- F:\WINDOWS\ua2.dll
[2007/03/18 19:32:09 | 00,000,126 | ---- | C] () -- F:\Documents and Settings\Tim\Local Settings\Application Data\fusioncache.dat
[2007/03/18 19:17:22 | 00,000,330 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/03/12 22:43:39 | 00,000,013 | -H-- | C] () -- F:\Documents and Settings\All Users\Application Data\jgalt.ayn
[2007/02/11 20:22:49 | 00,000,120 | ---- | C] () -- F:\Documents and Settings\Tim\Application Data\FixVTS.ini
[2007/02/05 22:34:11 | 00,000,000 | ---- | C] () -- F:\WINDOWS\iPlayer.INI
[2007/01/29 10:44:47 | 00,039,825 | ---- | C] () -- F:\Documents and Settings\Tim\Local Settings\Application Data\FASTWiz.log
[2007/01/17 18:56:47 | 00,000,154 | ---- | C] () -- F:\WINDOWS\PokeMon.ini
[2007/01/02 18:11:05 | 00,000,143 | ---- | C] () -- F:\WINDOWS\NeroDigital.ini
[2006/11/25 14:52:25 | 00,001,778 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/17 15:39:30 | 00,000,460 | ---- | C] () -- F:\WINDOWS\hegames.ini
[2006/08/24 21:46:28 | 00,026,948 | ---- | C] () -- F:\WINDOWS\_000049_.tmp.dll
[2006/06/29 22:52:34 | 00,000,085 | ---- | C] () -- F:\WINDOWS\MusEdit.INI
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/03/25 17:52:34 | 00,627,965 | -HS- | C] () -- F:\WINDOWS\System32\qqtss.ini2
[2006/01/12 16:16:41 | 00,090,442 | -HS- | C] () -- F:\WINDOWS\System32\qqtss.ini
[2006/01/12 16:08:05 | 00,684,032 | ---- | C] () -- F:\WINDOWS\libeay32.dll
[2006/01/12 16:08:04 | 00,155,648 | ---- | C] () -- F:\WINDOWS\ssleay32.dll
[2006/01/02 11:03:19 | 00,051,712 | ---- | C] () -- F:\WINDOWS\wc98pp.dll
[2005/12/14 20:06:29 | 00,000,038 | ---- | C] () -- F:\WINDOWS\Abac Karaoke.INI
[2005/08/23 19:37:48 | 00,000,664 | ---- | C] () -- F:\WINDOWS\yteyy.dll
[2005/08/04 09:36:09 | 00,176,235 | ---- | C] () -- F:\WINDOWS\System32\Primomonnt.dll
[2005/08/04 09:36:09 | 00,000,129 | ---- | C] () -- F:\WINDOWS\primopdf.ini
[2005/07/24 22:18:15 | 00,000,034 | ---- | C] () -- F:\WINDOWS\System32\rnplf4.dll
[2005/07/24 22:14:07 | 00,000,034 | ---- | C] () -- F:\WINDOWS\System32\rnplf8.dll
[2005/06/27 23:26:05 | 00,003,940 | ---- | C] () -- F:\Documents and Settings\Tim\Application Data\evpro32.prf
[2005/06/07 00:06:36 | 00,000,000 | ---- | C] () -- F:\WINDOWS\MSDraw.ini
[2005/04/12 12:14:11 | 00,000,000 | ---- | C] () -- F:\WINDOWS\PROTOCOL.INI
[2005/03/01 15:30:20 | 00,000,453 | ---- | C] () -- F:\WINDOWS\bdoscandellang.ini
[2005/02/02 10:50:09 | 00,000,173 | ---- | C] () -- F:\WINDOWS\ConnMgr.ini
[2005/01/29 09:54:27 | 00,000,091 | ---- | C] () -- F:\WINDOWS\ImportClient.INI
[2005/01/29 09:46:48 | 00,116,640 | ---- | C] () -- F:\WINDOWS\System32\Ptsaci40.dll
[2004/12/28 09:32:41 | 01,568,656 | -H-- | C] () -- F:\Documents and Settings\Tim\Local Settings\Application Data\IconCache.db
[2004/12/04 21:39:03 | 00,000,072 | ---- | C] () -- F:\WINDOWS\SBWIN.INI
[2004/12/04 21:38:48 | 00,000,231 | ---- | C] () -- F:\WINDOWS\AC3API.INI
[2004/12/04 21:38:05 | 00,009,953 | ---- | C] () -- F:\WINDOWS\System32\SBUSB.INI
[2004/11/27 11:50:34 | 00,000,004 | ---- | C] () -- F:\WINDOWS\uccspecb.sys
[2004/11/26 20:42:26 | 00,000,649 | ---- | C] () -- F:\WINDOWS\cclean13.ini
[2004/11/26 20:42:04 | 00,006,125 | ---- | C] () -- F:\WINDOWS\ccscan6.ini
[2004/11/13 01:56:25 | 00,172,032 | ---- | C] () -- F:\WINDOWS\System32\adsubtb.dll
[2004/11/13 01:56:25 | 00,002,150 | ---- | C] () -- F:\WINDOWS\System32\nshxml.ini
[2004/10/27 16:24:55 | 00,035,100 | ---- | C] () -- F:\Documents and Settings\Tim\Application Data\wklnhst.dat
[2004/10/24 21:54:12 | 00,002,154 | ---- | C] () -- F:\WINDOWS\System32\ssmute.ini
[2004/10/20 21:35:15 | 00,000,028 | ---- | C] () -- F:\WINDOWS\EasyWord.INI
[2004/10/20 21:32:22 | 00,011,079 | -H-- | C] () -- F:\Program Files\folder.htt
[2004/10/20 21:32:22 | 00,000,266 | -H-- | C] () -- F:\Program Files\desktop.ini
[2004/10/03 22:37:33 | 00,000,324 | ---- | C] () -- F:\WINDOWS\wininit.ini
[2004/10/03 22:37:25 | 00,000,045 | ---- | C] () -- F:\WINDOWS\HEHIG.ini
[2004/10/03 21:49:32 | 00,000,003 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2004/09/19 08:43:07 | 00,123,728 | ---- | C] () -- F:\Documents and Settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/09/18 10:43:28 | 00,000,003 | ---- | C] () -- F:\WINDOWS\syskey.ini
[2004/09/18 09:14:24 | 00,124,416 | ---- | C] () -- F:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/17 21:42:18 | 00,000,000 | ---- | C] () -- F:\WINDOWS\System32\sys_dll.dll
[2004/09/16 21:02:59 | 00,000,062 | -HS- | C] () -- F:\Documents and Settings\Tim\Application Data\desktop.ini
[2004/09/16 13:26:28 | 00,000,062 | -HS- | C] () -- F:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- F:\WINDOWS\System32\OUTLPERF.INI
[2002/12/05 16:51:00 | 00,059,392 | R--- | C] () -- F:\WINDOWS\streamhlp.dll
[2001/08/23 07:00:00 | 00,001,186 | ---- | C] () -- F:\WINDOWS\win.ini
[2001/08/23 07:00:00 | 00,000,227 | ---- | C] () -- F:\WINDOWS\system.ini

========== LOP Check ==========

[2004/10/06 22:03:00 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Kazaa Lite
[2009/02/28 08:37:15 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Comcast
[2006/06/06 22:10:16 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Jes-Soft
[2009/03/01 22:27:08 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2006/07/26 12:41:34 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/12/18 19:01:05 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Prevx
[2005/04/15 11:41:02 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\ScanDBX
[2006/02/24 15:28:00 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/02/19 13:43:04 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/07/24 11:03:22 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/18 08:04:29 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TomTom
[2006/01/30 18:55:19 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/09/06 07:56:59 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/04/27 22:18:00 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Guest\Application Data\Prevx
[2004/11/16 18:07:14 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Kim\Application Data\InterMute
[2007/03/29 12:44:45 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Kim\Application Data\Prevx
[2004/09/18 00:14:51 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Kim\Application Data\STOPzilla!
[2006/10/05 01:19:02 | 00,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Application Data\Prevx
[2006/09/16 08:30:08 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Sean\Application Data\Allume Systems
[2005/02/09 15:47:17 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Sean\Application Data\GetRight
[2004/10/30 14:52:41 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Sean\Application Data\InterMute
[2007/11/30 08:04:41 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Sean\Application Data\Prevx
[2004/09/18 10:12:14 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Sean\Application Data\STOPzilla!
[2006/03/16 21:28:32 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Allume Systems
[2005/11/25 19:05:18 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Axaware
[2007/03/12 22:43:39 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\CoffeeCup Software
[2005/07/26 16:33:00 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\funkitron
[2006/11/22 16:07:41 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\InterVideo
[2004/09/18 10:32:17 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Kazaa Lite
[2006/01/16 16:34:29 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Leadertech
[2005/09/19 22:39:33 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\MailWasherPro
[2006/10/23 17:41:03 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\NCH Swift Sound
[2009/03/01 22:27:08 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\PACE Anti-Piracy
[2006/07/26 12:41:34 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\PlayFirst
[2007/03/19 19:37:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\RipIt4Me
[2007/03/19 19:03:41 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\RipIt4Me_1
[2009/09/06 07:59:22 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\ScanSoft
[2005/03/09 20:34:59 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Serif
[2004/09/17 23:22:04 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\STOPzilla!
[2004/10/27 16:24:57 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Template
[2008/07/24 05:56:15 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\TmpRecentIcons
[2009/04/18 08:04:09 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\TomTom
[2006/01/30 18:55:52 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\TuneUp Software
[2006/11/23 18:37:43 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Uniblue
[2004/10/05 18:23:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Visicom Media
[2001/08/23 07:00:00 | 00,000,065 | RH-- | M] () -- F:\WINDOWS\Tasks\desktop.ini
[2009/11/16 22:11:15 | 00,000,006 | -H-- | M] () -- F:\WINDOWS\Tasks\SA.DAT
[2009/11/16 23:00:01 | 00,000,296 | ---- | M] () -- F:\WINDOWS\Tasks\wrxudwny.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*.exe >

< %systemroot%\system32\drivers\*.sys >
[2001/08/17 07:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- F:\WINDOWS\system32\drivers\ac97intc.sys
[2004/08/04 01:07:38 | 00,187,776 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\acpi.sys
[2001/08/23 07:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\acpiec.sys
[2009/10/09 02:57:43 | 00,079,872 | ---- | M] () -- F:\WINDOWS\system32\drivers\ad6b54267d9c80126f5c0906.sys
[2006/02/14 19:22:26 | 00,142,464 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\aec.sys
[2008/08/14 04:51:43 | 00,138,368 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\afd.sys
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:42 | 00,044,928 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\agpcpq.sys
[2004/08/04 01:07:41 | 00,042,752 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\alim1541.sys
[2004/08/04 01:07:42 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- F:\WINDOWS\system32\drivers\amdagp.sys
[2004/08/04 00:59:19 | 00,036,992 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\amdk6.sys
[2004/08/04 00:59:20 | 00,037,376 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\amdk7.sys
[2004/08/04 00:58:29 | 00,060,800 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\arp1394.sys
[2005/11/21 00:48:21 | 00,016,512 | ---- | M] (Adaptec) -- F:\WINDOWS\system32\drivers\ASPI32.SYS
[2004/08/04 01:05:03 | 00,014,336 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\asyncmac.sys
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:29:29 | 00,056,623 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\ati1btxx.sys
[2004/08/04 00:29:29 | 00,011,615 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\ati1mdxx.sys
[2004/08/04 00:29:29 | 00,012,047 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\ati1pdxx.sys
[2004/08/04 00:29:30 | 00,030,671 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\ati1raxx.sys
[2004/08/04 00:29:30 | 00,063,663 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\ati1rvxx.sys
[2004/08/04 00:29:31 | 00,026,367 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\ati1snxx.sys
[2004/08/04 00:29:31 | 00,021,343 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\ati1ttxx.sys
[2004/08/04 00:29:31 | 00,036,463 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\ati1tuxx.sys
[2004/08/04 00:29:31 | 00,029,455 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\ati1xbxx.sys
[2004/08/04 00:29:31 | 00,034,735 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\ati1xsxx.sys
[2004/08/04 00:29:26 | 00,327,040 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\ati2mtaa.sys
[2004/08/04 00:29:26 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\ati2mtag.sys
[2004/08/04 00:29:27 | 00,057,856 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\atinbtxx.sys
[2004/08/04 00:29:28 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\atinmdxx.sys
[2004/08/04 00:29:29 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\atinpdxx.sys
[2004/08/04 00:29:29 | 00,052,224 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\atinraxx.sys
[2004/08/04 00:29:30 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\atinrvxx.sys
[2004/08/04 00:29:30 | 00,028,672 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\atinsnxx.sys
[2004/08/04 00:29:30 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\atinttxx.sys
[2004/08/04 00:29:31 | 00,073,216 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\atintuxx.sys
[2004/08/04 00:29:31 | 00,031,744 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\atinxbxx.sys
[2004/08/04 00:29:31 | 00,063,488 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\atinxsxx.sys
[2004/08/04 00:58:30 | 00,059,904 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\atmarpc.sys
[2001/08/23 07:00:00 | 00,031,360 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\atmepvc.sys
[2004/08/04 00:58:34 | 00,055,936 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\atmlane.sys
[2001/08/23 07:00:00 | 00,352,256 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\atmuni.sys
[2001/08/17 08:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\audstub.sys
[2001/08/23 07:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\beep.sys
[2004/08/04 00:59:57 | 00,071,552 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\bridge.sys
[2004/10/15 11:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- F:\WINDOWS\system32\drivers\BrScnUsb.sys
[2006/01/18 21:44:46 | 00,053,248 | ---- | M] (Brother Industries Ltd.) -- F:\WINDOWS\system32\drivers\BrSerIf.sys
[2006/01/19 02:17:38 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- F:\WINDOWS\system32\drivers\BrUsbSer.sys
[2004/08/04 01:10:38 | 00,017,024 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\bthenum.sys
[2004/08/04 01:10:38 | 00,038,016 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\bthmodem.sys
[2004/08/04 00:58:38 | 00,100,992 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\bthpan.sys
[2008/06/13 08:10:50 | 00,272,128 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\bthport.sys
[2004/08/04 01:10:37 | 00,035,456 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\bthprint.sys
[2004/08/04 01:10:34 | 00,018,944 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\bthusb.sys
[2001/08/23 07:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\cbidf2k.sys
[2001/08/23 07:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\cdaudio.sys
[2004/08/04 01:14:10 | 00,063,744 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\cdfs.sys
[2005/08/19 02:00:00 | 00,002,432 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\system32\drivers\cdr4_xp.sys
[2005/08/19 02:00:00 | 00,002,560 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\system32\drivers\cdralw2k.sys
[2004/08/04 00:59:52 | 00,049,536 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\cdrom.sys
[2001/08/23 07:00:00 | 00,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- F:\WINDOWS\system32\drivers\cinemst2.sys
[2004/08/04 01:14:26 | 00,049,664 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\classpnp.sys
[2001/08/23 07:00:00 | 00,011,776 | ---- | M] (Compaq Computer Corporation) -- F:\WINDOWS\system32\drivers\cpqdap01.sys
[2004/08/04 00:59:20 | 00,036,480 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\crusoe.sys
[2004/04/25 22:23:40 | 00,178,736 | ---- | M] (Creative Technology Ltd.) -- F:\WINDOWS\system32\drivers\ctoss2k.sys
[2004/04/25 22:23:41 | 00,130,384 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\drivers\ctsfm2k.sys
[2004/08/04 00:59:54 | 00,036,352 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\disk.sys
[2004/08/04 00:59:52 | 00,014,208 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\diskdump.sys
[2004/08/04 01:07:17 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- F:\WINDOWS\system32\drivers\dmboot.sys
[2004/08/04 01:07:16 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- F:\WINDOWS\system32\drivers\dmio.sys
[2001/08/23 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- F:\WINDOWS\system32\drivers\dmload.sys
[2004/08/04 01:07:38 | 00,052,864 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\dmusic.sys
[2004/08/04 01:07:58 | 00,060,288 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\drmk.sys
[2004/08/04 01:07:57 | 00,002,944 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\drmkaud.sys
[2001/08/23 07:00:00 | 00,010,496 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\dxapi.sys
[2004/08/04 01:00:54 | 00,071,040 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\dxg.sys
[2001/08/23 07:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\dxgthk.sys
[2001/08/17 07:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- F:\WINDOWS\system32\drivers\e100b325.sys
[2004/08/04 01:14:16 | 00,143,360 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\fastfat.sys
[2004/08/04 00:59:27 | 00,027,392 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\fdc.sys
[2001/08/23 07:00:00 | 00,034,944 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\fips.sys
[2004/08/04 00:59:27 | 00,020,480 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\flpydisk.sys
[2006/08/21 04:14:58 | 00,128,896 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\fltmgr.sys
[2001/08/23 07:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\fsvga.sys
[2001/08/23 07:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\fs_rec.sys
[2001/08/23 07:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\ftdisk.sys
[2004/08/04 01:07:43 | 00,046,464 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\gagp30kx.sys
[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- F:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2004/08/04 01:10:36 | 00,025,600 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\hidbth.sys
[2004/08/04 01:08:19 | 00,036,224 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\hidclass.sys
[2004/08/04 01:08:18 | 00,015,104 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\hidir.sys
[2004/08/04 01:08:16 | 00,024,960 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\hidparse.sys
[2001/08/23 07:00:00 | 00,009,600 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\hidusb.sys
[2004/08/04 00:41:46 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- F:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2004/08/04 00:41:48 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- F:\WINDOWS\system32\drivers\hsfcxts2.sys
[2004/08/04 00:41:54 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- F:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2006/03/16 19:33:10 | 00,262,784 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\http.sys
[2004/08/04 01:14:36 | 00,052,736 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\i8042prt.sys
[2007/03/13 11:55:10 | 00,054,520 | ---- | M] (PACE Anti-Piracy, Inc.) -- F:\WINDOWS\system32\drivers\iLokDrvr.sys
[2005/08/15 12:08:26 | 00,005,888 | ---- | M] (Ahead Software AG) -- F:\WINDOWS\system32\drivers\imagedrv.sys
[2005/08/15 12:08:26 | 00,127,488 | ---- | M] (Ahead Software AG) -- F:\WINDOWS\system32\drivers\imagesrv.sys
[2004/08/04 01:00:15 | 00,041,856 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\imapi.sys
[2004/08/04 00:59:41 | 00,005,504 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\intelide.sys
[2004/08/04 00:59:19 | 00,036,096 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\intelppm.sys
[2004/08/04 01:00:06 | 00,029,056 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\ip6fw.sys
[2001/08/23 07:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\ipfltdrv.sys
[2004/08/04 01:04:45 | 00,020,992 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\ipinip.sys
[2004/09/29 17:28:37 | 00,134,912 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\ipnat.sys
[2004/08/04 01:14:28 | 00,074,752 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\ipsec.sys
[2004/08/04 01:08:32 | 00,040,832 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\irbus.sys
[2004/08/04 01:00:46 | 00,011,264 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\irenum.sys
[2001/08/23 07:00:00 | 00,035,840 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\isapnp.sys
[2004/08/04 00:58:32 | 00,024,576 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\kbdclass.sys
[2004/08/04 00:58:34 | 00,014,848 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\kbdhid.sys
[2006/06/14 03:47:45 | 00,172,416 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\kmixer.sys
[2004/08/04 01:15:22 | 00,140,928 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\ks.sys
[2009/06/22 06:34:52 | 00,092,544 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\ksecdd.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\system32\drivers\mbam.sys
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2001/08/23 07:00:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\mcd.sys
[2004/08/04 00:41:55 | 00,011,868 | ---- | M] (Conexant) -- F:\WINDOWS\system32\drivers\mdmxsdk.sys
[2004/08/04 01:07:44 | 00,063,744 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\mf.sys
[2001/08/23 07:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\mnmdd.sys
[2004/08/04 01:08:05 | 00,030,080 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\modem.sys
[2004/08/04 00:58:32 | 00,023,040 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\mouclass.sys
[2004/08/04 00:58:30 | 00,042,240 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\mountmgr.sys
[2009/06/22 06:48:44 | 00,091,776 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\mqac.sys
[2007/12/18 04:51:35 | 00,179,584 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\mrxdav.sys
[2008/10/24 06:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\mrxsmb.sys
[2004/08/04 01:00:41 | 00,019,072 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\msfs.sys
[2004/08/04 01:04:12 | 00,035,072 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\msgpc.sys
[2004/08/04 00:58:41 | 00,007,552 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\mskssrv.sys
[2004/08/04 00:58:38 | 00,005,376 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\mspclock.sys
[2004/08/04 00:58:40 | 00,004,992 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\mspqm.sys
[2004/08/04 01:07:47 | 00,015,488 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\mssmbios.sys
[2004/08/04 00:41:38 | 00,126,686 | ---- | M] (Smart Link) -- F:\WINDOWS\system32\drivers\mtlmnt5.sys
[2004/08/04 00:41:37 | 01,309,184 | ---- | M] (Smart Link) -- F:\WINDOWS\system32\drivers\mtlstrm.sys
[2004/08/04 00:29:36 | 00,452,736 | ---- | M] (Matrox Graphics Inc.) -- F:\WINDOWS\system32\drivers\mtxparhm.sys
[2004/08/04 01:15:20 | 00,107,904 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\mup.sys
[2004/08/04 01:04:51 | 00,012,672 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\mutohpen.sys
[2006/10/23 17:41:06 | 00,021,120 | ---- | M] (NCH Swift Sound) -- F:\WINDOWS\system32\drivers\nchssvad.sys
[2004/08/04 01:14:28 | 00,182,912 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\ndis.sys
[2001/08/23 07:00:00 | 00,009,600 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\ndistapi.sys
[2004/08/04 01:03:12 | 00,012,928 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\ndisuio.sys
[2004/08/04 01:14:31 | 00,091,776 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\ndiswan.sys
[2001/08/23 07:00:00 | 00,038,016 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\ndproxy.sys
[2004/08/04 01:03:21 | 00,034,560 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\netbios.sys
[2004/08/04 01:14:37 | 00,162,816 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\netbt.sys
[2004/08/04 00:58:29 | 00,061,824 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\nic1394.sys
[2001/08/23 07:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- F:\WINDOWS\system32\drivers\nikedrv.sys
[2004/08/04 00:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\nmnt.sys
[2004/08/04 01:00:43 | 00,030,848 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\npfs.sys
[2007/02/09 06:10:35 | 00,574,464 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/04 00:41:39 | 00,180,360 | ---- | M] (Smart Link) -- F:\WINDOWS\system32\drivers\ntmtlfax.sys
[2001/08/23 07:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\null.sys
[2001/08/17 07:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\system32\drivers\nv4.sys
[2004/08/04 00:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\system32\drivers\nv4_mini.sys
[2001/08/23 07:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\nwlnkflt.sys
[2001/08/23 07:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2004/08/04 01:03:35 | 00,088,448 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\nwlnkipx.sys
[2001/08/23 07:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\nwlnknb.sys
[2001/08/23 07:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\nwlnkspx.sys
[2006/10/13 05:23:15 | 00,163,584 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\nwrdr.sys
[2001/08/23 07:00:00 | 00,003,456 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\oprghdlr.sys
[2004/08/04 00:59:19 | 00,042,496 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\p3.sys
[2002/06/21 06:58:00 | 00,016,509 | ---- | M] (Palm, Inc.) -- F:\WINDOWS\system32\drivers\PalmUSBD.sys
[2004/08/04 00:59:06 | 00,080,128 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\parport.sys
[2001/08/23 07:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\partmgr.sys
[2001/08/23 07:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\parvdm.sys
[2009/06/30 09:37:16 | 00,028,552 | ---- | M] (Panda Security, S.L.) -- F:\WINDOWS\system32\drivers\pavboot.sys
[2004/08/04 01:07:46 | 00,068,224 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\pci.sys
[2004/08/04 00:59:41 | 00,025,088 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\pciidex.sys
[2004/08/04 01:07:46 | 00,119,936 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\pcmcia.sys
[2004/06/03 12:10:00 | 00,071,596 | ---- | M] (Creative Technology Ltd.) -- F:\WINDOWS\system32\drivers\PFMODNT.SYS
[2004/08/04 01:15:50 | 00,145,792 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\portcls.sys
[2004/08/04 00:59:17 | 00,035,328 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\processr.sys
[2004/08/04 01:04:19 | 00,069,120 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\psched.sys
[2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- F:\WINDOWS\system32\drivers\ptilink.sys
[2001/08/17 08:28:14 | 00,112,574 | ---- | M] (PCTEL, INC.) -- F:\WINDOWS\system32\drivers\ptserlp.sys
[2005/08/19 02:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\system32\drivers\pxhelp20.sys
[2001/08/23 07:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\rasacd.sys
[2004/08/04 01:14:22 | 00,051,328 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\rasl2tp.sys
[2004/08/04 01:05:07 | 00,041,472 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\raspppoe.sys
[2004/08/04 01:14:26 | 00,048,384 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\raspptp.sys
[2001/08/23 07:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\raspti.sys
[2001/08/23 07:00:00 | 00,034,432 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\rawwan.sys
[2006/05/05 04:47:57 | 00,174,592 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\rdbss.sys
[2001/08/23 07:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\rdpcdd.sys
[2004/08/04 01:01:15 | 00,196,864 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\rdpdr.sys
[2005/06/09 23:09:46 | 00,139,528 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/04 00:41:39 | 00,013,776 | ---- | M] (Smart Link) -- F:\WINDOWS\system32\drivers\recagent.sys
[2004/08/04 00:59:37 | 00,057,472 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\redbook.sys
[2004/08/04 01:10:39 | 00,059,648 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\rfcomm.sys
[2001/08/23 07:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- F:\WINDOWS\system32\drivers\rio8drv.sys
[2001/08/23 07:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- F:\WINDOWS\system32\drivers\riodrv.sys
[2008/05/08 07:28:49 | 00,202,752 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\rmcast.sys
[2004/08/04 01:04:31 | 00,030,080 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\rndismp.sys
[2004/08/04 01:04:31 | 00,030,080 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\rndismpx.sys
[2001/08/23 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\rootmdm.sys
[2004/08/04 00:29:51 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- F:\WINDOWS\system32\drivers\s3gnbm.sys
[2004/07/27 04:31:34 | 01,643,648 | ---- | M] (Creative Technology Ltd.) -- F:\WINDOWS\system32\drivers\sbusb.sys
[2004/08/04 00:59:41 | 00,096,256 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\scsiport.sys
[2004/08/04 01:07:47 | 00,067,584 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\sdbus.sys
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- F:\WINDOWS\system32\drivers\secdrv.sys
[2004/08/04 00:59:07 | 00,015,488 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\serenum.sys
[2004/08/04 01:15:52 | 00,064,896 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\serial.sys
[2004/08/04 00:59:54 | 00,011,136 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\sffdisk.sys
[2004/08/04 00:59:54 | 00,010,240 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\sffp_sd.sys
[2004/08/04 00:59:54 | 00,011,392 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\sfloppy.sys
[2004/08/04 01:07:42 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- F:\WINDOWS\system32\drivers\sisagp.sys
[2004/08/04 00:41:40 | 00,129,535 | ---- | M] (Smart Link) -- F:\WINDOWS\system32\drivers\slnt7554.sys
[2004/08/04 00:41:42 | 00,404,990 | ---- | M] (Smart Link) -- F:\WINDOWS\system32\drivers\slntamr.sys
[2004/08/04 00:41:44 | 00,095,424 | ---- | M] (Smart Link) -- F:\WINDOWS\system32\drivers\slnthal.sys
[2004/08/04 00:41:45 | 00,013,240 | ---- | M] (Smart Link) -- F:\WINDOWS\system32\drivers\slwdmsup.sys
[2004/08/04 01:07:36 | 00,006,016 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\smbali.sys
[2001/08/23 07:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\smclib.sys
[2004/08/04 01:09:55 | 00,025,472 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\sonydcam.sys
[2006/06/14 03:47:46 | 00,006,400 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\splitter.sys
[2004/08/04 01:06:25 | 00,073,472 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\sr.sys
[2008/12/11 06:57:21 | 00,333,184 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\srv.sys
[2004/08/04 01:08:02 | 00,048,640 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\stream.sys
[2001/04/27 13:28:36 | 00,131,776 | ---- | M] (Intel ) -- F:\WINDOWS\system32\drivers\STVqx3.SYS
[2004/08/04 00:58:41 | 00,004,352 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\swenum.sys
[2001/08/17 09:00:52 | 00,054,272 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\swmidi.sys
[2004/08/04 01:15:55 | 00,060,800 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\sysaudio.sys
[2004/08/04 00:59:59 | 00,014,976 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\tape.sys
[2008/06/20 05:45:13 | 00,360,320 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 04:52:06 | 00,225,920 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\tcpip6.sys
[2004/08/04 01:07:48 | 00,018,560 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\tdi.sys
[2004/08/04 03:01:07 | 00,012,040 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\tdpipe.sys
[2004/08/04 03:01:07 | 00,021,896 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\tdtcp.sys
[2004/08/04 03:01:07 | 00,040,840 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\termdd.sys
[2001/08/23 07:00:00 | 00,051,712 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\tosdvd.sys
[2007/03/13 11:54:38 | 00,078,648 | ---- | M] (PACE Anti-Piracy, Inc.) -- F:\WINDOWS\system32\drivers\TPkd.sys
[2001/08/23 07:00:00 | 00,021,376 | ---- | M] (Toshiba Corporation) -- F:\WINDOWS\system32\drivers\tsbvcap.sys
[2004/08/04 01:03:17 | 00,012,416 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\tunmp.sys
[2005/10/09 16:05:00 | 00,023,600 | ---- | M] (EnTech Taiwan) -- F:\WINDOWS\system32\drivers\TVICHW32.SYS
[2004/08/04 01:07:43 | 00,044,672 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\uagp35.sys
[2004/08/04 01:00:31 | 00,066,176 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\udfs.sys
[2007/04/23 05:32:54 | 00,364,160 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\update.sys
[2004/08/04 01:04:32 | 00,012,672 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\usb8023.sys
[2004/08/04 01:04:33 | 00,012,672 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\usb8023x.sys
[2004/08/04 02:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\USBAUDIO.sys
[2001/08/23 07:00:00 | 00,023,808 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\usbcamd.sys
[2001/08/23 07:00:00 | 00,023,936 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\usbcamd2.sys
[2004/08/04 01:08:46 | 00,031,616 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\usbccgp.sys
[2001/08/23 07:00:00 | 00,004,736 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\usbd.sys
[2004/08/04 01:08:37 | 00,026,624 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\usbehci.sys
[2004/08/04 01:08:42 | 00,057,600 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\usbhub.sys
[2004/08/04 01:08:57 | 00,016,000 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\usbintel.sys
[2004/08/04 01:08:42 | 00,142,976 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\usbport.sys
[2004/08/04 01:01:24 | 00,025,856 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\usbprint.sys
[2004/08/04 00:58:46 | 00,015,104 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\usbscan.sys
[2004/08/04 02:08:46 | 00,026,496 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\USBSTOR.SYS
[2004/08/04 01:08:37 | 00,020,480 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\usbuhci.sys
[2004/08/04 01:10:10 | 00,078,464 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\usbvideo.sys
[2001/08/23 07:00:00 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- F:\WINDOWS\system32\drivers\vdmindvd.sys
[2004/08/04 01:07:06 | 00,020,992 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\vga.sys
[2004/08/04 01:07:42 | 00,042,240 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\viaagp.sys
[2004/08/04 01:07:05 | 00,079,744 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\videoprt.sys
[2001/08/17 08:28:14 | 00,604,253 | ---- | M] (PCTEL, INC.) -- F:\WINDOWS\system32\drivers\vmodem.sys
[2004/08/04 01:00:16 | 00,052,352 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\volsnap.sys
[2001/08/17 08:28:16 | 00,397,502 | ---- | M] (PCtel, Inc.) -- F:\WINDOWS\system32\drivers\vpctcom.sys
[2001/08/17 08:28:16 | 00,064,605 | ---- | M] (PCtel, Inc.) -- F:\WINDOWS\system32\drivers\vvoice.sys
[2004/08/04 01:04:52 | 00,013,568 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\wacompen.sys
[2004/08/04 00:29:38 | 00,011,807 | ---- | M] (Intel® Corporation) -- F:\WINDOWS\system32\drivers\wadv07nt.sys
[2004/08/04 00:29:39 | 00,011,295 | ---- | M] (Intel® Corporation) -- F:\WINDOWS\system32\drivers\wadv08nt.sys
[2004/08/04 00:29:40 | 00,011,871 | ---- | M] (Intel® Corporation) -- F:\WINDOWS\system32\drivers\wadv09nt.sys
[2004/08/04 00:29:40 | 00,011,935 | ---- | M] (Intel® Corporation) -- F:\WINDOWS\system32\drivers\wadv11nt.sys
[2004/08/04 01:04:57 | 00,034,560 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\wanarp.sys
[2004/08/04 00:29:44 | 00,022,271 | ---- | M] (Intel® Corporation) -- F:\WINDOWS\system32\drivers\watv06nt.sys
[2004/08/04 00:29:45 | 00,025,471 | ---- | M] (Intel® Corporation) -- F:\WINDOWS\system32\drivers\watv10nt.sys
[2006/06/14 04:00:45 | 00,082,944 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\wdmaud.sys
[2001/08/23 07:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\wmilib.sys
[2006/10/18 20:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\wpdusb.sys
[2001/08/23 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\ws2ifsl.sys
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\WudfPf.sys
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\WudfRd.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> F:\WINDOWS\System32\svchost.exe:SummaryInformation
@Alternate Data Stream - 1341 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:NcCL0u0TowKObXn4
@Alternate Data Stream - 1200 bytes -> F:\Documents and Settings\Tim\Local Settings\Application Data\m04x6vCMB5M0M:bpZwyIU6A6fX6nAnphjbx8G
@Alternate Data Stream - 1170 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:ePP2plodh7z2xBOwOKrNxmlSFc
@Alternate Data Stream - 1148 bytes -> F:\Program Files\Common Files\System:vxJczDgp5uNgI38EtotVgY
< End of report >

#4 tmaher24

tmaher24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 16 November 2009 - 11:12 PM

Got an error message with Root Repeal: Root Repeal Error Could not read system registry.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/16 23:09
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: F:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3CF1000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: F:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A2A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: F:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF8B98000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: F:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF2C8D000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 173 Function Name: NtQuerySystemInformation
Status: Hooked by "F:\WINDOWS\system32\DRIVERS\ad6b54267d9c80126f5c0906.sys" at address 0xf3d0cae3

==EOF==

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:05 PM

Posted 17 November 2009 - 09:32 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2009/08/16 22:11:55 | 00,091,648 | -HS- | M] () -- F:\WINDOWS\system32\wenijalu.dll
    MOD - [2009/08/13 18:21:21 | 00,050,688 | -HS- | M] () -- F:\WINDOWS\system32\poraheva.dll
    O4 - HKLM..\Run: [wigegelil] F:\WINDOWS\System32\wenijalu.DLL ()
    O20 - AppInit_DLLs: (poraheva.dll) - F:\WINDOWS\System32\poraheva.dll ()
    O20 - AppInit_DLLs: (f:\windows\system32\wenijalu.dll) - F:\WINDOWS\system32\wenijalu.dll ()
    O21 - SSODL: SysNet - {25B4E279-FE3B-4B3F-B5AC-61719FF02A99} - F:\Documents and Settings\All Users\Microsoft AData\sysnet.dll ()
    O21 - SSODL: tenivilun - {39851ee5-f862-4e63-b997-bb83fed73d80} - F:\WINDOWS\system32\wenijalu.dll ()
    O22 - SharedTaskScheduler: {39851ee5-f862-4e63-b997-bb83fed73d80} - mujuzedij - F:\WINDOWS\system32\wenijalu.dll ()
    [2009/11/06 21:27:36 | 00,000,000 | ---D | C] -- F:\Program Files\Personal Guard 2009
    [2009/11/06 21:27:33 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Microsoft AData
    [35 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]
    [1 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
    [2009/11/16 23:00:01 | 00,000,296 | ---- | M] () -- F:\WINDOWS\tasks\wrxudwny.job
    [2009/11/16 03:03:00 | 00,000,000 | ---- | M] () -- F:\WINDOWS\usexplorer.exe
    [2009/11/16 03:03:00 | 00,000,000 | ---- | M] () -- F:\WINDOWS\spoov.exe
    [2009/11/16 03:03:00 | 00,000,000 | ---- | M] () -- F:\WINDOWS\securits.com
    [2009/11/16 03:03:00 | 00,000,000 | ---- | M] () -- F:\WINDOWS\regred.exe
    [2009/11/16 03:03:00 | 00,000,000 | ---- | M] () -- F:\WINDOWS\certsystem.exe
    [2009/11/14 12:08:51 | 00,000,000 | ---- | M] () -- F:\WINDOWS\microsoftdef.dll
    [2009/08/16 22:11:55 | 00,091,648 | -HS- | C] () -- F:\WINDOWS\System32\wenijalu.dll
    [2009/08/16 22:11:55 | 00,037,888 | -HS- | C] () -- F:\WINDOWS\System32\midogiru.dll
    [2009/08/15 22:02:42 | 00,089,600 | -HS- | C] () -- F:\WINDOWS\System32\kowozatu.dll
    [2009/08/15 22:02:42 | 00,038,400 | -HS- | C] () -- F:\WINDOWS\System32\jeleguja.dll
    [2009/08/15 10:02:38 | 00,089,088 | -HS- | C] () -- F:\WINDOWS\System32\mohohimu.dll
    [2009/08/15 10:02:38 | 00,038,400 | -HS- | C] () -- F:\WINDOWS\System32\veyoroda.dll
    [2009/08/14 22:02:10 | 00,089,088 | -HS- | C] () -- F:\WINDOWS\System32\bajoduza.dll
    [2009/08/14 22:02:10 | 00,037,888 | -HS- | C] () -- F:\WINDOWS\System32\hakolike.dll
    [2009/08/13 18:21:21 | 00,050,688 | -HS- | C] () -- F:\WINDOWS\System32\timepimi.dll
    [2009/08/13 18:21:21 | 00,050,688 | -HS- | C] () -- F:\WINDOWS\System32\sutuhoha.dll
    [2009/08/13 18:21:21 | 00,050,688 | -HS- | C] () -- F:\WINDOWS\System32\poraheva.dll
    [2009/08/13 18:20:49 | 00,089,600 | -HS- | C] () -- F:\WINDOWS\System32\zalahobe.dll
    [2009/08/13 18:20:49 | 00,050,688 | -HS- | C] () -- F:\WINDOWS\System32\jiruludi.dll
    [2009/08/13 18:20:49 | 00,039,424 | -HS- | C] () -- F:\WINDOWS\System32\zumidiba.dll
    [2009/08/13 06:21:06 | 00,090,112 | -HS- | C] () -- F:\WINDOWS\System32\wemipipo.dll
    [2009/08/13 06:21:06 | 00,039,424 | -HS- | C] () -- F:\WINDOWS\System32\fenoyoyu.dll
    [2009/08/12 15:09:38 | 00,090,112 | -HS- | C] () -- F:\WINDOWS\System32\pulewogo.dll
    [2009/08/12 15:09:38 | 00,061,440 | -HS- | C] () -- F:\WINDOWS\System32\pogogiso.dll
    [2009/08/12 15:09:38 | 00,038,912 | -HS- | C] () -- F:\WINDOWS\System32\dogobuzo.dll
    [2009/08/12 03:09:23 | 00,038,912 | -HS- | C] () -- F:\WINDOWS\System32\rumenite.dll
    [2009/08/11 03:08:28 | 00,052,736 | -HS- | C] () -- F:\WINDOWS\System32\bagahone.dll
    [2009/08/11 03:08:28 | 00,038,400 | -HS- | C] () -- F:\WINDOWS\System32\sosagatu.dll
    [2009/08/09 15:07:55 | 00,090,112 | -HS- | C] () -- F:\WINDOWS\System32\zubadira.dll
    [2009/08/09 15:07:55 | 00,051,200 | -HS- | C] () -- F:\WINDOWS\System32\sazukojo.dll
    [2009/08/09 15:07:55 | 00,038,400 | -HS- | C] () -- F:\WINDOWS\System32\vasidifu.dll
    [2009/08/08 09:32:15 | 00,091,136 | -HS- | C] () -- F:\WINDOWS\System32\hazoboyi.dll
    [2009/08/08 09:32:15 | 00,051,200 | -HS- | C] () -- F:\WINDOWS\System32\yujopona.dll
    [2009/08/08 09:32:15 | 00,039,424 | -HS- | C] () -- F:\WINDOWS\System32\zeyebome.dll
    [2009/08/07 21:32:00 | 00,039,424 | -HS- | C] () -- F:\WINDOWS\System32\nomajale.dll
    [2008/07/24 06:13:20 | 00,617,529 | -HS- | C] () -- F:\WINDOWS\System32\hidopaqw.ini
    [2006/03/25 17:52:34 | 00,627,965 | -HS- | C] () -- F:\WINDOWS\System32\qqtss.ini2
    [2006/01/12 16:16:41 | 00,090,442 | -HS- | C] () -- F:\WINDOWS\System32\qqtss.ini
    
    
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

=====================



Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 tmaher24

tmaher24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 17 November 2009 - 06:28 PM

Here is the log with the fixes pasted.

All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[Reboot]> in the current context!

OTL by OldTimer - Version 3.1.5.0 log created on 11172009_182108

Files\Folders moved on Reboot...
Folder move failed. F:\Program Files\Personal Guard 2009\\q scheduled to be moved on reboot.
Folder move failed. F:\Program Files\Personal Guard 2009\ scheduled to be moved on reboot.
Folder move failed. F:\Documents and Settings\All Users\Microsoft AData\ scheduled to be moved on reboot.
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\artists;art=az;art=nelly;gen=hip_hop_rap;pagename=videos;portal=artists;section_1=az;section_2=nelly;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;tile=2;ord=7876051823296[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\artists;art=az;dcopt=ist;dcove=o;art=nelly;gen=hip_hop_rap;pagename=videos;portal=artists;section_1=az;section_2=nelly;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;tile=1;[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\bands;ptile=1;art=jojo_pop_;gen=rock;pagename=audvid;gateway=bands;section_1=az;section_2=jojo_pop_;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;ord=25860677403889644[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\bands;ptile=1;dcopt=ist;dcove=o;art=jojo_pop_;gen=rock;pagename=audvid;gateway=bands;section_1=az;section_2=jojo_pop_;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;ord=2586[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\bands;ptile=1;dcove=o;art=furtado_nelly;gen=pop;pagename=audvid;gateway=bands;section_1=az;section_2=furtado_nelly;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\mediaplayer;dcove=o;pagename=mediaplayer;zyg=;span=;demo=;era=;bps=vhigh;fla=7;section_0=bands;section_1=az;section_2=destinys_ch[1].jhtml;vidAd=25;sz=336x280;ord=519236903101095800 not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\mediaplayer;dcove=o;pagename=mediaplayer;zyg=;span=;demo=;era=;bps=vhigh;fla=7;section_0=search;section_1=searchsitewideres[1].jhtml;vidAd=4;sz=336x280;tile=1;ord=905125038737738700 not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\music;music=index;dcopt=ist;dcove=o;pagename=index;aff=college_m;aff=college_f;aff=teen_m;aff=teen_f;gateway=music;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\music;music=index;dcove=o;pagename=index;aff=college_m;aff=college_f;aff=teen_m;aff=teen_f;gateway=music;section_1=browse;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\search;dcove=o;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x90;tile=[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\search;dcove=o;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x90;tile=[2] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\search;dcove=o;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x90;tile=[3] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;tile=3;ord=184926909930843[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;tile=3;ord=655730817099881[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;tile=3;ord=857416907233402[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;tile=3;ord=913699196190891[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=336x280;tile=2;ord=302817382183106[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODI7O9AV\search;search=results;dcopt=ist;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;ti[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\artists;art=az;section_0=artists;section_1=az;section_2=[1].jhtml;vidAd=16;media=player;pagename=index;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=336x280;tile=1;ord=858929227122576900 not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\artists;art=az;section_0=artists;section_1=az;section_2=[1].jhtml;vidAd=42;media=player;pagename=index;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=336x280;tile=1;ord=330745415494158460 not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\bands;ptile=1;art=destinys_child;gen=r_b_soul;gen=pop;pagename=audvid;gateway=bands;section_1=az;section_2=destinys_child;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;ord[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\bands;ptile=1;art=furtado_nelly;gen=pop;pagename=audvid;gateway=bands;section_1=az;section_2=furtado_nelly;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;ord=45794903824812[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\bands;ptile=1;dcopt=ist;dcove=o;art=destinys_child;gen=r_b_soul;gen=pop;pagename=audvid;gateway=bands;section_1=az;section_2=destinys_child;zyg=;span=;demo=;era=;bps=vhigh;fl[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\bands;ptile=1;dcopt=ist;dcove=o;art=usher;gen=r_b_soul;pagename=artist;gateway=bands;section_1=az;section_2=usher;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;ord=10651685[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\bands;ptile=1;dcove=o;art=eminem;gen=hip_hop_rap;pagename=audvid;gateway=bands;section_1=az;section_2=eminem;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x90;ord[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\mediaplayer;dcove=o;pagename=mediaplayer;zyg=;span=;demo=;era=;bps=vhigh;fla=7;section_0=bands;section_1=az;section_2=jojo_pop_;se[1].jhtml;vidAd=40;sz=336x280;ord=93386628356647450 not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\mediaplayer;dcove=o;pagename=mediaplayer;zyg=;span=;demo=;era=;bps=vhigh;fla=7;section_0=bands;section_1=az;section_2=nelly;secti[1].jhtml;vidAd=32;sz=336x280;ord=866795246112875800 not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\music;music=index;pagename=index;aff=college_m;aff=college_f;aff=teen_m;aff=teen_f;gateway=music;section_1=browse;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;tile=2;ord=[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\search;dcove=o;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x90;tile=[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\search;dcove=o;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x90;tile=[2] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;tile=3;ord=214172862441447[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;tile=3;ord=353234913363260[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;tile=3;ord=531297361487159[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;tile=3;ord=647848311341068[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;tile=3;ord=806931823257294[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;tile=3;ord=918185746161049[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=336x280;tile=2;ord=857416907233402[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=336x280;tile=2;ord=918185746161049[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\search;search=results;dcopt=ist;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;tile[1].5 not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\search;search=results;dcopt=ist;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;ti[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\search;search=results;dcopt=ist;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;ti[2] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\search;search=results;dcopt=ist;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;ti[3] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTA3GTQZ\search;search=results;dcopt=ist;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;ti[4] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\artists;art=az;dcopt=ist;dcove=o;art=furtado_nelly;gen=pop;pagename=artist;art=artist;portal=artists;section_1=az;section_2=furtado_nelly;zyg=;span=;demo=;era=;bps=vhigh;fla=[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\bands;dcove=o;dcove=o;art=usher;gen=r_b_soul;pagename=artist;gateway=bands;section_1=az;section_2=usher;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x90;ord=1065[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\bands;ptile=1;art=eminem;gen=hip_hop_rap;pagename=audvid;gateway=bands;section_1=az;section_2=eminem;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;ord=417828346439916000[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\bands;ptile=1;dcopt=ist;dcove=o;art=eminem;gen=hip_hop_rap;pagename=audvid;gateway=bands;section_1=az;section_2=eminem;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;ord=417[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\bands;ptile=1;dcopt=ist;dcove=o;art=furtado_nelly;gen=pop;pagename=audvid;gateway=bands;section_1=az;section_2=furtado_nelly;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;o[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\bands;ptile=1;dcopt=ist;dcove=o;art=nelly;gen=hip_hop_rap;pagename=audvid;gateway=bands;section_1=az;section_2=nelly;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;ord=53338[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\bands;ptile=1;dcove=o;art=nelly;gen=hip_hop_rap;pagename=audvid;gateway=bands;section_1=az;section_2=nelly;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x90;ord=5[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\bands;ptile=1;dcove=o;art=spears_britney;gen=pop;pagename=audvid;gateway=bands;section_1=az;section_2=spears_britney;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=72[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\mediaplayer;dcove=o;pagename=mediaplayer;zyg=;span=;demo=;era=;bps=vhigh;fla=7;section_0=bands;section_1=az;section_2=eminem;secti[1].jhtml;vidAd=25;sz=336x280;ord=96325726294231530 not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\mediaplayer;dcove=o;pagename=mediaplayer;zyg=;span=;demo=;era=;bps=vhigh;fla=7;section_0=bands;section_1=az;section_2=spears_brit[1].jhtml;vidAd=49;sz=336x280;ord=169586421719619840 not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\search;dcove=o;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x90;tile=[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\search;dcove=o;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x90;tile=[2] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;tile=3;ord=302817382183106[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=336x280;tile=2;ord=214172862441447[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=336x280;tile=2;ord=353234913363260[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=336x280;tile=2;ord=531297361487159[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=336x280;tile=2;ord=647848311341068[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=336x280;tile=2;ord=806931823257294[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\search;search=results;dcopt=ist;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;ti[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\search;search=results;dcopt=ist;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;ti[2] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\search;search=results;dcopt=ist;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;ti[3] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\CHM7STAJ\search;search=results;dcopt=ist;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;ti[4] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\artists;art=az;art=nelly;gen=hip_hop_rap;pagename=artist;art=artist;portal=artists;section_1=az;section_2=nelly;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;tile=2;ord=39[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\artists;art=az;dcopt=ist;dcove=o;art=nelly;gen=hip_hop_rap;pagename=artist;art=artist;portal=artists;section_1=az;section_2=nelly;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\bands;dcove=o;art=usher;gen=r_b_soul;pagename=artist;gateway=bands;section_1=az;section_2=usher;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;ord=106516859367018930[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\bands;ptile=1;art=nelly;gen=hip_hop_rap;pagename=audvid;gateway=bands;section_1=az;section_2=nelly;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;ord=533383585059232300[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\bands;ptile=1;art=spears_britney;gen=pop;pagename=audvid;gateway=bands;section_1=az;section_2=spears_britney;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;ord=198896839707[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\bands;ptile=1;dcopt=ist;dcove=o;art=spears_britney;gen=pop;pagename=audvid;gateway=bands;section_1=az;section_2=spears_britney;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\bands;ptile=1;dcove=o;art=destinys_child;gen=r_b_soul;gen=pop;pagename=audvid;gateway=bands;section_1=az;section_2=destinys_child;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=bt[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\bands;ptile=1;dcove=o;art=jojo_pop_;gen=rock;pagename=audvid;gateway=bands;section_1=az;section_2=jojo_pop_;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x90;ord=[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\mediaplayer;dcove=o;pagename=mediaplayer;zyg=;span=;demo=;era=;bps=vhigh;fla=7;section_0=bands;section_1=az;section_2=nelly;section[1].jhtml;vidAd=6;sz=336x280;ord=82976216551237040 not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\mediaplayer;dcove=o;pagename=mediaplayer;zyg=;span=;demo=;era=;bps=vhigh;fla=7;section_0=bands;section_1=az;section_2=usher;secti[1].jhtml;vidAd=45;sz=336x280;ord=233427608095042600 not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\mediaplayer;gateway=artists;section_1=az;section_2=nelly;section_3=770886;pageName=album;;section_0=artists;section_1=az;section_2=nelly;section_3=770886;aff=hearmusicfirst;s[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\mediaplayer;gateway=artists;section_1=az;section_2=nelly;section_3=770886;pageName=album;;section_0=artists;section_1=az;section_2=nelly;section_3=770886;aff=hearmusicfirst;s[2] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\music;dcove=o;dcove=o;pagename=index;aff=college_m;aff=college_f;aff=teen_m;aff=teen_f;gateway=music;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\music;dcove=o;pagename=index;aff=college_m;aff=college_f;aff=teen_m;aff=teen_f;gateway=music;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=336x280;tile=2;ord=919421[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\music;music=index;dcopt=ist;dcove=o;pagename=index;aff=college_m;aff=college_f;aff=teen_m;aff=teen_f;gateway=music;section_1=browse;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=7[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\search;dcove=o;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x90;tile=4;[1].5 not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\search;dcove=o;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x90;tile=[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\search;dcove=o;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x90;tile=[2] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\search;dcove=o;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x90;tile=[3] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\search;dcove=o;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;mtv=btm728x90;sz=728x90;tile=[4] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=120x600;tile=3;ord=4389917352434713.[1].5 not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=336x280;tile=2;ord=184926909930843[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=336x280;tile=2;ord=4389917352434713.[1].5 not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=336x280;tile=2;ord=655730817099881[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\search;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=336x280;tile=2;ord=913699196190891[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\search;search=results;dcopt=ist;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;ti[1] not found!
File\Folder F:\Documents and Settings\Kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMBSXI7\search;search=results;dcopt=ist;dcove=o;search=sitewideresults;pagename=searchsitewideresults;gateway=search;section_1=main;zyg=;span=;demo=;era=;bps=vhigh;fla=7;sz=728x90;ti[2] not found!

Registry entries deleted on Reboot...

#7 tmaher24

tmaher24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 17 November 2009 - 08:38 PM

Here is the Malwarebytes Log......

Malwarebytes' Anti-Malware 1.41
Database version: 3190
Windows 5.1.2600 Service Pack 2

11/17/2009 8:32:04 PM
mbam-log-2009-11-17 (20-32-04).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 227701
Time elapsed: 45 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 4
Registry Data Items Infected: 5
Folders Infected: 4
Files Infected: 46

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
f:\WINDOWS\system32\mulanaha.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c8ab3f45-2cd6-4185-93d6-f26d951ed292} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{20744758-0a58-4bc9-b7a5-e7b0d9a81e05} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\personal guard 2009 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Personal Guard 2009 (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wigegelil (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c8ab3f45-2cd6-4185-93d6-f26d951ed292} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kilamikav (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc5e2j0e361 (Rogue.AntiVirusXP) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: f:\windows\system32\mulanaha.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\mulanaha.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
F:\Program Files\Personal Guard 2009 (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully.
F:\Program Files\Personal Guard 2009\q (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully.
F:\Documents and Settings\Tim\Start Menu\Programs\Personal Guard 2009 (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Microsoft AData (Rogue.SmartProtector) -> Quarantined and deleted successfully.

Files Infected:
f:\WINDOWS\system32\mulanaha.dll (Trojan.Vundo.H) -> Delete on reboot.
F:\Program Files\Personal Guard 2009\uninstalls.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0014397.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0014399.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0014411.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0014412.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0015394.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0015400.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0014413.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0015459.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0015455.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0016407.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0016408.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0016409.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0016410.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0017399.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0018394.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0018395.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0018405.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0018406.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0018407.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0018412.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{92E60162-906F-42CA-B0BF-60F762E30197}\RP8\A0018416.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\winsc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\_OTL\MovedFiles\11172009_181210\F_Documents and Settings\All Users\Microsoft AData\sysnet.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\_OTL\MovedFiles\11172009_181210\F_WINDOWS\system32\bagahone.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\_OTL\MovedFiles\11172009_181210\F_WINDOWS\system32\dogobuzo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\_OTL\MovedFiles\11172009_181210\F_WINDOWS\system32\fenoyoyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\_OTL\MovedFiles\11172009_181210\F_WINDOWS\system32\hazoboyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\_OTL\MovedFiles\11172009_181210\F_WINDOWS\system32\nomajale.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\_OTL\MovedFiles\11172009_181210\F_WINDOWS\system32\pulewogo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\_OTL\MovedFiles\11172009_181210\F_WINDOWS\system32\rumenite.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\_OTL\MovedFiles\11172009_181210\F_WINDOWS\system32\sazukojo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\_OTL\MovedFiles\11172009_181210\F_WINDOWS\system32\sosagatu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\_OTL\MovedFiles\11172009_181210\F_WINDOWS\system32\wemipipo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\_OTL\MovedFiles\11172009_181210\F_WINDOWS\system32\zalahobe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\_OTL\MovedFiles\11172009_181210\F_WINDOWS\system32\zeyebome.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\_OTL\MovedFiles\11172009_181210\F_WINDOWS\system32\zumidiba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\Program Files\Personal Guard 2009\config.scf (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully.
F:\Program Files\Personal Guard 2009\mmbase.sdb (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully.
F:\Program Files\Personal Guard 2009\personalguard.exe (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully.
F:\Program Files\Personal Guard 2009\q.sdb (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully.
F:\Program Files\Personal Guard 2009\vvbase.sdb (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully.
F:\Documents and Settings\Tim\Start Menu\Programs\Personal Guard 2009\Personal Guard 2009.lnk (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully.
F:\Documents and Settings\Tim\Start Menu\Programs\Personal Guard 2009\Uninstall.lnk (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Microsoft AData\t.sid (Rogue.SmartProtector) -> Quarantined and deleted successfully.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:05 PM

Posted 18 November 2009 - 08:46 AM

Please post a new OTL log.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 tmaher24

tmaher24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 19 November 2009 - 08:22 AM

Computer is running alot better now. Pop ups sem to be gone and it is loading pages faster. It is also not freezing up anymore. Here is the log.

OTL logfile created on: 11/19/2009 8:18:15 AM - Run 4
OTL by OldTimer - Version 3.1.5.0 Folder = F:\Documents and Settings\Tim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

511.42 Mb Total Physical Memory | 139.09 Mb Available Physical Memory | 27.20% Memory free
1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.74% Paging File free
Paging file location(s): F:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 19.53 Gb Total Space | 11.97 Gb Free Space | 61.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 19.53 Gb Total Space | 2.36 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
Drive G: | 989.27 Mb Total Space | 980.89 Mb Free Space | 99.15% Space Free | Partition Type: NTFS
Drive H: | 109.01 Gb Total Space | 57.07 Gb Free Space | 52.36% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: MASTER
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/16 22:52:44 | 00,529,408 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Tim\Desktop\OTL.exe
PRC - [2008/05/27 09:50:30 | 00,413,696 | ---- | M] (Apple Inc.) -- F:\Program Files\QuickTime\QTTask.exe
PRC - [2008/04/24 13:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- F:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- F:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
PRC - [2006/05/15 17:24:33 | 00,100,032 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/05/20 14:53:52 | 00,486,400 | ---- | M] (Webroot Software, Inc.) -- F:\WINDOWS\system32\wwSecure.exe
PRC - [2003/09/17 10:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- F:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/16 22:52:44 | 00,529,408 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Tim\Desktop\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:12:10 | 00,022,528 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 19:12:01 | 00,413,696 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 19:11:55 | 00,094,720 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008/04/13 19:11:51 | 00,640,000 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\dbghelp.dll
MOD - [2007/04/19 14:21:40 | 00,116,264 | ---- | M] (SupportSoft, Inc.) -- F:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
MOD - [2002/08/13 06:10:10 | 00,155,648 | ---- | M] () -- F:\WINDOWS\ssleay32.dll
MOD - [2002/08/13 06:09:50 | 00,684,032 | ---- | M] () -- F:\WINDOWS\libeay32.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- F:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/04/24 13:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- F:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006/06/22 16:13:06 | 00,208,896 | ---- | M] (Nero AG) -- F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/05/15 17:24:33 | 02,086,592 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/05/15 17:24:33 | 00,100,032 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/05/20 14:53:52 | 00,486,400 | ---- | M] (Webroot Software, Inc.) -- F:\WINDOWS\system32\wwSecure.exe -- (wwSecSvc)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2001/08/17 17:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- F:\WINDOWS\system32\pctspk.exe -- (Pctspk)
SRV - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2009/10/09 02:57:43 | 00,079,872 | ---- | M] () -- F:\WINDOWS\system32\drivers\ad6b54267d9c80126f5c0906.sys -- (ad6b54267d9c80126f5c0906)
DRV - [2009/06/30 09:37:16 | 00,028,552 | ---- | M] (Panda Security, S.L.) -- F:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio)
DRV - [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- F:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- F:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/13 11:54:38 | 00,078,648 | ---- | M] (PACE Anti-Piracy, Inc.) -- F:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/02/06 04:00:00 | 00,383,800 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/10/23 17:41:06 | 00,021,120 | ---- | M] (NCH Swift Sound) -- F:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2006/01/19 02:17:38 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- F:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/18 21:44:46 | 00,053,248 | ---- | M] (Brother Industries Ltd.) -- F:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2005/11/21 00:48:21 | 00,016,512 | ---- | M] (Adaptec) -- F:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/10/09 16:05:00 | 00,023,600 | ---- | M] (EnTech Taiwan) -- F:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32)
DRV - [2005/08/19 02:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/10/15 11:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- F:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/04 00:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/27 04:31:34 | 01,643,648 | ---- | M] (Creative Technology Ltd.) -- F:\WINDOWS\system32\drivers\sbusb.sys -- (sbusb)
DRV - [2004/06/03 12:10:00 | 00,071,596 | ---- | M] (Creative Technology Ltd.) -- F:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
DRV - [2004/04/25 22:23:41 | 00,130,384 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/04/25 22:23:40 | 00,178,736 | ---- | M] (Creative Technology Ltd.) -- F:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/06/21 06:58:00 | 00,016,509 | ---- | M] (Palm, Inc.) -- F:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- F:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 08:28:16 | 00,397,502 | ---- | M] (PCtel, Inc.) -- F:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 08:28:16 | 00,064,605 | ---- | M] (PCtel, Inc.) -- F:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 08:28:14 | 00,604,253 | ---- | M] (PCTEL, INC.) -- F:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 08:28:14 | 00,112,574 | ---- | M] (PCTEL, INC.) -- F:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [2001/08/17 07:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 07:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- F:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc)
DRV - [2001/08/17 07:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- F:\WINDOWS\system32\drivers\e100b325.sys -- (E100B)
DRV - [2001/04/27 13:28:36 | 00,131,776 | ---- | M] (Intel ) -- F:\WINDOWS\system32\drivers\STVqx3.SYS -- (STVqx3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://ie.search.msn.com
IE - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\S-1-5-21-1757981266-484061587-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\S-1-5-21-1757981266-484061587-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = actsvr.comcastonline.com
IE - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\S-1-5-21-1757981266-484061587-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:1681

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgff&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=slv5-ab-&p="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 3296
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,cgi*.ebay.com,disney.go.com,msa_e1.ebay.com,rhapsody_app*.listen.com"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/11 20:24:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2009/11/07 18:01:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2009/11/07 08:28:00 | 00,000,000 | ---D | M]

[2009/09/06 15:01:04 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Extensions
[2009/09/06 15:01:04 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/18 08:04:13 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/11/18 06:16:32 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\extensions
[2009/09/11 20:26:23 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2005/09/13 23:00:40 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2007/11/12 18:15:46 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2005/09/13 23:00:40 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\extensions\{cc6ef5ab-35be-4300-bd07-d12850fc97ff}
[2005/09/13 23:00:40 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}
[2005/09/13 23:07:51 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2005/09/13 23:00:36 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\extensions\ScribbliesKids
[2009/06/30 21:00:58 | 00,002,246 | ---- | M] () -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\searchplugins\espn.xml
[2009/11/18 17:50:01 | 00,001,846 | ---- | M] () -- F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\searchplugins\weather.xml
[2009/11/16 22:24:13 | 00,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions
[2009/11/07 08:28:00 | 00,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/07 15:21:24 | 00,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/19 07:56:55 | 00,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/11/07 08:27:52 | 00,023,512 | ---- | M] (Mozilla Foundation) -- F:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/07 08:27:52 | 00,137,176 | ---- | M] (Mozilla Foundation) -- F:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2004/09/08 22:03:50 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- F:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2006/11/20 10:08:00 | 00,379,392 | ---- | M] () -- F:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2009/02/06 11:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2003/11/18 13:37:32 | 00,241,664 | ---- | M] (Musicnotes, Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2009/11/07 08:27:54 | 00,064,984 | ---- | M] (mozilla.org) -- F:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2006/10/22 23:24:32 | 00,091,768 | ---- | M] (Adobe Systems Inc.) -- F:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2004/12/24 10:29:43 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- F:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008/07/25 09:27:48 | 00,143,360 | ---- | M] (Apple Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/07/25 09:27:48 | 00,143,360 | ---- | M] (Apple Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/07/25 09:27:48 | 00,143,360 | ---- | M] (Apple Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/07/25 09:27:49 | 00,143,360 | ---- | M] (Apple Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/07/25 09:27:49 | 00,143,360 | ---- | M] (Apple Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/07/25 09:27:49 | 00,143,360 | ---- | M] (Apple Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/07/25 09:27:49 | 00,143,360 | ---- | M] (Apple Inc.) -- F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2005/04/27 15:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- F:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2004/12/24 10:29:53 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- F:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2004/12/24 10:29:34 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- F:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/07/30 02:24:20 | 00,001,394 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/30 02:24:20 | 00,002,193 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/30 02:24:20 | 00,001,534 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/30 02:24:20 | 00,002,344 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/30 02:24:20 | 00,002,371 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/30 02:24:20 | 00,001,178 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/30 02:24:20 | 00,000,792 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (1277 bytes) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.igetnet.com
O1 - Hosts: 127.0.0.1 code.ignphrases.com
O1 - Hosts: 127.0.0.1 clear-search.com
O1 - Hosts: 127.0.0.1 r1.clrsch.com
O1 - Hosts: 127.0.0.1 sds.clrsch.com
O1 - Hosts: 127.0.0.1 status.clrsch.com
O1 - Hosts: 127.0.0.1 www.clrsch.com
O1 - Hosts: 127.0.0.1 clr-sch.com
O1 - Hosts: 127.0.0.1 sds-qckads.com
O1 - Hosts: 127.0.0.1 status.qckads.com
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BrMfcWnd] F:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
O4 - HKLM..\Run: [ControlCenter3] F:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CTSysVol] F:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ddoctorv2] F:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] F:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SbUsb AudCtrl] F:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [SetDefPrt] F:\Program Files\Brother\Brmfl06b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SpyHunter Security Suite] F:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group USA, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-484061587-1801674531-1003\..Trusted Domains: 5 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} http://activex.microsoft.com/objects/ocget.dll (SdcNetCheckCtl Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.microsoft.com/security/prot...b?1095382347313 (MSSecurityAdvisor Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - F:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - F:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - F:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (poraheva.dll) - File not found
O20 - AppInit_DLLs: (f:\windows\) - f:\windows\ [2009/11/19 03:02:20 | 00,000,000 | ---D | M]
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9b28bc7b-e6e6-11dd-a4cd-0002a5d862de}\Shell - "" = AutoRun
O33 - MountPoints2\{9b28bc7b-e6e6-11dd-a4cd-0002a5d862de}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b28bc7b-e6e6-11dd-a4cd-0002a5d862de}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ad99f21a-3708-11db-9f02-0002a5d862de}\Shell - "" = AutoRun
O33 - MountPoints2\{ad99f21a-3708-11db-9f02-0002a5d862de}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad99f21a-3708-11db-9f02-0002a5d862de}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e3b36712-4b29-11de-a4d7-0002a5d862de}\Shell\AutoRun\command - "" = I:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e3b36712-4b29-11de-a4d7-0002a5d862de}\Shell\install\command - "" = I:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e3b36712-4b29-11de-a4d7-0002a5d862de}\Shell\usermanualEnglish\command - "" = I:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e3b36712-4b29-11de-a4d7-0002a5d862de}\Shell\usermanualFrench\command - "" = I:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e3b36712-4b29-11de-a4d7-0002a5d862de}\Shell\usermanualSpanish\command - "" = I:\rcaeasyrip_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - F:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/17 23:46:26 | 26,768,832 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\MRT.exe
[2009/11/17 23:45:30 | 00,000,000 | ---D | C] -- F:\WINDOWS\LastGood
[2009/11/17 23:42:52 | 00,000,000 | ---D | C] -- F:\WINDOWS\Prefetch
[2009/11/17 21:28:53 | 00,000,000 | ---D | C] -- F:\WINDOWS\System32\scripting
[2009/11/17 21:28:48 | 00,000,000 | ---D | C] -- F:\WINDOWS\l2schemas
[2009/11/17 21:28:47 | 00,000,000 | ---D | C] -- F:\WINDOWS\System32\en
[2009/11/17 21:28:47 | 00,000,000 | ---D | C] -- F:\Program Files\msn
[2009/11/17 18:31:48 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/17 18:31:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2009/11/17 18:31:45 | 00,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware
[2009/11/17 18:31:17 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- F:\Documents and Settings\Tim\Desktop\mbam-setup.exe
[2009/11/17 18:12:10 | 00,000,000 | ---D | C] -- F:\_OTL
[2009/11/16 22:58:35 | 00,472,064 | ---- | C] ( ) -- F:\Documents and Settings\Tim\Desktop\RootRepeal.exe
[2009/11/16 22:52:49 | 00,529,408 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Tim\Desktop\OTL.exe
[2009/11/15 17:26:33 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Tim\Desktop\Autoruns
[2009/11/09 22:58:44 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- F:\WINDOWS\System32\drivers\pavboot.sys
[2009/11/09 17:01:43 | 00,000,000 | ---D | C] -- F:\Program Files\Enigma Software Group
[2009/11/07 08:14:55 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- F:\Documents and Settings\Tim\Desktop\HJTsetup.exe
[2009/10/29 18:04:24 | 00,000,000 | ---D | C] -- F:\WINDOWS\System32\Prentice Hall iText
[2009/10/29 18:04:23 | 00,000,000 | ---D | C] -- F:\Program Files\Prentice Hall
[2006/07/26 12:37:26 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- F:\Program Files\RngInterstitial.dll
[2006/02/19 02:28:56 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- F:\WINDOWS\Fonts\RandFont.dll
[2004/12/04 21:38:09 | 00,059,392 | ---- | C] ( ) -- F:\WINDOWS\System32\a3d.dll
[1 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/19 03:01:53 | 00,001,393 | ---- | M] () -- F:\WINDOWS\imsins.BAK
[2009/11/18 06:54:01 | 06,815,744 | ---- | M] () -- F:\Documents and Settings\Tim\ntuser.dat
[2009/11/18 06:14:12 | 00,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2009/11/18 03:16:23 | 00,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2009/11/18 03:16:15 | 00,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2009/11/18 03:16:13 | 00,393,568 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/18 03:16:10 | 53,633,4336 | -HS- | M] () -- F:\hiberfil.sys
[2009/11/18 03:15:18 | 00,000,178 | -HS- | M] () -- F:\Documents and Settings\Tim\ntuser.ini
[2009/11/17 23:45:28 | 00,443,368 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2009/11/17 23:45:28 | 00,072,224 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2009/11/17 23:45:27 | 00,524,900 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/17 23:44:10 | 00,001,233 | ---- | M] () -- F:\WINDOWS\win.ini
[2009/11/17 21:22:36 | 00,250,048 | RHS- | M] () -- F:\ntldr
[2009/11/17 18:31:51 | 00,000,696 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/17 18:31:26 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- F:\Documents and Settings\Tim\Desktop\mbam-setup.exe
[2009/11/17 18:21:12 | 00,006,456 | -H-- | M] () -- F:\WINDOWS\System32\salowugi
[2009/11/16 23:07:09 | 00,000,000 | ---- | M] () -- F:\Documents and Settings\Tim\Desktop\settings.dat
[2009/11/16 22:58:29 | 00,472,064 | ---- | M] ( ) -- F:\Documents and Settings\Tim\Desktop\RootRepeal.exe
[2009/11/16 22:52:44 | 00,529,408 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Tim\Desktop\OTL.exe
[2009/11/16 22:47:39 | 00,029,696 | ---- | M] () -- F:\Documents and Settings\Tim\My Documents\Name Ionic Compounds that have Polyatomic ions.doc
[2009/11/13 06:34:22 | 00,016,604 | ---- | M] () -- F:\Documents and Settings\Tim\Desktop\Keller TRF.doc
[2009/11/09 23:27:26 | 00,005,507 | ---- | M] () -- F:\Documents and Settings\Tim\Desktop\Ham Volleyball cover letter.doc
[2009/11/09 23:25:07 | 00,009,536 | ---- | M] () -- F:\Documents and Settings\Tim\Desktop\Volleyball resume.doc
[2009/11/09 23:23:16 | 00,035,100 | ---- | M] () -- F:\Documents and Settings\Tim\Application Data\wklnhst.dat
[2009/11/09 22:57:31 | 00,177,240 | ---- | M] () -- F:\Documents and Settings\Tim\Desktop\activescan2_en.exe
[2009/11/07 11:42:18 | 00,020,992 | ---- | M] () -- F:\Documents and Settings\Tim\Desktop\All Star11_07.xls
[2009/11/07 08:15:42 | 00,001,734 | ---- | M] () -- F:\Documents and Settings\Tim\Desktop\HijackThis.lnk
[2009/11/07 08:14:55 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- F:\Documents and Settings\Tim\Desktop\HJTsetup.exe
[2009/11/05 09:36:22 | 26,768,832 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\System32\MRT.exe
[2009/10/29 18:09:24 | 00,001,744 | ---- | M] () -- F:\WINDOWS\System32\d3d9caps.dat
[2009/10/29 18:04:26 | 00,001,006 | ---- | M] () -- F:\Documents and Settings\Tim\Desktop\Science Explorer iText.lnk
[2009/10/23 18:36:50 | 00,020,992 | ---- | M] () -- F:\Documents and Settings\Tim\Desktop\Last Chance 10_23.xls
[2009/10/23 18:09:45 | 00,002,137 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/21 05:20:35 | 00,003,940 | ---- | M] () -- F:\Documents and Settings\Tim\Application Data\evpro32.prf
[2009/10/20 23:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\System32\mshtml.dll
[2009/10/20 23:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mshtml.dll
[1 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/17 18:31:51 | 00,000,696 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/16 23:07:09 | 00,000,000 | ---- | C] () -- F:\Documents and Settings\Tim\Desktop\settings.dat
[2009/11/16 22:47:38 | 00,029,696 | ---- | C] () -- F:\Documents and Settings\Tim\My Documents\Name Ionic Compounds that have Polyatomic ions.doc
[2009/11/13 06:34:24 | 00,016,604 | ---- | C] () -- F:\Documents and Settings\Tim\Desktop\Keller TRF.doc
[2009/11/09 23:27:26 | 00,005,507 | ---- | C] () -- F:\Documents and Settings\Tim\Desktop\Ham Volleyball cover letter.doc
[2009/11/09 23:23:16 | 00,009,536 | ---- | C] () -- F:\Documents and Settings\Tim\Desktop\Volleyball resume.doc
[2009/11/09 22:57:30 | 00,177,240 | ---- | C] () -- F:\Documents and Settings\Tim\Desktop\activescan2_en.exe
[2009/11/07 11:42:18 | 00,020,992 | ---- | C] () -- F:\Documents and Settings\Tim\Desktop\All Star11_07.xls
[2009/11/07 08:15:42 | 00,001,734 | ---- | C] () -- F:\Documents and Settings\Tim\Desktop\HijackThis.lnk
[2009/10/29 18:04:26 | 00,001,006 | ---- | C] () -- F:\Documents and Settings\Tim\Desktop\Science Explorer iText.lnk
[2009/10/23 15:19:35 | 00,020,992 | ---- | C] () -- F:\Documents and Settings\Tim\Desktop\Last Chance 10_23.xls
[2009/09/14 06:40:21 | 00,079,872 | ---- | C] () -- F:\WINDOWS\System32\drivers\ad6b54267d9c80126f5c0906.sys
[2009/08/17 10:11:51 | 00,038,400 | -HS- | C] () -- F:\WINDOWS\System32\hevolofo.dll
[2009/04/05 23:38:17 | 00,000,012 | ---- | C] () -- F:\Documents and Settings\Tim\Application Data\examview.tlx
[2009/01/05 23:43:47 | 00,000,021 | ---- | C] () -- F:\WINDOWS\atid.ini
[2008/12/20 18:46:37 | 00,001,008 | ---- | C] () -- F:\WINDOWS\EQNEDIT.INI
[2008/05/17 02:03:04 | 00,000,118 | ---- | C] () -- F:\WINDOWS\System32\MRT.INI
[2007/12/10 22:57:27 | 00,000,156 | ---- | C] () -- F:\WINDOWS\KPCMS.INI
[2007/12/10 22:56:59 | 00,210,944 | ---- | C] () -- F:\WINDOWS\System32\MSVCRT10.DLL
[2007/11/27 22:33:42 | 00,000,376 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2007/06/19 23:01:32 | 00,000,419 | ---- | C] () -- F:\WINDOWS\BRWMARK.INI
[2007/06/19 23:01:32 | 00,000,027 | ---- | C] () -- F:\WINDOWS\BRPP2KA.INI
[2007/06/19 23:00:15 | 00,000,214 | ---- | C] () -- F:\WINDOWS\Brpfx04a.ini
[2007/06/19 23:00:15 | 00,000,093 | ---- | C] () -- F:\WINDOWS\brpcfx.ini
[2007/06/19 22:58:09 | 00,106,496 | ---- | C] () -- F:\WINDOWS\System32\BrMuSNMP.dll
[2007/05/04 07:00:15 | 00,077,312 | ---- | C] () -- F:\WINDOWS\ua2.dll
[2007/03/18 19:32:09 | 00,000,126 | ---- | C] () -- F:\Documents and Settings\Tim\Local Settings\Application Data\fusioncache.dat
[2007/03/18 19:17:22 | 00,000,330 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/03/12 22:43:39 | 00,000,013 | -H-- | C] () -- F:\Documents and Settings\All Users\Application Data\jgalt.ayn
[2007/02/11 20:22:49 | 00,000,120 | ---- | C] () -- F:\Documents and Settings\Tim\Application Data\FixVTS.ini
[2007/02/05 22:34:11 | 00,000,000 | ---- | C] () -- F:\WINDOWS\iPlayer.INI
[2007/01/29 10:44:47 | 00,039,825 | ---- | C] () -- F:\Documents and Settings\Tim\Local Settings\Application Data\FASTWiz.log
[2007/01/17 18:56:47 | 00,000,154 | ---- | C] () -- F:\WINDOWS\PokeMon.ini
[2007/01/02 18:11:05 | 00,000,143 | ---- | C] () -- F:\WINDOWS\NeroDigital.ini
[2006/11/25 14:52:25 | 00,001,778 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/17 15:39:30 | 00,000,460 | ---- | C] () -- F:\WINDOWS\hegames.ini
[2006/08/24 21:46:28 | 00,026,948 | ---- | C] () -- F:\WINDOWS\_000049_.tmp.dll
[2006/06/29 22:52:34 | 00,000,085 | ---- | C] () -- F:\WINDOWS\MusEdit.INI
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/01/12 16:08:05 | 00,684,032 | ---- | C] () -- F:\WINDOWS\libeay32.dll
[2006/01/12 16:08:04 | 00,155,648 | ---- | C] () -- F:\WINDOWS\ssleay32.dll
[2006/01/02 11:03:19 | 00,051,712 | ---- | C] () -- F:\WINDOWS\wc98pp.dll
[2005/12/14 20:06:29 | 00,000,038 | ---- | C] () -- F:\WINDOWS\Abac Karaoke.INI
[2005/08/23 19:37:48 | 00,000,664 | ---- | C] () -- F:\WINDOWS\yteyy.dll
[2005/08/04 09:36:09 | 00,176,235 | ---- | C] () -- F:\WINDOWS\System32\Primomonnt.dll
[2005/08/04 09:36:09 | 00,000,129 | ---- | C] () -- F:\WINDOWS\primopdf.ini
[2005/07/24 22:18:15 | 00,000,034 | ---- | C] () -- F:\WINDOWS\System32\rnplf4.dll
[2005/07/24 22:14:07 | 00,000,034 | ---- | C] () -- F:\WINDOWS\System32\rnplf8.dll
[2005/06/27 23:26:05 | 00,003,940 | ---- | C] () -- F:\Documents and Settings\Tim\Application Data\evpro32.prf
[2005/06/07 00:06:36 | 00,000,000 | ---- | C] () -- F:\WINDOWS\MSDraw.ini
[2005/04/12 12:14:11 | 00,000,000 | ---- | C] () -- F:\WINDOWS\PROTOCOL.INI
[2005/03/01 15:30:20 | 00,000,453 | ---- | C] () -- F:\WINDOWS\bdoscandellang.ini
[2005/02/02 10:50:09 | 00,000,173 | ---- | C] () -- F:\WINDOWS\ConnMgr.ini
[2005/01/29 09:54:27 | 00,000,091 | ---- | C] () -- F:\WINDOWS\ImportClient.INI
[2005/01/29 09:46:48 | 00,116,640 | ---- | C] () -- F:\WINDOWS\System32\Ptsaci40.dll
[2004/12/28 09:32:41 | 01,568,656 | -H-- | C] () -- F:\Documents and Settings\Tim\Local Settings\Application Data\IconCache.db
[2004/12/04 21:39:03 | 00,000,072 | ---- | C] () -- F:\WINDOWS\SBWIN.INI
[2004/12/04 21:38:48 | 00,000,231 | ---- | C] () -- F:\WINDOWS\AC3API.INI
[2004/12/04 21:38:05 | 00,009,953 | ---- | C] () -- F:\WINDOWS\System32\SBUSB.INI
[2004/11/27 11:50:34 | 00,000,004 | ---- | C] () -- F:\WINDOWS\uccspecb.sys
[2004/11/26 20:42:26 | 00,000,649 | ---- | C] () -- F:\WINDOWS\cclean13.ini
[2004/11/26 20:42:04 | 00,006,125 | ---- | C] () -- F:\WINDOWS\ccscan6.ini
[2004/11/13 01:56:25 | 00,172,032 | ---- | C] () -- F:\WINDOWS\System32\adsubtb.dll
[2004/11/13 01:56:25 | 00,002,150 | ---- | C] () -- F:\WINDOWS\System32\nshxml.ini
[2004/10/27 16:24:55 | 00,035,100 | ---- | C] () -- F:\Documents and Settings\Tim\Application Data\wklnhst.dat
[2004/10/24 21:54:12 | 00,002,154 | ---- | C] () -- F:\WINDOWS\System32\ssmute.ini
[2004/10/20 21:35:15 | 00,000,028 | ---- | C] () -- F:\WINDOWS\EasyWord.INI
[2004/10/20 21:32:22 | 00,011,079 | -H-- | C] () -- F:\Program Files\folder.htt
[2004/10/20 21:32:22 | 00,000,266 | -H-- | C] () -- F:\Program Files\desktop.ini
[2004/10/03 22:37:33 | 00,000,324 | ---- | C] () -- F:\WINDOWS\wininit.ini
[2004/10/03 22:37:25 | 00,000,045 | ---- | C] () -- F:\WINDOWS\HEHIG.ini
[2004/10/03 21:49:32 | 00,000,003 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2004/09/19 08:43:07 | 00,123,728 | ---- | C] () -- F:\Documents and Settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/09/18 10:43:28 | 00,000,003 | ---- | C] () -- F:\WINDOWS\syskey.ini
[2004/09/18 09:14:24 | 00,124,416 | ---- | C] () -- F:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/17 21:42:18 | 00,000,000 | ---- | C] () -- F:\WINDOWS\System32\sys_dll.dll
[2004/09/16 21:02:59 | 00,000,062 | -HS- | C] () -- F:\Documents and Settings\Tim\Application Data\desktop.ini
[2004/09/16 13:26:28 | 00,000,062 | -HS- | C] () -- F:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- F:\WINDOWS\System32\OUTLPERF.INI
[2002/12/05 16:51:00 | 00,059,392 | R--- | C] () -- F:\WINDOWS\streamhlp.dll
[2001/08/23 07:00:00 | 00,001,233 | ---- | C] () -- F:\WINDOWS\win.ini
[2001/08/23 07:00:00 | 00,000,227 | ---- | C] () -- F:\WINDOWS\system.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 1341 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:NcCL0u0TowKObXn4
@Alternate Data Stream - 1200 bytes -> F:\Documents and Settings\Tim\Local Settings\Application Data\m04x6vCMB5M0M:bpZwyIU6A6fX6nAnphjbx8G
@Alternate Data Stream - 1170 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:ePP2plodh7z2xBOwOKrNxmlSFc
@Alternate Data Stream - 1148 bytes -> F:\Program Files\Common Files\System:vxJczDgp5uNgI38EtotVgY
< End of report >

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:05 PM

Posted 19 November 2009 - 08:43 AM

Looks pretty good to me! :(
Here's a few last steps and then some recommendations for you.



Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


=====================


It's time to clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 tmaher24

tmaher24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 21 November 2009 - 03:15 PM

Thank you so much.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:05 PM

Posted 21 November 2009 - 04:22 PM

I'm glad I could help you out! :(

Now that your problem appears to be resolved, this topic will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users