Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SearchClick8 redirecting all links / Facebook Virus?


  • This topic is locked This topic is locked
4 replies to this topic

#1 beegberk

beegberk

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 15 November 2009 - 10:20 PM

I think I recently downloaded the Facebook Virus. I ran Malware Bytes and removed most of it I think. Now I can't use Yahoo Search engine, keep getting Error 99 messages. Also google links alwaya send me to something called Seachclick8. I have all of my logs they are below. Thanks for all your help.

HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:56 PM, on 11/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 winsecure2009.microsoft.com
O1 - Hosts: 91.212.127.227 winsecure2009.com
O1 - Hosts: 91.212.127.227 www.winsecure2009.com
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sqvmxptk] C:\Documents and Settings\Owner\Local Settings\Application Data\hjvxyx\agvesysguard.exe
O4 - HKLM\..\Run: [Bxoruko] rundll32.exe "C:\WINDOWS\ucawowowowowo.dll",Startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\2PJMbU29G.exe" /runcleanupscript
O4 - HKCU\..\Run: [sqvmxptk] C:\Documents and Settings\Owner\Local Settings\Application Data\hjvxyx\agvesysguard.exe
O4 - HKCU\..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe
O4 - S-1-5-18 Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: scandisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe (User 'Default user')
O4 - .DEFAULT Startup: scandisk.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: scandisk.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Web-Based Email Tools - http://email02.secureserver.net/Download.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.mpix.com/customer/uploading/act...geUploader5.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4654ABA7-5A34-4A1F-8129-D55307EDEB25}: NameServer = 77.74.48.113
O18 - Filter hijack: text/html - {37ac9b66-e6cd-47d5-9b63-5c48d6ba193c} - C:\WINDOWS\batmeter16.dll
O20 - AppInit_DLLs: nosadepu.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9472 bytes


DDS Log:


DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 16:57:44.68 on Sat 11/14/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.198 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = localhost
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [sqvmxptk] c:\documents and settings\owner\local settings\application data\hjvxyx\agvesysguard.exe
uRun: [Yjafosi8kdf98winmdkmnkmfnwe] c:\docume~1\owner\locals~1\temp\smss.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sqvmxptk] c:\documents and settings\owner\local settings\application data\hjvxyx\agvesysguard.exe
mRun: [Bxoruko] rundll32.exe "c:\windows\ucawowowowowo.dll",Startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\2PJMbU29G.exe" /runcleanupscript
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\imstart.lnk - c:\program files\intermute\IMStart.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\scandisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\137903\program\BackWeb-137903.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: Web-Based Email Tools - hxxp://email02.secureserver.net/Download.CAB
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {4654ABA7-5A34-4A1F-8129-D55307EDEB25} = 77.74.48.113
Filter: text/html - {37ac9b66-e6cd-47d5-9b63-5c48d6ba193c} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: nosadepu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli osExt40.dll metuyaba.dll

============= SERVICES / DRIVERS ===============

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-12 102448]
S2 mrtRate;mrtRate; [x]

=============== Created Last 30 ================

2009-11-14 21:24:27 2098 --sh--w- c:\windows\system32\kelujani.dll
2009-11-14 21:24:27 2098 --sh--w- c:\windows\system32\jigonuwa.dll
2009-11-14 21:24:27 2098 --sh--w- c:\windows\system32\fujayagi.dll
2009-11-14 09:24:10 2098 --sh--w- c:\windows\system32\vahuyayu.dll
2009-11-14 09:24:10 2098 --sh--w- c:\windows\system32\fuledipu.dll
2009-11-14 09:24:10 2098 --sh--w- c:\windows\system32\fivuvujo.dll
2009-11-13 23:32:37 0 d-----w- C:\Roxanne
2009-11-13 21:23:36 2098 --sh--w- c:\windows\system32\lomehane.dll
2009-11-13 21:23:36 2098 --sh--w- c:\windows\system32\gejuloha.dll
2009-11-13 21:23:31 2098 --sh--w- c:\windows\system32\fuvatozi.dll
2009-11-13 09:23:16 2098 --sh--w- c:\windows\system32\mabigeku.dll
2009-11-13 09:23:16 2098 --sh--w- c:\windows\system32\dubuwemo.dll
2009-11-13 09:23:13 2098 --sh--w- c:\windows\system32\gevuniya.dll
2009-11-13 00:00:13 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-11-13 00:00:07 0 d-----w- C:\Malwarebytes' Anti-Malware
2009-11-12 23:54:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-12 23:54:25 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-12 23:54:25 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-12 23:54:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-12 22:52:08 706 ----a-w- c:\windows\system32\drivers\COH_Mon.inf
2009-11-12 22:52:08 10537 ----a-w- c:\windows\system32\drivers\COH_Mon.cat
2009-11-12 22:52:07 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys
2009-11-12 21:23:09 2098 --sh--w- c:\windows\system32\vikebije.dll
2009-11-12 09:23:15 2098 --sh--w- c:\windows\system32\zawibavu.dll
2009-11-12 09:23:15 2098 --sh--w- c:\windows\system32\soletemo.dll
2009-11-12 09:23:15 2098 --sh--w- c:\windows\system32\lapolude.dll
2009-11-12 05:30:24 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-12 05:30:24 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-12 05:13:03 0 d-----w- c:\program files\Norton Internet Security
2009-11-12 05:12:01 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-12 05:12:01 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-12 05:09:00 0 d-----w- c:\program files\Symantec
2009-11-12 05:07:28 0 d-----w- c:\program files\common files\Symantec Shared
2009-11-10 02:00:00 20 ----a-w- c:\windows\system32\ZAKANILU.DLL
2009-11-09 00:42:57 0 ----a-w- c:\windows\Oqutupaya.bin
2009-11-09 00:42:56 120 ----a-w- c:\windows\Afemiyohuyagasu.dat
2009-11-09 00:39:56 639 ----a-w- C:\xcrashdump.dat
2009-11-09 00:37:05 8704 ----a-w- C:\isllv.exe
2009-11-09 00:36:45 0 --sha-w- C:\-335160931
2009-10-20 01:16:05 0 d-----w- c:\program files\Shared

==================== Find3M ====================

2009-09-25 05:56:36 662016 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:56:32 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-06-16 20:25:05 0 --sh--w- c:\program files\desktoq.ini
2009-08-10 00:47:19 53760 --sha-w- c:\windows\system32\dipafibu.dll
2009-08-09 12:45:04 54272 --sha-w- c:\windows\system32\fewokino.dll
2009-08-09 00:44:18 92672 --sha-w- c:\windows\system32\gugabupo.dll
2009-08-09 12:45:00 45056 --sha-w- c:\windows\system32\hizupoye.dll
2009-08-10 00:45:29 53760 --sha-w- c:\windows\system32\lakutufo.dll
2009-08-10 00:47:19 53760 --sha-w- c:\windows\system32\metuyaba.dll
2009-08-11 21:24:31 45056 --sha-w- c:\windows\system32\romemazu.dll
2009-08-11 21:24:31 92160 --sha-w- c:\windows\system32\weziyolo.dll
2009-08-10 00:45:21 45056 --sha-w- c:\windows\system32\yiwuhuyu.dll
2009-08-09 12:45:00 16896 --sha-w- c:\windows\system32\yufizifa.exe

============= FINISH: 16:59:14.37 ===============

Root Repeal Log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/14 17:03
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF558B000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A5F000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xF7A69000 Size: 7872 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEEEAC000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA980.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1128.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA979.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1093.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1111.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1114.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1116.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1117.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1135.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1145.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1146.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1149.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1165.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1167.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1170.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1171.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1174.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1177.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1180.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1183.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA1186.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA949.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA961.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA965.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3767897838-4006310635-2306682198-1003\RBA976.JPG
Status: Locked to the Windows API!

Path: C:\Program Files\Yahoo! Games\Farm Frenzy 2\farm2.exe:{E7638ACB-B3AD-6AD6-338A-7722FE76BAFE}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Yahoo! Games\Parking Dash\Parking Dash.exe:{CED71A58-F4B7-EA57-AFF6-31005BABE919}
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x840bb090

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x840b3b40

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x84143f98

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x84129938

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf591a020

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8413d4f8

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8411d890

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf591a2a0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf591a800

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x84143280

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x840a8e30

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x840a85f0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x841200b0

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x840a9878

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf591a5b0

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x840b3e30

#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x84140908

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x840b30c8

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x840b2390

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x84141cc0

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8413fc08

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf591aa50

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x840aa150

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x840b5a98

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x840b3cb8

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x840b1008

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x840b2220

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x84143920

==EOF==

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:35 PM

Posted 24 November 2009 - 04:34 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 beegberk

beegberk
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 24 November 2009 - 10:32 PM

Myrti,
Thanks for your help. Here are the logs:

OTL logfile created on: 11/24/2009 10:20:59 PM - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 93.20 Mb Available Physical Memory | 20.83% Memory free
1.03 Gb Paging File | 0.54 Gb Available in Paging File | 51.99% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.25 Gb Total Space | 108.71 Gb Free Space | 75.37% Space Free | Partition Type: NTFS
Drive D: | 4.79 Gb Total Space | 0.72 Gb Free Space | 15.10% Space Free | Partition Type: FAT32
Drive E: | 619.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 3.69 Gb Total Space | 3.33 Gb Free Space | 90.42% Space Free | Partition Type: FAT32

Computer Name: YOUR-VP7X3S9CTM
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/24 22:19:53 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/11/12 00:36:28 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/10/30 22:53:37 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/13 13:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/26 16:18:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/03 10:32:28 | 03,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner\Desktop\ProcessExplorer\procexp.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/09/03 02:04:26 | 00,084,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/09/03 02:04:08 | 00,105,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/09/02 18:36:33 | 00,198,336 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/09/01 23:33:40 | 00,046,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2004/08/04 00:56:58 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2004/01/16 22:34:40 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/01/16 06:33:44 | 00,049,152 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2003/12/22 18:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2003/12/22 18:38:40 | 00,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PRC - [2003/09/16 15:19:24 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2003/08/21 06:15:48 | 00,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/02/11 22:02:48 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2002/08/21 15:13:12 | 00,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
PRC - [1998/05/07 19:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/11/24 22:19:53 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2007/03/08 10:36:28 | 00,177,664 | ---- | M] () -- C:\WINDOWS\ucawowowowowo.dll
MOD - [2006/08/25 08:45:56 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 00:56:44 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 00:36:28 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/04 12:24:28 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/05 20:22:26 | 00,079,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006/09/03 02:54:52 | 00,048,272 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/09/03 02:04:08 | 00,105,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2006/09/03 02:04:08 | 00,105,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/09/03 02:04:08 | 00,105,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/09/03 02:04:08 | 00,105,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/09/02 18:36:33 | 02,528,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/09/02 18:36:33 | 00,198,336 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/09/01 23:33:40 | 00,046,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2003/07/28 22:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/11/12 00:38:27 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/20 20:15:18 | 00,251,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20091110.002\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2009/10/19 08:03:56 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091124.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/10/19 08:03:56 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/10/19 08:03:56 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/10/19 08:03:56 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091124.017\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/03 19:07:10 | 00,188,080 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/03 19:07:10 | 00,145,968 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/03 19:07:10 | 00,039,856 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/03 19:07:10 | 00,035,120 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/08/03 19:07:10 | 00,026,416 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/03 19:07:10 | 00,012,720 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/07/09 11:16:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/03/19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/08/18 08:47:10 | 00,406,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/12/07 20:08:58 | 00,172,672 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx)
DRV - [2004/10/07 20:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 10:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/10 21:17:06 | 00,681,469 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/01/16 22:58:50 | 01,252,940 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/02 23:05:48 | 00,011,520 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/01/02 22:20:40 | 00,432,000 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/12/12 09:54:14 | 00,391,424 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/02 21:23:20 | 00,142,336 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/12 04:41:00 | 00,041,984 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB)
DRV - [2003/09/19 01:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/07/18 19:58:20 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 14:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/06/03 13:02:00 | 00,017,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2002/10/04 20:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/08/29 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/06/04 16:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003\S-1-5-21-3767897838-4006310635-2306682198-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003\S-1-5-21-3767897838-4006310635-2306682198-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-ytbm"
FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..browser.startup.homepage: "http://www.mozilla.com/products/firefox/central.html"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: {BD3CD74D-334A-4A5B-A1B8-39FBD846E123}:1.9.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.1.20080801
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..keyword.URL: "http://www.ask.com/web?&o=13048&l=dis&q="


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/04 17:30:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/30 02:01:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{BD3CD74D-334A-4A5B-A1B8-39FBD846E123}: C:\Documents and Settings\Owner\Local Settings\Application Data\{BD3CD74D-334A-4A5B-A1B8-39FBD846E123} [2009/11/08 19:42:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/09 00:35:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/08 20:07:20 | 00,000,000 | ---D | M]

[2009/05/18 17:02:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2008/09/02 16:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/18 17:02:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/24 21:40:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7abqb3dn.default\extensions
[2009/09/30 20:09:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7abqb3dn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/08/13 01:08:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7abqb3dn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/29 11:33:52 | 00,009,949 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7abqb3dn.default\searchplugins\mywebsearch.xml
[2009/11/24 21:40:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/02 16:14:12 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2008/09/02 16:14:12 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/30 22:53:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/11 10:52:26 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/09 14:45:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/10/30 22:53:37 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/30 22:53:37 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006/10/31 15:42:01 | 00,135,680 | ---- | M] (Google) -- C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
[2009/01/16 19:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/03/09 04:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/10/30 22:53:39 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/31 15:43:25 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/07/18 12:50:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/07/18 12:50:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/07/18 12:50:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/07/18 12:50:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/07/18 12:50:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/07/18 12:50:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/07/18 12:50:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2006/10/31 15:43:42 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2006/10/31 15:43:10 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2008/08/22 07:58:42 | 00,217,088 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwbe.dll
[2008/08/22 07:58:42 | 00,217,088 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwbe.dll_
[2009/07/23 10:16:45 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/23 10:16:45 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/09 01:30:47 | 00,002,266 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/07/23 10:16:45 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/23 10:16:45 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/23 10:16:45 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/23 10:16:45 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/23 10:16:45 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (152 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 winsecure2009.microsoft.com
O1 - Hosts: 91.212.127.227 winsecure2009.com
O1 - Hosts: 91.212.127.227 www.winsecure2009.com
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Bxoruko] C:\WINDOWS\ucawowowowowo.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\2PJMbU29G.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [sqvmxptk] C:\Documents and Settings\Owner\Local Settings\Application Data\hjvxyx\agvesysguard.exe File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\BackupNotify.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003..\Run: [sqvmxptk] C:\Documents and Settings\Owner\Local Settings\Application Data\hjvxyx\agvesysguard.exe File not found
O4 - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk = C:\Program Files\InterMute\IMStart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-3767897838-4006310635-2306682198-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mpix.com/customer/uploading/act...geUploader5.cab (Image Uploader Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: Web-Based Email Tools http://email02.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (nosadepu.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/01 01:00:15 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{991a60b2-0c49-11de-8afc-00112f174c56}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{cf8dafa0-06da-11de-8af0-806d6172696f}\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 21:54:58 | 00,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/24 22:19:53 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/24 22:18:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (3)
[2009/11/24 21:46:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (2)
[2009/11/22 22:19:38 | 00,045,056 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\WNASPI32.DLL
[2009/11/22 22:19:38 | 00,016,877 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS
[2009/11/22 22:19:37 | 00,000,000 | ---D | C] -- C:\Program Files\Free Create-Burn ISO Image
[2009/11/22 22:18:26 | 03,267,000 | ---- | C] (www.nbxsoft.com ) -- C:\Documents and Settings\Owner\Desktop\createburniso.exe
[2009/11/22 21:47:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX
[2009/11/22 21:32:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\CANON_INC
[2009/11/22 21:25:03 | 14,898,224 | ---- | C] (Vso-software ) -- C:\Documents and Settings\Owner\Desktop\vsophotodvd3_setup.exe
[2009/11/22 20:52:49 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\Copy (4) of My Pictures
[2009/11/17 22:58:26 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\Copy (3) of My Pictures
[2009/11/15 22:00:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2009/11/14 17:02:17 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/14 15:22:04 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThisInstaller.exe
[2009/11/14 15:16:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ProcessExplorer
[2009/11/13 18:32:37 | 00,000,000 | ---D | C] -- C:\Roxanne
[2009/11/13 18:31:29 | 01,312,080 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner\Desktop\Roxanne.exe
[2009/11/13 18:22:36 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Thawbrkr.dll
[2009/11/13 18:22:36 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/11/13 18:22:32 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/11/13 18:22:32 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_iscii.dll
[2009/11/13 18:22:32 | 00,007,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgasys.fon
[2009/11/13 18:22:31 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2009/11/13 18:22:30 | 00,121,336 | ---- | C] () -- C:\WINDOWS\Fonts\trado.ttf
[2009/11/13 18:22:30 | 00,121,228 | ---- | C] () -- C:\WINDOWS\Fonts\tradbdo.ttf
[2009/11/13 18:22:30 | 00,111,748 | ---- | C] () -- C:\WINDOWS\Fonts\andlso.ttf
[2009/11/13 18:22:30 | 00,095,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\serf1256.fon
[2009/11/13 18:22:30 | 00,084,600 | ---- | C] () -- C:\WINDOWS\Fonts\artrbdo.ttf
[2009/11/13 18:22:30 | 00,084,244 | ---- | C] () -- C:\WINDOWS\Fonts\simpbdo.ttf
[2009/11/13 18:22:30 | 00,084,104 | ---- | C] () -- C:\WINDOWS\Fonts\simpfxo.ttf
[2009/11/13 18:22:30 | 00,083,892 | ---- | C] () -- C:\WINDOWS\Fonts\simpo.ttf
[2009/11/13 18:22:30 | 00,083,264 | ---- | C] () -- C:\WINDOWS\Fonts\artro.ttf
[2009/11/13 18:22:30 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ssee1256.fon
[2009/11/13 18:22:30 | 00,067,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ssef1256.fon
[2009/11/13 18:22:30 | 00,065,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sere1256.fon
[2009/11/13 18:22:30 | 00,037,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smaf1256.fon
[2009/11/13 18:22:30 | 00,036,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\couf1256.fon
[2009/11/13 18:22:30 | 00,032,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smae1256.fon
[2009/11/13 18:22:30 | 00,026,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\coue1256.fon
[2009/11/13 18:22:30 | 00,012,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\85f1256.fon
[2009/11/13 18:22:30 | 00,010,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\85s1256.fon
[2009/11/13 18:22:30 | 00,007,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgas1256.fon
[2009/11/13 18:22:30 | 00,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgaf1256.fon
[2009/11/13 18:22:28 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusa.dll
[2009/11/13 18:22:28 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/11/13 18:22:27 | 00,095,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ssef1255.fon
[2009/11/13 18:22:27 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2009/11/13 18:22:27 | 00,007,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgas1255.fon
[2009/11/13 18:22:27 | 00,005,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgaf1255.fon
[2009/11/13 18:22:26 | 00,069,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ssee1255.fon
[2009/11/13 18:22:26 | 00,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smae1255.fon
[2009/11/13 18:22:26 | 00,020,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smaf1255.fon
[2009/11/13 18:22:25 | 00,089,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\serf1255.fon
[2009/11/13 18:22:25 | 00,062,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sere1255.fon
[2009/11/13 18:22:25 | 00,053,348 | ---- | C] () -- C:\WINDOWS\Fonts\rodtr.ttf
[2009/11/13 18:22:25 | 00,053,072 | ---- | C] () -- C:\WINDOWS\Fonts\rod.ttf
[2009/11/13 18:22:25 | 00,047,864 | ---- | C] () -- C:\WINDOWS\Fonts\nrkis.ttf
[2009/11/13 18:22:25 | 00,046,628 | ---- | C] () -- C:\WINDOWS\Fonts\mriamfx.ttf
[2009/11/13 18:22:25 | 00,042,396 | ---- | C] () -- C:\WINDOWS\Fonts\mriamtr.ttf
[2009/11/13 18:22:25 | 00,035,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\couf1255.fon
[2009/11/13 18:22:25 | 00,026,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\coue1255.fon
[2009/11/13 18:22:25 | 00,012,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\85f1255.fon
[2009/11/13 18:22:25 | 00,010,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\85s1255.fon
[2009/11/13 18:22:24 | 00,054,912 | ---- | C] () -- C:\WINDOWS\Fonts\frank.ttf
[2009/11/13 18:22:24 | 00,047,936 | ---- | C] () -- C:\WINDOWS\Fonts\lvnm.ttf
[2009/11/13 18:22:24 | 00,047,808 | ---- | C] () -- C:\WINDOWS\Fonts\mriamc.ttf
[2009/11/13 18:22:24 | 00,047,492 | ---- | C] () -- C:\WINDOWS\Fonts\david.ttf
[2009/11/13 18:22:24 | 00,047,308 | ---- | C] () -- C:\WINDOWS\Fonts\davidtr.ttf
[2009/11/13 18:22:24 | 00,046,652 | ---- | C] () -- C:\WINDOWS\Fonts\davidbd.ttf
[2009/11/13 18:22:24 | 00,045,792 | ---- | C] () -- C:\WINDOWS\Fonts\lvnmbd.ttf
[2009/11/13 18:22:24 | 00,043,068 | ---- | C] () -- C:\WINDOWS\Fonts\mriam.ttf
[2009/11/13 18:22:24 | 00,040,044 | ---- | C] () -- C:\WINDOWS\Fonts\ahronbd.ttf
[2009/11/13 18:22:23 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ssef874.fon
[2009/11/13 18:22:23 | 00,072,192 | ---- | C] () -- C:\WINDOWS\Fonts\ssee874.fon
[2009/11/13 18:22:23 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgas874.fon
[2009/11/13 18:22:23 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgaf874.fon
[2009/11/13 18:22:22 | 00,047,104 | ---- | C] () -- C:\WINDOWS\Fonts\UPCJL.TTF
[2009/11/13 18:22:22 | 00,043,468 | ---- | C] () -- C:\WINDOWS\Fonts\UPCKBI.TTF
[2009/11/13 18:22:22 | 00,042,576 | ---- | C] () -- C:\WINDOWS\Fonts\UPCKI.TTF
[2009/11/13 18:22:22 | 00,040,360 | ---- | C] () -- C:\WINDOWS\Fonts\UPCKB.TTF
[2009/11/13 18:22:22 | 00,039,768 | ---- | C] () -- C:\WINDOWS\Fonts\UPCKL.TTF
[2009/11/13 18:22:22 | 00,034,824 | ---- | C] () -- C:\WINDOWS\Fonts\UPCLBI.TTF
[2009/11/13 18:22:22 | 00,034,628 | ---- | C] () -- C:\WINDOWS\Fonts\UPCLI.TTF
[2009/11/13 18:22:22 | 00,032,960 | ---- | C] () -- C:\WINDOWS\Fonts\UPCLB.TTF
[2009/11/13 18:22:22 | 00,032,712 | ---- | C] () -- C:\WINDOWS\Fonts\UPCLL.TTF
[2009/11/13 18:22:22 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\85f874.fon
[2009/11/13 18:22:22 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\85s874.fon
[2009/11/13 18:22:21 | 00,096,100 | ---- | C] () -- C:\WINDOWS\Fonts\CORDIA.TTF
[2009/11/13 18:22:21 | 00,096,088 | ---- | C] () -- C:\WINDOWS\Fonts\CORDIAU.TTF
[2009/11/13 18:22:21 | 00,082,956 | ---- | C] () -- C:\WINDOWS\Fonts\CORDIAB.TTF
[2009/11/13 18:22:21 | 00,082,952 | ---- | C] () -- C:\WINDOWS\Fonts\CORDIAUB.TTF
[2009/11/13 18:22:21 | 00,080,392 | ---- | C] () -- C:\WINDOWS\Fonts\BROWA.TTF
[2009/11/13 18:22:21 | 00,078,456 | ---- | C] () -- C:\WINDOWS\Fonts\BROWAI.TTF
[2009/11/13 18:22:21 | 00,075,704 | ---- | C] () -- C:\WINDOWS\Fonts\CORDIAI.TTF
[2009/11/13 18:22:21 | 00,075,700 | ---- | C] () -- C:\WINDOWS\Fonts\CORDIAUI.TTF
[2009/11/13 18:22:21 | 00,069,844 | ---- | C] () -- C:\WINDOWS\Fonts\CORDIAZ.TTF
[2009/11/13 18:22:21 | 00,069,840 | ---- | C] () -- C:\WINDOWS\Fonts\CORDIAUZ.TTF
[2009/11/13 18:22:21 | 00,068,148 | ---- | C] () -- C:\WINDOWS\Fonts\BROWAZ.TTF
[2009/11/13 18:22:21 | 00,066,280 | ---- | C] () -- C:\WINDOWS\Fonts\BROWAB.TTF
[2009/11/13 18:22:21 | 00,049,976 | ---- | C] () -- C:\WINDOWS\Fonts\UPCJBI.TTF
[2009/11/13 18:22:21 | 00,049,100 | ---- | C] () -- C:\WINDOWS\Fonts\UPCJI.TTF
[2009/11/13 18:22:21 | 00,048,904 | ---- | C] () -- C:\WINDOWS\Fonts\UPCEI.TTF
[2009/11/13 18:22:21 | 00,048,832 | ---- | C] () -- C:\WINDOWS\Fonts\UPCIBI.TTF
[2009/11/13 18:22:21 | 00,048,820 | ---- | C] () -- C:\WINDOWS\Fonts\UPCEBI.TTF
[2009/11/13 18:22:21 | 00,048,688 | ---- | C] () -- C:\WINDOWS\Fonts\UPCII.TTF
[2009/11/13 18:22:21 | 00,047,900 | ---- | C] () -- C:\WINDOWS\Fonts\UPCJB.TTF
[2009/11/13 18:22:21 | 00,047,496 | ---- | C] () -- C:\WINDOWS\Fonts\UPCIB.TTF
[2009/11/13 18:22:21 | 00,047,180 | ---- | C] () -- C:\WINDOWS\Fonts\UPCEB.TTF
[2009/11/13 18:22:21 | 00,047,160 | ---- | C] () -- C:\WINDOWS\Fonts\UPCIL.TTF
[2009/11/13 18:22:21 | 00,046,812 | ---- | C] () -- C:\WINDOWS\Fonts\UPCEL.TTF
[2009/11/13 18:22:21 | 00,045,592 | ---- | C] () -- C:\WINDOWS\Fonts\UPCDI.TTF
[2009/11/13 18:22:21 | 00,044,756 | ---- | C] () -- C:\WINDOWS\Fonts\UPCFI.TTF
[2009/11/13 18:22:21 | 00,044,520 | ---- | C] () -- C:\WINDOWS\Fonts\UPCFBI.TTF
[2009/11/13 18:22:21 | 00,044,324 | ---- | C] () -- C:\WINDOWS\Fonts\UPCDBI.TTF
[2009/11/13 18:22:21 | 00,043,336 | ---- | C] () -- C:\WINDOWS\Fonts\UPCDL.TTF
[2009/11/13 18:22:21 | 00,043,308 | ---- | C] () -- C:\WINDOWS\Fonts\UPCFL.TTF
[2009/11/13 18:22:21 | 00,042,224 | ---- | C] () -- C:\WINDOWS\Fonts\UPCFB.TTF
[2009/11/13 18:22:21 | 00,042,152 | ---- | C] () -- C:\WINDOWS\Fonts\UPCDB.TTF
[2009/11/13 18:22:20 | 00,095,816 | ---- | C] () -- C:\WINDOWS\Fonts\ANGSA.TTF
[2009/11/13 18:22:20 | 00,095,808 | ---- | C] () -- C:\WINDOWS\Fonts\ANGSAU.TTF
[2009/11/13 18:22:20 | 00,091,688 | ---- | C] () -- C:\WINDOWS\Fonts\ANGSAUB.TTF
[2009/11/13 18:22:20 | 00,091,688 | ---- | C] () -- C:\WINDOWS\Fonts\ANGSAB.TTF
[2009/11/13 18:22:20 | 00,080,384 | ---- | C] () -- C:\WINDOWS\Fonts\BROWAU.TTF
[2009/11/13 18:22:20 | 00,078,452 | ---- | C] () -- C:\WINDOWS\Fonts\BROWAUI.TTF
[2009/11/13 18:22:20 | 00,076,280 | ---- | C] () -- C:\WINDOWS\Fonts\ANGSAUZ.TTF
[2009/11/13 18:22:20 | 00,076,192 | ---- | C] () -- C:\WINDOWS\Fonts\ANGSAZ.TTF
[2009/11/13 18:22:20 | 00,075,060 | ---- | C] () -- C:\WINDOWS\Fonts\ANGSAUI.TTF
[2009/11/13 18:22:20 | 00,074,992 | ---- | C] () -- C:\WINDOWS\Fonts\ANGSAI.TTF
[2009/11/13 18:22:20 | 00,068,144 | ---- | C] () -- C:\WINDOWS\Fonts\BROWAUZ.TTF
[2009/11/13 18:22:20 | 00,066,276 | ---- | C] () -- C:\WINDOWS\Fonts\BROWAUB.TTF
[2009/11/13 18:22:20 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\msdlg874.fon
[2009/11/13 18:22:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftlx041e.dll
[2009/11/13 18:22:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/11/12 19:00:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/11/12 19:00:07 | 00,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2009/11/12 18:54:27 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/12 18:54:25 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/12 18:54:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/12 18:54:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/12 17:52:07 | 00,023,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\COH_Mon.sys
[2009/11/12 00:13:03 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/11/12 00:12:01 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/11/12 00:12:01 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/11/12 00:09:06 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2009/11/12 00:09:00 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/11/12 00:07:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/11/08 19:42:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{BD3CD74D-334A-4A5B-A1B8-39FBD846E123}
[2009/11/08 19:41:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\hjvxyx
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/24 22:19:53 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/24 22:02:28 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Afemiyohuyagasu.dat
[2009/11/24 08:48:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Oqutupaya.bin
[2009/11/24 01:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\tkzgsddw.job
[2009/11/24 01:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ouvgwbvy.job
[2009/11/22 22:19:40 | 03,145,728 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/22 22:19:38 | 00,000,756 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Free Create-Burn ISO Image.lnk
[2009/11/22 22:18:26 | 03,267,000 | ---- | M] (www.nbxsoft.com ) -- C:\Documents and Settings\Owner\Desktop\createburniso.exe
[2009/11/22 21:25:32 | 14,898,224 | ---- | M] (Vso-software ) -- C:\Documents and Settings\Owner\Desktop\vsophotodvd3_setup.exe
[2009/11/22 10:32:35 | 00,010,214 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Photography Copyright Release0001.mdi
[2009/11/22 10:31:05 | 00,008,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Photography Copyright Release.mdi
[2009/11/21 00:11:30 | 00,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/11/21 00:10:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/21 00:09:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/21 00:05:47 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/21 00:01:35 | 00,000,564 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2009/11/19 17:09:11 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/17 21:22:16 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\hefimeri
[2009/11/17 19:36:41 | 00,000,210 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\1c64-ec47-1438-983d_6279rc
[2009/11/17 16:26:20 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\wisezeki.dll
[2009/11/17 16:26:20 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\mufazuri.dll
[2009/11/17 16:26:17 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\datudove.dll
[2009/11/17 04:26:01 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\yuwehosu.dll
[2009/11/17 04:26:01 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\lunazuse.exe
[2009/11/17 04:26:01 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\huwifibe.dll
[2009/11/17 04:25:56 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\kaleguli.dll
[2009/11/16 16:25:39 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\gipidiwu.dll
[2009/11/16 16:25:35 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\remowoka.dll
[2009/11/16 16:25:35 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\gupogifa.dll
[2009/11/16 09:54:41 | 00,116,296 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/16 04:25:13 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\majetati.dll
[2009/11/16 04:25:07 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\sawimajo.dll
[2009/11/16 04:25:07 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\kujuzide.dll
[2009/11/15 16:25:01 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\sumajina.dll
[2009/11/15 16:25:01 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\pazigavi.dll
[2009/11/15 16:24:51 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\nuwilofo.dll
[2009/11/15 04:24:39 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\yibavisu.dll
[2009/11/15 04:24:39 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\sulajono.dll
[2009/11/15 04:24:39 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\gadehuva.dll
[2009/11/14 17:02:40 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/14 17:02:19 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/14 16:57:24 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/14 16:55:34 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dds.scr
[2009/11/14 16:24:27 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\kelujani.dll
[2009/11/14 16:24:27 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\jigonuwa.dll
[2009/11/14 16:24:27 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\fujayagi.dll
[2009/11/14 15:22:23 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/11/14 15:22:03 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThisInstaller.exe
[2009/11/14 15:15:38 | 01,615,732 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ProcessExplorer.zip
[2009/11/14 04:24:10 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\vahuyayu.dll
[2009/11/14 04:24:10 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\fuledipu.dll
[2009/11/14 04:24:10 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\fivuvujo.dll
[2009/11/13 19:50:08 | 01,312,080 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner\Desktop\Roxanne.exe
[2009/11/13 19:36:28 | 00,396,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/13 16:23:36 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\lomehane.dll
[2009/11/13 16:23:36 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\gejuloha.dll
[2009/11/13 16:23:31 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\fuvatozi.dll
[2009/11/13 04:23:16 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\mabigeku.dll
[2009/11/13 04:23:16 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\dubuwemo.dll
[2009/11/13 04:23:13 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\gevuniya.dll
[2009/11/12 16:23:09 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\vikebije.dll
[2009/11/12 04:23:15 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\zawibavu.dll
[2009/11/12 04:23:15 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\soletemo.dll
[2009/11/12 04:23:15 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\lapolude.dll
[2009/11/12 00:38:27 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/11/12 00:38:27 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/11/12 00:38:27 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/11/12 00:38:27 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/11/12 00:20:02 | 00,001,957 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/11/11 23:49:48 | 38,072,144 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NIS_10.0_build_86_29_OEM30_Yahoo.exe
[2009/11/09 21:00:00 | 00,000,020 | ---- | M] () -- C:\WINDOWS\System32\ZAKANILU.DLL
[2009/11/08 23:28:11 | 00,000,639 | ---- | M] () -- C:\xcrashdump.dat
[2009/11/08 19:38:17 | 00,000,649 | -HS- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.lnk
[2009/11/08 19:37:05 | 00,008,704 | ---- | M] () -- C:\isllv.exe
[2009/11/08 19:36:45 | 00,000,000 | -HS- | M] () -- C:\-335160931
[2009/11/04 03:09:27 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/04 03:09:27 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/04 03:09:27 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/26 12:19:38 | 02,680,116 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/22 22:19:38 | 00,000,756 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Free Create-Burn ISO Image.lnk
[2009/11/22 10:32:33 | 00,010,214 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Photography Copyright Release0001.mdi
[2009/11/22 10:30:54 | 00,008,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Photography Copyright Release.mdi
[2009/11/17 16:26:20 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\wisezeki.dll
[2009/11/17 16:26:20 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\mufazuri.dll
[2009/11/17 16:26:17 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\datudove.dll
[2009/11/17 04:26:01 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\yuwehosu.dll
[2009/11/17 04:26:01 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\lunazuse.exe
[2009/11/17 04:26:01 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\huwifibe.dll
[2009/11/17 04:25:56 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\kaleguli.dll
[2009/11/16 16:25:39 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\gipidiwu.dll
[2009/11/16 16:25:35 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\remowoka.dll
[2009/11/16 16:25:35 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\gupogifa.dll
[2009/11/16 04:25:13 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\majetati.dll
[2009/11/16 04:25:07 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\sawimajo.dll
[2009/11/16 04:25:07 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\kujuzide.dll
[2009/11/15 16:25:01 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\sumajina.dll
[2009/11/15 16:25:01 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\pazigavi.dll
[2009/11/15 16:24:51 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\nuwilofo.dll
[2009/11/15 04:24:39 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\yibavisu.dll
[2009/11/15 04:24:39 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\sulajono.dll
[2009/11/15 04:24:39 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\gadehuva.dll
[2009/11/14 17:02:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/14 16:57:22 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/14 16:55:33 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dds.scr
[2009/11/14 16:24:27 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\kelujani.dll
[2009/11/14 16:24:27 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\jigonuwa.dll
[2009/11/14 16:24:27 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\fujayagi.dll
[2009/11/14 15:22:23 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/11/14 15:15:42 | 01,615,732 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ProcessExplorer.zip
[2009/11/14 04:24:10 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\vahuyayu.dll
[2009/11/14 04:24:10 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\fuledipu.dll
[2009/11/14 04:24:10 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\fivuvujo.dll
[2009/11/13 18:22:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/11/13 18:22:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_864.nls
[2009/11/13 18:22:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/11/13 18:22:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2009/11/13 18:22:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/11/13 18:22:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_708.nls
[2009/11/13 18:22:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/11/13 18:22:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28596.NLS
[2009/11/13 18:22:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/11/13 18:22:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10004.nls
[2009/11/13 18:22:24 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/11/13 18:22:24 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2009/11/13 18:22:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/11/13 18:22:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10005.nls
[2009/11/13 18:22:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/11/13 18:22:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10021.nls
[2009/11/13 16:23:36 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\lomehane.dll
[2009/11/13 16:23:36 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\gejuloha.dll
[2009/11/13 16:23:31 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\fuvatozi.dll
[2009/11/13 04:23:16 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\mabigeku.dll
[2009/11/13 04:23:16 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\dubuwemo.dll
[2009/11/13 04:23:13 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\gevuniya.dll
[2009/11/12 17:52:08 | 00,010,537 | ---- | C] () -- C:\WINDOWS\System32\drivers\COH_Mon.cat
[2009/11/12 17:52:08 | 00,000,706 | ---- | C] () -- C:\WINDOWS\System32\drivers\COH_Mon.inf
[2009/11/12 16:23:09 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\vikebije.dll
[2009/11/12 04:23:15 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\zawibavu.dll
[2009/11/12 04:23:15 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\soletemo.dll
[2009/11/12 04:23:15 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\lapolude.dll
[2009/11/12 00:30:24 | 00,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/11/12 00:30:24 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/11/12 00:25:16 | 00,000,564 | ---- | C] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2009/11/12 00:20:02 | 00,001,957 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/11/11 23:48:45 | 38,072,144 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NIS_10.0_build_86_29_OEM30_Yahoo.exe
[2009/11/11 16:24:45 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\ouvgwbvy.job
[2009/11/09 21:00:00 | 00,000,020 | ---- | C] () -- C:\WINDOWS\System32\ZAKANILU.DLL
[2009/11/09 07:45:10 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\tkzgsddw.job
[2009/11/08 19:42:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Oqutupaya.bin
[2009/11/08 19:42:56 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Afemiyohuyagasu.dat
[2009/11/08 19:39:56 | 00,000,639 | ---- | C] () -- C:\xcrashdump.dat
[2009/11/08 19:37:05 | 00,008,704 | ---- | C] () -- C:\isllv.exe
[2009/11/08 19:36:45 | 00,000,000 | -HS- | C] () -- C:\-335160931
[2009/07/14 09:15:30 | 00,000,210 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\1c64-ec47-1438-983d_6279rc
[2009/03/01 19:57:51 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/03/01 19:57:51 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/03/01 19:57:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/03/01 19:57:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/03/01 19:57:51 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/03/01 19:57:51 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/03/01 15:44:34 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mcs.rma
[2009/03/01 15:44:34 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\D3E7F2
[2008/12/07 23:22:53 | 00,000,084 | ---- | C] () -- C:\WINDOWS\EPSPRX595.ini
[2008/08/12 19:48:17 | 00,116,296 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/08/06 14:48:19 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/16 15:25:05 | 00,000,000 | -HS- | C] () -- C:\Program Files\desktoq.ini
[2006/11/01 21:56:48 | 00,002,162 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/31 15:43:43 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/05/20 16:23:30 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2004/05/20 16:23:30 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2004/05/20 16:22:47 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2004/05/20 16:22:47 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004/05/20 16:22:46 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2004/05/20 16:22:42 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2004/05/20 16:22:35 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2004/05/20 16:22:07 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2004/05/20 16:22:02 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004/05/20 16:21:30 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2004/05/20 13:08:03 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2004/05/20 13:07:56 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2004/05/20 13:06:31 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/05/20 13:06:31 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/05/20 13:06:31 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/05/20 13:06:31 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/05/20 13:06:31 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/05/20 13:06:31 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2004/05/20 13:06:31 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2004/05/20 13:06:31 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2004/05/20 13:06:31 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2004/05/20 13:06:31 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2004/04/02 18:33:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/04/02 18:33:14 | 00,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/04/02 18:18:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/01 16:32:44 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/04/01 16:32:21 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/04/01 16:32:21 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/04/01 16:31:04 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/04/01 16:29:07 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/04/01 16:14:02 | 00,028,734 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/04/01 16:13:21 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/04/01 03:57:30 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/01 03:50:38 | 00,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/04/01 03:01:30 | 00,001,221 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/04/01 02:55:37 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/04/01 02:23:23 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/01 02:14:18 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/04/01 02:14:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/04/01 02:12:07 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/04/01 01:58:48 | 02,680,116 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2004/04/01 01:03:26 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/01 01:02:53 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2004/04/01 01:00:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2004/04/01 00:57:58 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2004/04/01 00:57:58 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2004/04/01 00:57:09 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2004/04/01 00:57:08 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2004/03/31 23:50:07 | 00,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/31 23:50:00 | 00,000,633 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/03/31 23:49:59 | 00,177,664 | ---- | C] () -- C:\WINDOWS\ucawowowowowo.dll
[2004/03/31 23:49:58 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004/03/31 23:49:58 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/03/31 23:49:57 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2004/03/31 23:49:56 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2004/03/31 23:49:56 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2004/03/31 23:49:56 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2004/03/31 23:49:55 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2004/03/31 23:49:55 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2004/03/31 23:49:55 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2004/03/31 23:49:52 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2004/03/31 23:49:48 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2004/03/31 23:49:44 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2004/03/31 16:54:05 | 00,524,016 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2004/03/31 16:54:04 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/03/31 16:53:48 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/05/30 19:00:02 | 01,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2003/05/30 19:00:02 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2003/05/30 19:00:02 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2003/03/07 01:53:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/08 01:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/12 10:14:32 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2002/12/12 10:14:32 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2002/12/12 10:14:32 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2002/12/12 10:14:32 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2002/12/12 10:14:32 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2002/12/12 10:14:32 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2002/12/12 10:14:32 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2002/11/27 01:15:52 | 00,186,368 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2002/11/27 01:15:50 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2001/08/18 00:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
< End of report >


OTL Extras logfile created on: 11/24/2009 10:21:01 PM - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 93.20 Mb Available Physical Memory | 20.83% Memory free
1.03 Gb Paging File | 0.54 Gb Available in Paging File | 51.99% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.25 Gb Total Space | 108.71 Gb Free Space | 75.37% Space Free | Partition Type: NTFS
Drive D: | 4.79 Gb Total Space | 0.72 Gb Free Space | 15.10% Space Free | Partition Type: FAT32
Drive E: | 619.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 3.69 Gb Total Space | 3.33 Gb Free Space | 90.42% Space Free | Partition Type: FAT32

Computer Name: YOUR-VP7X3S9CTM
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903 -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\CoreFTP\coreftp.exe" = C:\Program Files\CoreFTP\coreftp.exe:*:Enabled:Core FTP App -- (Core FTP)
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004 -- (Macromedia, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2881F705-A13F-48F0-824D-3CEA0D3CECC0}" = SymNet
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353B1E6D-7073-4450-8C80-699BD8FCFB49}" = MTP Porting Kit
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8F2771FA-1371-4F73-A7F3-9F3B17073CE4}" = Web-Based Email Tools
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C6C44651-7C66-4b11-92E8-17565D3D22DD}" = HP Image Zone Plus 3.5
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E557E7D4-E972-4F6A-BD39-3F9FDD3508A3}" = Symantec Real Time Storage Protection Component
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ350
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"62067F4C-84A9-45B9-8573-B90468B0A3EF" = Orbital from Hewlett-Packard Desktops (remove only)
"6723E59E-322A-417A-8E03-27A61E18253C" = Overball from Hewlett-Packard Desktops (remove only)
"8C4E79CC-03E1-43AA-9910-9A5113F24603" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"B8610D19-E576-4F91-8A2F-07898D9CA301" = Word Symphony from Hewlett-Packard Desktops (remove only)
"BackWeb-137903 Uninstaller" = Updates from HP
"BFBCBAE3-8293-4215-9C4F-C2402C118EDB" = Otto from Hewlett-Packard Desktops (remove only)
"C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A" = Slyder from Hewlett-Packard Desktops (remove only)
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon RAW Codec" = Canon RAW Codec
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CSCLIB" = Canon Camera Support Core Library
"D11F7128-8CBD-408B-8BF8-034604DEDD42" = Bounce Symphony from Hewlett-Packard Desktops (remove only)
"DA44615A-C243-46A4-8E47-184CFF33CD38" = Five Card Frenzy from Hewlett-Packard Desktops (remove only)
"DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292" = Crystal Maze from Hewlett-Packard Desktops (remove only)
"DPP" = Canon Utilities Digital Photo Professional 3.5
"E28167F1-3F42-40C7-9119-1D5A97444F10" = Blackhawk Striker from Hewlett-Packard Desktops (remove only)
"EOS Utility" = Canon Utilities EOS Utility
"F5215F01-DFC0-475D-A910-6F1AF94E807E" = Tradewinds from Hewlett-Packard Desktops (remove only)
"Free Create-Burn ISO Image_is1" = Free Create-Burn ISO Image v2.0
"HijackThis" = HijackThis 2.0.2
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Image Zone 3.5
"HPTOOLKIT" = Toolkit View(HP)
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LimeWire" = LimeWire 5.1.2
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NVIDIA" =
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealOne Player
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"S3" = VIA/S3G Display Driver
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3767897838-4006310635-2306682198-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pictage Upload Tool" = Pictage Upload Tool

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/24/2009 10:28:39 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Application Hang | ID = 1002
Description = Hanging application CreateBurnISO.exe, version 1.0.0.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/24/2009 10:45:13 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Application Error | ID = 1000
Description = Faulting application createburniso.exe, version 1.0.0.1, faulting
module foxburneru.dll, version 3.8.0.0, fault address 0x000a86ce.

Error - 11/24/2009 10:45:28 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Application Hang | ID = 1002
Description = Hanging application CreateBurnISO.exe, version 1.0.0.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/24/2009 10:50:07 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/24/2009 10:52:02 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Application Error | ID = 1000
Description = Faulting application createburniso.exe, version 1.0.0.1, faulting
module foxburneru.dll, version 3.8.0.0, fault address 0x000a86ce.

Error - 11/24/2009 10:52:13 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Application Hang | ID = 1002
Description = Hanging application CreateBurnISO.exe, version 1.0.0.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/24/2009 10:52:59 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Application Error | ID = 1000
Description = Faulting application createburniso.exe, version 1.0.0.1, faulting
module foxburneru.dll, version 3.8.0.0, fault address 0x000a86ce.

Error - 11/24/2009 10:53:09 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Application Error | ID = 1001
Description = Fault bucket 482995984.

Error - 11/24/2009 10:53:20 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Application Hang | ID = 1002
Description = Hanging application CreateBurnISO.exe, version 1.0.0.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/24/2009 11:03:27 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Application Hang | ID = 1002
Description = Hanging application DPPViewer.exe, version 3.5.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/22/2009 10:29:43 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/22/2009 10:29:45 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/22/2009 10:29:46 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/22/2009 10:51:25 PM | Computer Name = YOUR-VP7X3S9CTM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 11/22/2009 10:59:34 PM | Computer Name = YOUR-VP7X3S9CTM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 11/24/2009 10:06:46 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 11/24/2009 10:41:55 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/24/2009 10:41:55 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/24/2009 10:41:56 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/24/2009 10:41:57 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:35 PM

Posted 24 November 2009 - 10:58 PM

Hi,

please provide a log from gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:35 PM

Posted 01 December 2009 - 10:16 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users