Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with Hijack log file


  • This topic is locked This topic is locked
26 replies to this topic

#1 rlncw07

rlncw07

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 06 February 2010 - 04:06 PM

So, I was stupid and tried to download a Wii points code generator a couple weeks ago. I dont remember the name or the program and It doesnt show up in the downloaded program file. SO I dont know where the program went. But recently I have been getting pop-ups to random sites even though my pop-up blocker is on. Plus I am using Firefox when this happens. But here is a copy of my Hijack this log file. Thanks for any help



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:28 PM, on 2/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.Christina\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {117598C4-E418-4EC9-A147-F8F78A5A7614} - C:\WINDOWS\system32\rqRKBSKB.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9E91EF7B-6846-45C3-A8AB-67CF7C900783} - C:\WINDOWS\system32\jkkKaxVo.dll (file missing)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: c00F4061 - c00F4061.mat (file missing)
O20 - Winlogon Notify: jkkKaxVo - jkkKaxVo.dll (file missing)
O20 - Winlogon Notify: sys32 - sys32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10837 bytes


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:47 AM

Posted 13 February 2010 - 03:55 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 rlncw07

rlncw07
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 14 February 2010 - 12:59 PM

I was able to run DDS and save the files to my desktop. When I ran GMER, my computer would completly freeze up. So I tried to run in safe mode, but the computer would not load safe mode. Now it will not load in normal mode either. So I cant even post the Attach.txt or DDS.txt files because they are on my desktop. All the computer does now is try to load windows and restarts to the load windows option menu. The only choice I think I have now is to reload the OS. Unless there is anything else you can think of to help me. Thanks.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:47 AM

Posted 14 February 2010 - 03:33 PM

Hello rlncw07,

No worries, we still have some options smile.gif

First of all a question, did you somehow try to force Safe Mode by changing the option in MsConfig to boot in safe mode?

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
In your next reply, please include the following:
  • OTL.txt

Edited by elise025, 14 February 2010 - 03:37 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 rlncw07

rlncw07
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 15 February 2010 - 01:56 PM

I am at work right now, but I will give this a try as soon as I get home. Thanks

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:47 AM

Posted 15 February 2010 - 04:20 PM

Okay, take your time smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:47 AM

Posted 19 February 2010 - 09:51 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 rlncw07

rlncw07
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 19 February 2010 - 05:41 PM

sorry elise,

Yea Im still here, I had to travel for work and didn't get a chance to do anything. Ill post it soon.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:47 AM

Posted 20 February 2010 - 05:41 AM

Thats okay, thanks for letting me know smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 rlncw07

rlncw07
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 21 February 2010 - 01:14 PM

Okay elise, sorry it took me so long.




OTL logfile created on: 2/21/2010 12:52:02 PM - Run
OTLPE by OldTimer - Version 3.1.30.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.94 Gb Total Space | 67.41 Gb Free Space | 64.24% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.70 Gb Free Space | 68.91% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (Evlicypi)
SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/21 15:36:02 | 000,545,568 | ---- | M] (Apple Inc.) [Disabled] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/04 19:13:04 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/09/04 19:12:47 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/03/26 22:16:12 | 000,183,280 | ---- | M] (Google) [Auto] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/04/13 19:12:13 | 000,019,968 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\cacls.exe -- (Atiedmaypit)
SRV - [2008/04/13 19:12:02 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/07 21:58:30 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/10/13 07:51:35 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/04/04 23:52:38 | 000,405,504 | ---- | M] (ATI Technologies Inc.) [Auto] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/02/15 10:56:40 | 000,184,320 | ---- | M] () [Auto] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
SRV - [2006/02/07 15:10:14 | 000,106,496 | ---- | M] ( ) [Auto] -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1)
SRV - [2005/11/17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005/11/11 23:40:52 | 000,018,944 | ---- | M] () [Auto] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz130)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2009/09/04 19:13:13 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/04 19:13:13 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/18 18:48:04 | 000,142,832 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/17 21:42:21 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/12/15 18:44:29 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/10/01 13:01:28 | 000,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/09/15 09:07:10 | 000,043,552 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/13 13:34:12 | 000,163,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/14 02:00:00 | 000,043,840 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/20 11:05:02 | 000,027,672 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH)
DRV - [2007/06/20 02:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/06/20 02:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/10/13 07:41:39 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/06/19 01:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/15 17:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/23 21:30:06 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/05/23 10:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/04/12 20:04:39 | 000,049,664 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/04/12 20:04:39 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/04/12 20:04:39 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2006/04/04 23:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/02/20 10:59:28 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - [2005/11/02 16:24:24 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/21 02:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/04/06 14:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/02/01 13:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/11/05 09:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/10 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/10 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 14:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/10 14:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2004/01/27 23:40:26 | 000,284,928 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/01/27 23:39:56 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/01/27 23:34:56 | 000,140,416 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/01/27 23:29:44 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/01/27 23:29:40 | 000,197,632 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/01/27 23:16:38 | 000,117,248 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/08/17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page = http://www.iesearch.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6454
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Owner.Christina_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\Owner.Christina_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2008/09/22 23:52:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/28 21:22:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/12/29 23:57:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/05 18:54:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/05 18:54:31 | 000,000,000 | ---D | M]

[2010/02/14 12:14:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/15 15:05:00 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\atl71.dll
[2007/11/15 15:05:00 | 000,053,248 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\boost_filesystem-vc71-mt-1_33_1.dll
[2007/11/15 15:05:00 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp71.dll
[2007/11/15 15:05:00 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr71.dll
[2007/11/15 15:05:00 | 000,172,032 | ---- | M] (View22 Technology) -- C:\Program Files\Mozilla Firefox\plugins\NPView22.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/11/15 15:05:00 | 000,110,592 | ---- | M] (View22 Technology) -- C:\Program Files\Mozilla Firefox\plugins\v22_base.dll
[2007/11/15 15:05:00 | 000,114,688 | ---- | M] (View22 Technology) -- C:\Program Files\Mozilla Firefox\plugins\v22_compression.dll
[2007/11/15 15:05:00 | 000,106,496 | ---- | M] (View22 Technology) -- C:\Program Files\Mozilla Firefox\plugins\v22_connect.dll
[2007/11/15 15:05:00 | 000,229,376 | ---- | M] (View22 Technology) -- C:\Program Files\Mozilla Firefox\plugins\v22_update.dll
[2007/11/15 15:05:00 | 000,196,608 | ---- | M] (View22 Technology) -- C:\Program Files\Mozilla Firefox\plugins\v22_utility.dll
[2007/11/15 15:05:00 | 000,159,744 | ---- | M] (View22 Technology) -- C:\Program Files\Mozilla Firefox\plugins\v22_winapplib.dll

O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {117598C4-E418-4EC9-A147-F8F78A5A7614} - C:\WINDOWS\System32\rqRKBSKB.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {9E91EF7B-6846-45C3-A8AB-67CF7C900783} - C:\WINDOWS\System32\jkkKaxVo.dll File not found
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Owner.Christina_ON_C\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\Owner.Christina_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [Power2GoExpress] File not found
O4 - HKU\Owner.Christina_ON_C..\Run: [Power2GoExpress] File not found
O4 - HKU\Owner.Christina_ON_C..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner.Christina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner.Christina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Owner.Christina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Owner.Christina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helper32.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\helper32.dll ()
O15 - HKLM\..Trusted Domains: 4 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 1917 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Ranges: 71 range(s) not assigned to a zone.
O15 - HKU\LocalService_ON_C\..Trusted Domains: 1917 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\LocalService_ON_C\..Trusted Ranges: 71 range(s) not assigned to a zone.
O15 - HKU\NetworkService_ON_C\..Trusted Domains: 1917 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\NetworkService_ON_C\..Trusted Ranges: 71 range(s) not assigned to a zone.
O15 - HKU\Owner.Christina_ON_C\..Trusted Domains: 2003 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Owner.Christina_ON_C\..Trusted Ranges: 71 range(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab (PopCapLoader Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\system32\winlogon32.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\c00F4061: DllName - c00F4061.mat - File not found
O20 - Winlogon\Notify\jkkKaxVo: DllName - jkkKaxVo.dll - File not found
O20 - Winlogon\Notify\sys32: DllName - sys32.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O28 - HKLM ShellExecuteHooks: {9E91EF7B-6846-45C3-A8AB-67CF7C900783} - C:\WINDOWS\System32\jkkKaxVo.dll File not found
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\rqRKBSKB) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O32 - AutoRun File - [2009/03/12 21:32:12 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2010/02/21 12:31:24 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/02/21 12:30:00 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/02/21 12:29:59 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/02/21 12:29:59 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/02/21 12:29:59 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/02/21 12:29:59 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/02/21 12:29:59 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/02/21 12:29:59 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/02/06 15:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/06 15:09:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2010/01/29 21:34:40 | 000,027,672 | ---- | C] (EnTech Taiwan) -- C:\WINDOWS\System32\drivers\Entech.sys
[2010/01/29 21:34:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Futuremark
[2010/01/28 21:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Christina\Application Data\Amazon
[2010/01/28 21:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2010/01/28 05:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/01/26 22:41:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\AdobeUM
[2010/01/26 22:40:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Sun
[2010/01/26 22:26:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/26 22:26:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/26 22:26:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/26 08:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/01/25 09:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Christina\My Documents\index_files
[2010/01/23 16:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Christina\My Documents\Downloads
[2010/01/23 14:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Christina\Desktop\Rich
[2010/01/23 14:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Christina\Desktop\Chris
[2010/01/22 19:44:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia
[2010/01/22 19:44:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe
[2010/01/21 00:39:33 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\IETldCache
[2008/12/15 18:44:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner.Christina\Application Data\pcouffin.sys
[36 C:\Documents and Settings\Owner.Christina\My Documents\*.tmp files -> C:\Documents and Settings\Owner.Christina\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2010/02/21 12:54:33 | 000,786,432 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/02/21 12:45:03 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/21 12:32:48 | 000,001,251 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/19 02:25:11 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/19 02:25:11 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/19 02:25:11 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/19 02:25:11 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/19 02:25:11 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/19 02:25:11 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/19 02:25:10 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/19 02:25:10 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/19 02:25:10 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/19 02:25:10 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/19 02:25:10 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/19 02:25:10 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/19 02:25:10 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/14 12:43:11 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\Owner.Christina\NTUSER.DAT
[2010/02/14 12:43:11 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/02/14 12:43:11 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/02/14 12:43:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/14 12:42:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/14 12:42:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner.Christina\ntuser.ini
[2010/02/14 12:42:32 | 000,000,704 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/14 12:42:32 | 000,000,301 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/02/14 12:42:32 | 000,000,239 | RHS- | M] () -- C:\boot.ini
[2010/02/14 12:41:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\IS15.exe
[2010/02/14 12:41:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/02/14 12:41:24 | 000,003,310 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/02/14 12:41:14 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/14 12:40:45 | 2011,279,360 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/14 12:20:31 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/02/14 12:19:15 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\Desktop\Shortcut to 93vmf8md.lnk
[2010/02/14 12:00:53 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\gnyxjbjx.job
[2010/02/14 12:00:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/07 03:10:24 | 055,199,147 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/07 02:56:43 | 000,028,160 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
[2010/02/07 02:56:26 | 000,038,400 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/02/07 02:56:26 | 000,038,400 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe
[2010/02/06 16:03:28 | 000,010,839 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\Desktop\hijackthis2
[2010/02/06 15:37:01 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\Desktop\HijackThis.lnk
[2010/02/06 15:08:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/06 14:42:38 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\Desktop\Microsoft Office Word 2003 (2).lnk
[2010/02/01 16:52:15 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Draft Research Proposal.doc
[2010/02/01 06:39:48 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Take home test.doc
[2010/01/31 13:45:35 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Family and Kinship.doc
[2010/01/28 21:58:50 | 000,052,988 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/28 10:01:24 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Tyranny of Peisistratos.doc
[2010/01/26 22:37:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/25 18:13:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/01/25 18:13:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/01/25 09:37:01 | 000,012,664 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\index.htm
[2010/01/25 09:30:35 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Mother.doc
[2010/01/25 06:20:09 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Baseball Magic.doc
[2010/01/24 21:34:03 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\~$scussion Leader Paper[1].docx
[2010/01/24 21:34:01 | 000,013,883 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Discussion Leader Paper[1].docx
[2010/01/24 13:15:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/01/24 13:15:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/01/22 08:17:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/22 08:12:40 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Muhammad a Prophet for our Tim1.doc
[2010/01/22 07:40:49 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Muhammad a Prophet for our Time.doc
[2010/01/22 06:52:55 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\~$hammad a Prophet for our Time.doc
[2010/01/22 05:25:21 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Discussion Leader.ppt
[2010/01/21 09:14:20 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Geography Study Guid1.doc
[2010/01/20 20:24:14 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Geography Study Guide.doc
[2010/01/20 18:13:09 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\~$ography Study Guide.doc
[2010/01/20 06:02:35 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Gender Stereotypes.doc
[2010/01/19 20:54:41 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/13 21:31:36 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Researching Sex and Gender.doc
[2010/01/11 08:02:00 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Conversational Style and Shakespeare in the Bush.doc
[2010/01/11 08:00:24 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Reading #2.doc
[2010/01/07 21:32:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/01/07 21:32:42 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/01/05 06:39:34 | 000,523,394 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/05 06:39:34 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/05 06:39:34 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/04 18:33:31 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Lawrence Christina Statement of Intent for OSU rev.doc
[36 C:\Documents and Settings\Owner.Christina\My Documents\*.tmp files -> C:\Documents and Settings\Owner.Christina\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/21 12:30:00 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/21 12:30:00 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/21 12:30:00 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/21 12:30:00 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/21 12:30:00 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/21 12:30:00 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/21 12:30:00 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/21 12:30:00 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/21 12:30:00 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/21 12:30:00 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/21 12:30:00 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/21 12:30:00 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/21 12:30:00 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/21 12:30:00 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/21 12:30:00 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/21 12:30:00 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/21 12:30:00 | 000,001,251 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/14 12:19:15 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Desktop\Shortcut to 93vmf8md.lnk
[2010/02/14 12:05:51 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/02/07 10:36:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IS15.exe
[2010/02/07 02:58:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/02/07 02:56:41 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
[2010/02/07 02:56:36 | 000,003,310 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/02/07 02:56:32 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/02/07 02:56:32 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\smss32.exe
[2010/02/06 16:03:28 | 000,010,839 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Desktop\hijackthis2
[2010/02/06 15:37:00 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Desktop\HijackThis.lnk
[2010/01/31 15:21:54 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Take home test.doc
[2010/01/31 13:45:34 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Family and Kinship.doc
[2010/01/28 21:58:50 | 000,052,988 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/28 09:01:59 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Tyranny of Peisistratos.doc
[2010/01/25 09:37:01 | 000,012,664 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\index.htm
[2010/01/25 08:34:46 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Mother.doc
[2010/01/25 06:07:32 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Baseball Magic.doc
[2010/01/24 21:34:03 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\~$scussion Leader Paper[1].docx
[2010/01/24 21:33:55 | 000,013,883 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Discussion Leader Paper[1].docx
[2010/01/22 08:12:39 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Muhammad a Prophet for our Tim1.doc
[2010/01/22 06:52:55 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Muhammad a Prophet for our Time.doc
[2010/01/22 06:52:55 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\~$hammad a Prophet for our Time.doc
[2010/01/21 09:14:20 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Geography Study Guid1.doc
[2010/01/20 20:50:50 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Discussion Leader.ppt
[2010/01/20 18:13:09 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Geography Study Guide.doc
[2010/01/20 18:13:09 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\~$ography Study Guide.doc
[2010/01/20 16:05:55 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Draft Research Proposal.doc
[2010/01/20 06:02:35 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Gender Stereotypes.doc
[2010/01/13 21:31:36 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Researching Sex and Gender.doc
[2010/01/11 08:01:59 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Conversational Style and Shakespeare in the Bush.doc
[2010/01/11 08:00:23 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Reading #2.doc
[2010/01/04 18:33:31 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Lawrence Christina Statement of Intent for OSU rev.doc
[2009/11/22 22:51:20 | 000,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2009/10/01 16:27:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2009/10/01 16:23:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2009/10/01 16:19:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/10/01 16:18:40 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/12/15 18:44:55 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Application Data\pcouffin.log
[2008/12/15 18:44:29 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Application Data\inst.exe
[2008/12/15 18:44:29 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Application Data\pcouffin.cat
[2008/12/15 18:44:29 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Application Data\pcouffin.inf
[2008/12/15 18:05:40 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Local Settings\Application Data\imageCache7.db
[2008/11/11 21:38:57 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/11 03:55:47 | 001,578,112 | -HS- | C] () -- C:\WINDOWS\System32\sccjqqvp.ini
[2008/11/11 01:53:03 | 001,578,148 | -HS- | C] () -- C:\WINDOWS\System32\xbscelyn.ini
[2008/11/11 01:51:55 | 000,010,389 | -HS- | C] () -- C:\WINDOWS\System32\BKSBKRqr.ini2
[2008/11/11 01:51:55 | 000,010,389 | -HS- | C] () -- C:\WINDOWS\System32\BKSBKRqr.ini
[2007/09/15 20:45:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/01/24 22:26:35 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/03 10:03:00 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/11/25 19:13:37 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/25 19:10:52 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Application Data\wklnhst.dat
[2006/11/25 17:47:56 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Local Settings\Application Data\fusioncache.dat
[2006/10/13 08:06:20 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/10/13 07:55:58 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/10/13 07:34:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/13 07:07:29 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/10/13 07:07:09 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/06/21 04:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 04:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 04:24:57 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/08/05 23:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/04 00:59:44 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/01/14 11:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2006/10/13 07:44:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
[2006/10/13 07:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2009/07/01 11:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2008/05/12 15:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\.wyzo
[2010/01/28 21:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\Amazon
[2009/05/17 22:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\AVGTOOLBAR
[2009/10/01 18:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\Azureus
[2009/01/14 22:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\goombah
[2009/07/28 22:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\LimeWire
[2009/10/01 16:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\MAGIX
[2008/12/22 03:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\MP3Rocket
[2008/11/11 01:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\NI.GSCNS
[2009/01/14 22:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\Ruckus Network
[2006/10/13 07:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\SampleView
[2009/03/31 14:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\Songbird2
[2007/09/11 21:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\SSH
[2006/12/03 09:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\Template
[2008/09/22 23:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\Tunebite
[2007/03/19 07:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\Viewpoint
[2008/12/15 18:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\Vso
[2007/07/23 15:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\WildTangent
[2010/02/14 12:00:53 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\gnyxjbjx.job
[2010/02/14 12:20:31 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========


< End of report >


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:47 AM

Posted 21 February 2010 - 01:45 PM

Hello, we found the problem, but before we are able to fix it, we need to locate a good copy of the infected driver. Therefore we need to run a custom scan with OTLPE.

However, first of all I want you to consider the following information...

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Copy/paste the text in the codebox below into OTLPE's "custom scan/fix" field and click "run scan".
CODE
/md5start
atapi.sys
/md5stop
Afterwards, post me the new log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 rlncw07

rlncw07
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 21 February 2010 - 03:17 PM

OTL logfile created on: 2/21/2010 3:10:43 PM - Run
OTLPE by OldTimer - Version 3.1.30.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.94 Gb Total Space | 67.41 Gb Free Space | 64.24% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.70 Gb Free Space | 68.91% Space Free | Partition Type: FAT32
Drive E: | 121.73 Mb Total Space | 109.79 Mb Free Space | 90.19% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (Evlicypi)
SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/21 15:36:02 | 000,545,568 | ---- | M] (Apple Inc.) [Disabled] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/04 19:13:04 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/09/04 19:12:47 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/03/26 22:16:12 | 000,183,280 | ---- | M] (Google) [Auto] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/04/13 19:12:13 | 000,019,968 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\cacls.exe -- (Atiedmaypit)
SRV - [2008/04/13 19:12:02 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/07 21:58:30 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/10/13 07:51:35 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/04/04 23:52:38 | 000,405,504 | ---- | M] (ATI Technologies Inc.) [Auto] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/02/15 10:56:40 | 000,184,320 | ---- | M] () [Auto] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
SRV - [2006/02/07 15:10:14 | 000,106,496 | ---- | M] ( ) [Auto] -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1)
SRV - [2005/11/17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005/11/11 23:40:52 | 000,018,944 | ---- | M] () [Auto] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz130)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2009/09/04 19:13:13 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/04 19:13:13 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/18 18:48:04 | 000,142,832 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/17 21:42:21 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/12/15 18:44:29 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/10/01 13:01:28 | 000,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/09/15 09:07:10 | 000,043,552 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/13 13:34:12 | 000,163,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/14 02:00:00 | 000,043,840 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/20 11:05:02 | 000,027,672 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH)
DRV - [2007/06/20 02:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/06/20 02:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/10/13 07:41:39 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/06/19 01:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/15 17:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/23 21:30:06 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/05/23 10:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/04/12 20:04:39 | 000,049,664 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/04/12 20:04:39 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/04/12 20:04:39 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2006/04/04 23:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/02/20 10:59:28 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - [2005/11/02 16:24:24 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/21 02:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/04/06 14:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/02/01 13:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/11/05 09:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/10 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/10 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 14:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/10 14:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2004/01/27 23:40:26 | 000,284,928 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/01/27 23:39:56 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/01/27 23:34:56 | 000,140,416 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/01/27 23:29:44 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/01/27 23:29:40 | 000,197,632 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/01/27 23:16:38 | 000,117,248 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/08/17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page = http://www.iesearch.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6454
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Owner.Christina_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\Owner.Christina_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\Owner.Christina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2008/09/22 23:52:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/28 21:22:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/12/29 23:57:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/05 18:54:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/05 18:54:31 | 000,000,000 | ---D | M]

[2010/02/14 12:14:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/15 15:05:00 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\atl71.dll
[2007/11/15 15:05:00 | 000,053,248 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\boost_filesystem-vc71-mt-1_33_1.dll
[2007/11/15 15:05:00 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp71.dll
[2007/11/15 15:05:00 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr71.dll
[2007/11/15 15:05:00 | 000,172,032 | ---- | M] (View22 Technology) -- C:\Program Files\Mozilla Firefox\plugins\NPView22.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/11/15 15:05:00 | 000,110,592 | ---- | M] (View22 Technology) -- C:\Program Files\Mozilla Firefox\plugins\v22_base.dll
[2007/11/15 15:05:00 | 000,114,688 | ---- | M] (View22 Technology) -- C:\Program Files\Mozilla Firefox\plugins\v22_compression.dll
[2007/11/15 15:05:00 | 000,106,496 | ---- | M] (View22 Technology) -- C:\Program Files\Mozilla Firefox\plugins\v22_connect.dll
[2007/11/15 15:05:00 | 000,229,376 | ---- | M] (View22 Technology) -- C:\Program Files\Mozilla Firefox\plugins\v22_update.dll
[2007/11/15 15:05:00 | 000,196,608 | ---- | M] (View22 Technology) -- C:\Program Files\Mozilla Firefox\plugins\v22_utility.dll
[2007/11/15 15:05:00 | 000,159,744 | ---- | M] (View22 Technology) -- C:\Program Files\Mozilla Firefox\plugins\v22_winapplib.dll

O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {117598C4-E418-4EC9-A147-F8F78A5A7614} - C:\WINDOWS\System32\rqRKBSKB.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {9E91EF7B-6846-45C3-A8AB-67CF7C900783} - C:\WINDOWS\System32\jkkKaxVo.dll File not found
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Owner.Christina_ON_C\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\Owner.Christina_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [Power2GoExpress] File not found
O4 - HKU\Owner.Christina_ON_C..\Run: [Power2GoExpress] File not found
O4 - HKU\Owner.Christina_ON_C..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner.Christina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner.Christina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Owner.Christina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Owner.Christina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helper32.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\helper32.dll ()
O15 - HKLM\..Trusted Domains: 4 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 1917 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Ranges: 71 range(s) not assigned to a zone.
O15 - HKU\LocalService_ON_C\..Trusted Domains: 1917 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\LocalService_ON_C\..Trusted Ranges: 71 range(s) not assigned to a zone.
O15 - HKU\NetworkService_ON_C\..Trusted Domains: 1917 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\NetworkService_ON_C\..Trusted Ranges: 71 range(s) not assigned to a zone.
O15 - HKU\Owner.Christina_ON_C\..Trusted Domains: 2003 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Owner.Christina_ON_C\..Trusted Ranges: 71 range(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab (PopCapLoader Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\system32\winlogon32.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\c00F4061: DllName - c00F4061.mat - File not found
O20 - Winlogon\Notify\jkkKaxVo: DllName - jkkKaxVo.dll - File not found
O20 - Winlogon\Notify\sys32: DllName - sys32.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O28 - HKLM ShellExecuteHooks: {9E91EF7B-6846-45C3-A8AB-67CF7C900783} - C:\WINDOWS\System32\jkkKaxVo.dll File not found
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\rqRKBSKB) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O32 - AutoRun File - [2009/03/12 21:32:12 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2010/02/21 12:56:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/02/21 12:31:24 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/02/21 12:30:00 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/02/21 12:29:59 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/02/21 12:29:59 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/02/21 12:29:59 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/02/21 12:29:59 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/02/21 12:29:59 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/02/21 12:29:59 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/02/21 12:29:59 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/02/06 15:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/06 15:09:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2010/01/29 21:34:40 | 000,027,672 | ---- | C] (EnTech Taiwan) -- C:\WINDOWS\System32\drivers\Entech.sys
[2010/01/29 21:34:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Futuremark
[2010/01/28 21:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Christina\Application Data\Amazon
[2010/01/28 21:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2010/01/28 05:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/01/26 22:41:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\AdobeUM
[2010/01/26 22:40:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Sun
[2010/01/26 22:26:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/26 22:26:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/26 22:26:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/26 08:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/01/25 09:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Christina\My Documents\index_files
[2010/01/23 16:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Christina\My Documents\Downloads
[2010/01/23 14:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Christina\Desktop\Rich
[2010/01/23 14:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Christina\Desktop\Chris
[2010/01/22 19:44:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia
[2010/01/22 19:44:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe
[2010/01/21 00:39:33 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\IETldCache
[2008/12/15 18:44:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner.Christina\Application Data\pcouffin.sys
[36 C:\Documents and Settings\Owner.Christina\My Documents\*.tmp files -> C:\Documents and Settings\Owner.Christina\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2010/02/21 12:58:26 | 000,786,432 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/02/21 12:45:03 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/21 12:32:48 | 000,001,251 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/19 02:25:11 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/19 02:25:11 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/19 02:25:11 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/19 02:25:11 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/19 02:25:11 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/19 02:25:11 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/19 02:25:10 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/19 02:25:10 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/19 02:25:10 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/19 02:25:10 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/19 02:25:10 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/19 02:25:10 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/19 02:25:10 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/14 12:43:11 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\Owner.Christina\NTUSER.DAT
[2010/02/14 12:43:11 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/02/14 12:43:11 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/02/14 12:43:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/14 12:42:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/14 12:42:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner.Christina\ntuser.ini
[2010/02/14 12:42:32 | 000,000,704 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/14 12:42:32 | 000,000,301 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/02/14 12:42:32 | 000,000,239 | RHS- | M] () -- C:\boot.ini
[2010/02/14 12:41:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\IS15.exe
[2010/02/14 12:41:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/02/14 12:41:24 | 000,003,310 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/02/14 12:41:14 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/14 12:40:45 | 2011,279,360 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/14 12:20:31 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/02/14 12:19:15 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\Desktop\Shortcut to 93vmf8md.lnk
[2010/02/14 12:00:53 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\gnyxjbjx.job
[2010/02/14 12:00:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/07 03:10:24 | 055,199,147 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/07 02:56:43 | 000,028,160 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
[2010/02/07 02:56:26 | 000,038,400 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/02/07 02:56:26 | 000,038,400 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe
[2010/02/06 16:03:28 | 000,010,839 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\Desktop\hijackthis2
[2010/02/06 15:37:01 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\Desktop\HijackThis.lnk
[2010/02/06 15:08:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/06 14:42:38 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\Desktop\Microsoft Office Word 2003 (2).lnk
[2010/02/01 16:52:15 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Draft Research Proposal.doc
[2010/02/01 06:39:48 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Take home test.doc
[2010/01/31 13:45:35 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Family and Kinship.doc
[2010/01/28 21:58:50 | 000,052,988 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/28 10:01:24 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Tyranny of Peisistratos.doc
[2010/01/26 22:37:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/25 18:13:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/01/25 18:13:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/01/25 09:37:01 | 000,012,664 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\index.htm
[2010/01/25 09:30:35 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Mother.doc
[2010/01/25 06:20:09 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Baseball Magic.doc
[2010/01/24 21:34:03 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\~$scussion Leader Paper[1].docx
[2010/01/24 21:34:01 | 000,013,883 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Discussion Leader Paper[1].docx
[2010/01/24 13:15:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/01/24 13:15:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/01/22 08:17:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/22 08:12:40 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Muhammad a Prophet for our Tim1.doc
[2010/01/22 07:40:49 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Muhammad a Prophet for our Time.doc
[2010/01/22 06:52:55 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\~$hammad a Prophet for our Time.doc
[2010/01/22 05:25:21 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Discussion Leader.ppt
[2010/01/21 09:14:20 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Geography Study Guid1.doc
[2010/01/20 20:24:14 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Geography Study Guide.doc
[2010/01/20 18:13:09 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\~$ography Study Guide.doc
[2010/01/20 06:02:35 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Gender Stereotypes.doc
[2010/01/19 20:54:41 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/13 21:31:36 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Researching Sex and Gender.doc
[2010/01/11 08:02:00 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Conversational Style and Shakespeare in the Bush.doc
[2010/01/11 08:00:24 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Reading #2.doc
[2010/01/07 21:32:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/01/07 21:32:42 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/01/05 06:39:34 | 000,523,394 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/05 06:39:34 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/05 06:39:34 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/04 18:33:31 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Owner.Christina\My Documents\Lawrence Christina Statement of Intent for OSU rev.doc
[36 C:\Documents and Settings\Owner.Christina\My Documents\*.tmp files -> C:\Documents and Settings\Owner.Christina\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/21 12:30:00 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/21 12:30:00 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/21 12:30:00 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/21 12:30:00 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/21 12:30:00 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/21 12:30:00 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/21 12:30:00 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/21 12:30:00 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/21 12:30:00 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/21 12:30:00 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/21 12:30:00 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/21 12:30:00 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/21 12:30:00 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/21 12:30:00 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/21 12:30:00 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/21 12:30:00 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/21 12:30:00 | 000,001,251 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/14 12:19:15 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Desktop\Shortcut to 93vmf8md.lnk
[2010/02/14 12:05:51 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/02/07 10:36:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IS15.exe
[2010/02/07 02:58:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/02/07 02:56:41 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
[2010/02/07 02:56:36 | 000,003,310 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/02/07 02:56:32 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/02/07 02:56:32 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\smss32.exe
[2010/02/06 16:03:28 | 000,010,839 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Desktop\hijackthis2
[2010/02/06 15:37:00 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Desktop\HijackThis.lnk
[2010/01/31 15:21:54 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Take home test.doc
[2010/01/31 13:45:34 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Family and Kinship.doc
[2010/01/28 21:58:50 | 000,052,988 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/28 09:01:59 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Tyranny of Peisistratos.doc
[2010/01/25 09:37:01 | 000,012,664 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\index.htm
[2010/01/25 08:34:46 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Mother.doc
[2010/01/25 06:07:32 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Baseball Magic.doc
[2010/01/24 21:34:03 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\~$scussion Leader Paper[1].docx
[2010/01/24 21:33:55 | 000,013,883 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Discussion Leader Paper[1].docx
[2010/01/22 08:12:39 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Muhammad a Prophet for our Tim1.doc
[2010/01/22 06:52:55 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Muhammad a Prophet for our Time.doc
[2010/01/22 06:52:55 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\~$hammad a Prophet for our Time.doc
[2010/01/21 09:14:20 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Geography Study Guid1.doc
[2010/01/20 20:50:50 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Discussion Leader.ppt
[2010/01/20 18:13:09 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Geography Study Guide.doc
[2010/01/20 18:13:09 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\~$ography Study Guide.doc
[2010/01/20 16:05:55 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Draft Research Proposal.doc
[2010/01/20 06:02:35 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Gender Stereotypes.doc
[2010/01/13 21:31:36 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Researching Sex and Gender.doc
[2010/01/11 08:01:59 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Conversational Style and Shakespeare in the Bush.doc
[2010/01/11 08:00:23 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Reading #2.doc
[2010/01/04 18:33:31 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\My Documents\Lawrence Christina Statement of Intent for OSU rev.doc
[2009/11/22 22:51:20 | 000,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2009/10/01 16:27:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2009/10/01 16:23:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2009/10/01 16:19:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/10/01 16:18:40 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/12/15 18:44:55 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Application Data\pcouffin.log
[2008/12/15 18:44:29 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Application Data\inst.exe
[2008/12/15 18:44:29 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Application Data\pcouffin.cat
[2008/12/15 18:44:29 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Application Data\pcouffin.inf
[2008/12/15 18:05:40 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Local Settings\Application Data\imageCache7.db
[2008/11/11 21:38:57 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/11 03:55:47 | 001,578,112 | -HS- | C] () -- C:\WINDOWS\System32\sccjqqvp.ini
[2008/11/11 01:53:03 | 001,578,148 | -HS- | C] () -- C:\WINDOWS\System32\xbscelyn.ini
[2008/11/11 01:51:55 | 000,010,389 | -HS- | C] () -- C:\WINDOWS\System32\BKSBKRqr.ini2
[2008/11/11 01:51:55 | 000,010,389 | -HS- | C] () -- C:\WINDOWS\System32\BKSBKRqr.ini
[2007/09/15 20:45:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/01/24 22:26:35 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/03 10:03:00 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/11/25 19:13:37 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/25 19:10:52 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Application Data\wklnhst.dat
[2006/11/25 17:47:56 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Owner.Christina\Local Settings\Application Data\fusioncache.dat
[2006/10/13 08:06:20 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/10/13 07:55:58 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/10/13 07:34:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/13 07:07:29 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/10/13 07:07:09 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/06/21 04:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 04:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 04:24:57 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/08/05 23:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/04 00:59:44 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/01/14 11:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2006/10/13 07:44:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
[2006/10/13 07:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2009/07/01 11:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2008/05/12 15:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\.wyzo
[2010/01/28 21:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\Amazon
[2009/05/17 22:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\AVGTOOLBAR
[2009/10/01 18:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\Azureus
[2009/01/14 22:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\goombah
[2009/07/28 22:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\LimeWire
[2009/10/01 16:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\MAGIX
[2008/12/22 03:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\MP3Rocket
[2008/11/11 01:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\NI.GSCNS
[2009/01/14 22:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\Ruckus Network
[2006/10/13 07:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\SampleView
[2009/03/31 14:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\Songbird2
[2007/09/11 21:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\SSH
[2006/12/03 09:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\Template
[2008/09/22 23:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\Tunebite
[2007/03/19 07:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\Viewpoint
[2008/12/15 18:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\Vso
[2007/07/23 15:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Christina\Application Data\WildTangent
[2010/02/14 12:00:53 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\gnyxjbjx.job
[2010/02/14 12:20:31 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/26 19:10:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/10/26 19:10:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] () MD5=F0678F7585CE2258561C5DEDBE698C04 -- C:\WINDOWS\system32\drivers\atapi.sys
< End of report >


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:47 AM

Posted 22 February 2010 - 07:01 AM

Well, there's more to fix here than only a rootkit, so lets get started smile.gif

Open OTLPE and copy all text in the codebox in the "custom scan/fix" field. Click "Run Fix".
CODE
:OTL
O2 - BHO: (no name) - {9E91EF7B-6846-45C3-A8AB-67CF7C900783} - C:\WINDOWS\System32\jkkKaxVo.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Owner.Christina_ON_C\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKU\Owner.Christina_ON_C..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Owner.Christina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Owner.Christina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Owner.Christina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O20 - Winlogon\Notify\c00F4061: DllName - c00F4061.mat - File not found
O20 - Winlogon\Notify\jkkKaxVo: DllName - jkkKaxVo.dll - File not found
O20 - Winlogon\Notify\sys32: DllName - sys32.dll - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\rqRKBSKB) - File not found
[2010/02/14 12:00:53 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\gnyxjbjx.job
[2010/02/07 10:36:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IS15.exe
[2010/02/07 02:58:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/02/07 02:56:41 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
[2010/02/07 02:56:36 | 000,003,310 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/02/07 02:56:32 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/02/07 02:56:32 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\smss32.exe
[2010/02/06 15:09:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

:files
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\ServicePackFiles\i386\atapi.sys /replace
C:\WINDOWS\system32\sdra64.exe
After the fix has run, try to boot normally and let me know how that goes. Do NOT attempt to change anything at your system, just post back here!

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 rlncw07

rlncw07
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 23 February 2010 - 10:30 PM

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\\{9E91EF7B-6846-45C3-A8AB-67CF7C900783} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E91EF7B-6846-45C3-A8AB-67CF7C900783}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\Owner.Christina_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe deleted successfully.
C:\WINDOWS\system32\smss32.exe moved successfully.
Registry value HKEY_USERS\Owner.Christina_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe deleted successfully.
File C:\WINDOWS\system32\smss32.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\Owner.Christina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_USERS\Owner.Christina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\Owner.Christina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c00F4061\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkKaxVo\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sys32\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\rqRKBSKB deleted successfully.
C:\WINDOWS\Tasks\gnyxjbjx.job moved successfully.
C:\WINDOWS\system32\IS15.exe moved successfully.
C:\WINDOWS\system32\41.exe moved successfully.
C:\WINDOWS\system32\helper32.dll moved successfully.
C:\WINDOWS\system32\warning.html moved successfully.
C:\WINDOWS\system32\winlogon32.exe moved successfully.
File C:\WINDOWS\System32\smss32.exe not found.
C:\WINDOWS\System32\lowsec folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!
========== FILES ==========
File C:\WINDOWS\system32\drivers\atapi.sys successfully replaced with C:\WINDOWS\ServicePackFiles\i386\atapi.sys
C:\WINDOWS\system32\sdra64.exe moved successfully.

OTLPE by OldTimer - Version 3.1.30.1 log created on 02232010_222719


#15 rlncw07

rlncw07
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 23 February 2010 - 10:36 PM

I was also able to restart and load windows normally




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users