Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No access to safe mode, desktop, sys restore, etc


  • This topic is locked This topic is locked
122 replies to this topic

#1 Neese

Neese

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:08:22 AM

Posted 01 March 2010 - 05:09 PM

I made it to a point where I could run MBAM four days ago on a laptop, but before it finished, a pop-up happened, kicked it into a reboot, and now I can't get it to boot to safe mode, or to the desktop in any way. This virus has also disabled system restore, and task manager as well. It now just hangs up mid-boot, with the safe mode words in the corners of a black screen.

Many, many different error boxes keep popping up when I try to boot up normally, or at least with the "last good configuration", listing file names/ .dll errors = bad image. Says to try installing from install disk. Problem is, I can't find the install disks, after the last instance in January fixing this laptop with those disks.

If I could get it to boot up, and I could run rkill, or MBAM, I believe it would eventually work out? However, what to do to get to that point?

Any help, advice is appreciate.
Thanks.


Edit:
Sorry, forgot to mention the OS is Win XP Home.
Also, a lot of the applications were coming up previously as "disabled by administrator" while no administrator rights were set on this laptop.

Edited by Neese, 01 March 2010 - 05:16 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:22 AM

Posted 01 March 2010 - 10:20 PM

Hi, Neese smile.gif

Welcome.

Lets give this a try. You will need a flash drive to move information from the sick computer to a working computer, so we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

Two programs to download

First

Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps.

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:08:22 AM

Posted 02 March 2010 - 06:13 AM

Thank you for the reply! Wanted you to know I saw this, and will be doing this later this day! Thanks

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:22 AM

Posted 02 March 2010 - 09:57 AM

You are welcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:08:22 AM

Posted 02 March 2010 - 10:21 AM

OTL logfile created on: 3/2/2010 9:43:04 AM - Run
OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 324.00 Mb Available Physical Memory | 63.00% Memory free
459.00 Mb Paging File | 337.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 31.15 Gb Free Space | 55.75% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 6.21 Gb Free Space | 83.28% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2010/02/25 10:44:17 | 000,182,784 | ---- | M] () [Auto] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)
SRV - [2010/01/29 17:03:42 | 000,135,664 | ---- | M] (Google Inc.) [Auto] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/30 10:02:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/29 22:43:39 | 000,182,768 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/08/05 17:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/08/04 07:00:00 | 000,053,248 | ---- | M] () [Auto] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
SRV - [2004/07/27 14:25:24 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi)
SRV - [2004/04/07 14:22:00 | 000,073,728 | R--- | M] (NVIDIA Corporation) [Auto] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/02/20 19:19:38 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/02/25 21:00:03 | 000,095,360 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2004/08/04 13:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 07:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/04 07:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2004/08/04 07:00:00 | 000,451,456 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2004/08/04 07:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2004/08/04 07:00:00 | 000,336,256 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2004/08/04 07:00:00 | 000,263,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2004/08/04 07:00:00 | 000,209,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2004/08/04 07:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2004/08/04 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/04 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2004/08/04 07:00:00 | 000,176,512 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2004/08/04 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/04 07:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/04 07:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/04 07:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2004/08/04 07:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2004/08/04 07:00:00 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/04 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 07:00:00 | 000,124,800 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2004/08/04 07:00:00 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/04 07:00:00 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2004/08/04 07:00:00 | 000,092,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2004/08/04 07:00:00 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/04 07:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/04 07:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/04 07:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2004/08/04 07:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/04 07:00:00 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2004/08/04 07:00:00 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/04 07:00:00 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/04 07:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/04 07:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/04 07:00:00 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/04 07:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/04 07:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/04 07:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/04 07:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/04 07:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/04 07:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/04 07:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2004/08/04 07:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2004/08/04 07:00:00 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2004/08/04 07:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/04 07:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2004/08/04 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/04 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/04 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 07:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/04 07:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2004/08/04 07:00:00 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/04 07:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 07:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/04 07:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2004/08/04 07:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/04 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/04 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/04 07:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/04 07:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/04 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2004/08/04 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2004/08/04 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 07:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/04 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 07:00:00 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/04 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 07:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2004/08/04 07:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/04 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 07:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/04 07:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/04 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2004/08/04 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2004/08/04 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 07:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 07:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2004/08/04 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/08/04 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/04 07:00:00 | 000,002,304 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\membus.sys -- (membus)
DRV - [2004/08/04 01:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/03 23:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/03 23:15:06 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2004/08/03 23:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/03 23:08:48 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2004/08/03 23:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/03 23:07:50 | 000,171,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2004/08/03 23:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2004/08/03 23:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2004/08/03 22:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2004/08/03 22:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2004/08/03 22:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2004/08/03 22:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/03 22:58:34 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/03 22:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2004/08/03 18:07:42 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2004/08/03 18:07:40 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2004/08/03 17:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/05/08 10:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/04/14 08:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/04/07 14:22:00 | 001,382,634 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/04/05 17:42:36 | 000,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/02/01 18:22:00 | 000,100,384 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2004/01/30 10:01:40 | 001,205,292 | R--- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/13 16:40:28 | 000,612,032 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/12/02 09:27:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/10/23 10:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/07 22:40:00 | 000,094,601 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/08 19:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tiumflt.sys -- (DevUpper)
DRV - [2003/07/30 02:02:00 | 000,017,168 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2003/06/06 12:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/02/18 19:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2001/08/17 14:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 08:58:00 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.LULUBELL_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\LASLEY_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\LASLEY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.faceboo.com/
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Pieper.PIEPER-5859368D_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\Pieper.PIEPER-5859368D_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/25 19:29:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/02/22 12:41:59 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\System32\agrsmmsg.exe ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\apoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\cfd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe (Microsoft Corporation)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe ()
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] c:\program files\quicktime\qttask .exe (Microsoft Corporation)
O4 - HKLM..\Run: [RRT-Auto] E:\RRT.exe File not found
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKLM..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\usrprmpt.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\WINDOWS\Temp\win.exe ()
O4 - HKU\.DEFAULT..\Run: [Remote System Protection] C:\WINDOWS\System32\ffe3rh.DLL File not found
O4 - HKU\Administrator.LULUBELL_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Administrator.LULUBELL_ON_C..\Run: [Remote System Protection] C:\WINDOWS\System32\ffe3rh.DLL File not found
O4 - HKU\Administrator.LULUBELL_ON_C..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKU\LASLEY_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\LASLEY_ON_C..\Run: [Remote System Protection] C:\WINDOWS\System32\ffe3rh.DLL File not found
O4 - HKU\LASLEY_ON_C..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Temp\setup.exe ()
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [eventcreatexp.exe] C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Temp\eventcreatexp.exe ()
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [jccaex] C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex.exe ()
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [jccaex ] c:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe ()
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [RecordNow!] File not found
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation)
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [TOY5KNQ8OC] c:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Temp\cjd .exe ()
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] c:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Temp\xr6q6 .exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (app_dll.dll) - C:\WINDOWS\System32\app_dll.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\system32\winlogon32.exe ()
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\Pieper.PIEPER-5859368D_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\WINDOWS\Amber Migration.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/04 18:16:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\WINDOWS\system32\mshlps.dll) - C:\WINDOWS\system32\mshlps.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/03/02 09:23:36 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/03/02 09:22:20 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/03/02 09:22:20 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/03/02 09:22:20 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/03/02 09:22:20 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/03/02 09:22:20 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/03/02 09:22:20 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/03/02 09:22:20 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/03/02 09:22:20 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/03/02 09:22:20 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/03/02 09:22:20 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/03/02 09:22:20 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/03/02 09:22:20 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/03/02 09:22:20 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/03/02 09:22:20 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/03/02 09:22:20 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/03/02 09:22:20 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/03/02 09:22:20 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/02/25 20:13:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/25 20:12:43 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/25 20:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/25 19:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Desktop\Unused Desktop Shortcuts
[2010/02/25 13:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\My Documents\Simply Super Software
[2010/02/25 13:11:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/02/25 13:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/02/25 13:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\Simply Super Software
[2010/02/22 16:37:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/22 13:53:56 | 000,248,832 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\vclx50.bpl
[2010/02/22 13:53:55 | 002,023,424 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\vcl50.bpl
[2010/02/22 13:53:55 | 001,873,920 | ---- | C] (Raize Software, Inc.) -- C:\WINDOWS\System32\Rz30Ctls50.bpl
[2010/02/22 13:53:54 | 001,496,064 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\cc3250mt.dll
[2010/02/22 13:53:54 | 000,025,600 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\BORLNDMM.DLL
[2010/02/22 13:04:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/22 12:39:14 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/02/22 12:39:14 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/02/22 12:39:14 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/02/22 12:39:14 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010/02/22 12:39:14 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/02/22 12:39:14 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/02/22 12:39:14 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/02/22 12:39:14 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010/02/21 19:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Application Data\Malwarebytes
[2010/02/21 19:34:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.LULUBELL\IETldCache
[2010/02/21 19:33:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.LULUBELL\Application Data\Microsoft
[2010/02/21 19:33:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\SendTo
[2010/02/21 19:33:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Application Data
[2010/02/21 19:33:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Start Menu
[2010/02/21 19:33:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.LULUBELL\Cookies
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Templates
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Recent
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\PrintHood
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\NetHood
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\My Documents
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings\Application Data\Microsoft
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Favorites
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Desktop
[2010/02/20 09:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LASLEY\Local Settings\Application Data\Yahoo
[2010/02/20 09:41:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LASLEY\PrivacIE
[2010/02/20 09:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LASLEY\Application Data\Yahoo!
[2010/02/20 09:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LASLEY\Application Data\Sonic
[2010/02/20 09:15:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
[2010/02/14 14:03:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\PrivacIE
[2010/02/14 14:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Yahoo
[2010/02/14 14:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Yahoo!
[2010/02/14 14:02:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
[2010/02/14 13:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\AdobeUM
[2010/02/14 13:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
[2010/02/14 13:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\My Documents\My eBooks
[2010/02/14 13:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\My Documents
[2010/02/14 13:04:47 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\PrivacIE
[2010/02/14 13:04:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
[2010/02/14 12:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
[2010/02/14 12:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2010/02/14 12:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\runit
[2010/02/14 12:06:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Fonts\'
[2010/02/14 12:06:13 | 000,147,456 | ---- | C] (Info-ZIP) -- C:\WINDOWS\System32\vbzip10.dll
[2010/02/13 21:19:04 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/02/09 19:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\Identities
[2010/02/02 20:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/01/31 21:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/01/31 18:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\Help
[2010/01/31 18:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\Help
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,095,232 | ---- | M] () -- C:\WINDOWS\System32\dusazewa.dll.vir
[2099/01/01 12:00:00 | 000,093,696 | -HS- | M] () -- C:\WINDOWS\System32\toyigeru.dll
[2099/01/01 12:00:00 | 000,070,656 | ---- | M] () -- C:\WINDOWS\System32\sugefeso.dll.vir
[2099/01/01 12:00:00 | 000,053,760 | ---- | M] () -- C:\WINDOWS\System32\ramuzovi.dll.vir
[2099/01/01 12:00:00 | 000,053,760 | ---- | M] () -- C:\WINDOWS\System32\lukopijo.dll.vir
[2099/01/01 12:00:00 | 000,051,720 | -HS- | M] () -- C:\WINDOWS\System32\fajutuse.exe
[2099/01/01 12:00:00 | 000,045,568 | -HS- | M] () -- C:\WINDOWS\System32\wezegaho.dll
[2099/01/01 12:00:00 | 000,040,960 | -HS- | M] () -- C:\WINDOWS\System32\parajami.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\jinorije.dll
[2099/01/01 12:00:00 | 000,038,912 | -HS- | M] () -- C:\WINDOWS\System32\gabihiwo.dll
[2099/01/01 12:00:00 | 000,025,600 | -HS- | M] () -- C:\WINDOWS\System32\mewutimu.dll
[2010/03/02 09:44:08 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\NTUSER.DAT
[2010/03/02 09:26:16 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/02 09:18:43 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2010/03/02 09:18:43 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
[2010/03/02 09:18:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/02 09:18:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/02 09:17:48 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/01 16:12:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/01 16:12:44 | 000,000,302 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/03/01 16:12:44 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/03/01 15:59:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/28 21:05:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B4A5B783-8436-45C2-95EA-CB44AE0C7375}.job
[2010/02/28 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/02/28 21:00:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/02/28 21:00:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/02/28 20:53:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/26 21:51:50 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\LASLEY\NTUSER.DAT
[2010/02/26 21:51:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\LASLEY\ntuser.ini
[2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/25 22:30:27 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\NTUSER.DAT
[2010/02/25 22:30:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\ntuser.ini
[2010/02/25 22:08:45 | 002,945,566 | -H-- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\IconCache.db
[2010/02/25 22:00:35 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/02/25 22:00:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/02/25 21:00:03 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/02/25 21:00:03 | 000,095,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/02/25 20:08:34 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\hphmon05.exe
[2010/02/25 20:08:27 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\nwiz.exe
[2010/02/25 20:08:26 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\rundll32.exe
[2010/02/25 20:08:24 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\agrsmmsg.exe
[2010/02/25 20:08:23 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/25 20:08:19 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex.exe
[2010/02/25 20:07:18 | 001,489,408 | ---- | M] () -- C:\WINDOWS\System32\IS15.exe
[2010/02/25 20:07:05 | 000,027,648 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
[2010/02/25 20:07:02 | 000,003,310 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/02/25 19:11:44 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2010/02/25 19:11:43 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\agrsmmsg.exe
[2010/02/25 18:36:59 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\maravaku
[2010/02/25 11:16:13 | 000,014,153 | RHS- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .scr
[2010/02/25 11:16:13 | 000,014,153 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe.vir
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Video .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Pictures .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Passwords .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\New Folder .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Music .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Documents .lnk
[2010/02/25 11:15:57 | 000,000,126 | RHS- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\autorun.inf
[2010/02/25 11:11:47 | 000,000,137 | ---- | M] () -- C:\WINDOWS\System32\svchost.bat
[2010/02/25 11:04:37 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/25 11:04:24 | 000,156,160 | ---- | M] () -- C:\WINDOWS\msb.exe
[2010/02/25 11:04:08 | 000,020,000 | ---- | M] () -- C:\WINDOWS\System32\q1eiouzvo.dll
[2010/02/25 10:48:58 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\mpbsqlvv.sys
[2010/02/25 10:46:01 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\app_dll.dll
[2010/02/25 10:45:46 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\_VOIDwsmlkmppqd.dll
[2010/02/25 10:45:46 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\_VOIDndjmooaepm.dll
[2010/02/25 10:45:40 | 000,000,275 | ---- | M] () -- C:\WINDOWS\System32\_VOIDxxpmyniqjk.dat
[2010/02/25 10:45:37 | 000,042,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\_VOIDltfuwdpqnx.sys
[2010/02/25 10:45:37 | 000,028,160 | ---- | M] () -- C:\WINDOWS\System32\_VOIDdorccwgogh.dll
[2010/02/25 10:45:08 | 000,000,435 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\OyHjhn.bat
[2010/02/25 10:44:23 | 000,000,218 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2010/02/25 10:44:18 | 000,156,160 | ---- | M] () -- C:\WINDOWS\msa.exe.vir
[2010/02/25 10:44:17 | 000,182,784 | ---- | M] () -- C:\WINDOWS\System32\sshnas21.dll
[2010/02/25 10:44:02 | 000,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2010/02/25 10:43:56 | 000,020,000 | ---- | M] () -- C:\WINDOWS\System32\g1qtc3v0x.dll
[2010/02/25 10:43:53 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\wWrbOJ.exe
[2010/02/25 10:43:49 | 000,054,272 | RHS- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/22 16:40:32 | 000,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/22 16:40:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/22 16:40:32 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/02/22 16:19:10 | 000,507,392 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\iexplore.exe
[2010/02/22 13:44:00 | 000,016,244 | ---- | M] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/02/22 13:44:00 | 000,007,302 | ---- | M] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/02/22 13:44:00 | 000,007,148 | ---- | M] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/02/22 13:44:00 | 000,006,282 | ---- | M] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/02/22 12:42:05 | 000,002,900 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/22 11:54:54 | 000,052,984 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/22 11:47:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\ntuser.ini
[2010/02/22 11:47:44 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings\Application Data\IconCache.db
[2010/02/21 19:46:38 | 000,052,984 | ---- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/21 19:15:11 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\kerojade.dll
[2010/02/20 11:54:50 | 000,070,656 | -HS- | M] () -- C:\WINDOWS\System32\zilolowa.dll
[2010/02/20 11:54:49 | 000,045,568 | -HS- | M] () -- C:\WINDOWS\System32\jefosodi.dll
[2010/02/20 11:54:47 | 000,002,713 | -HS- | M] () -- C:\WINDOWS\System32\movezisa.dll
[2010/02/20 11:54:26 | 000,002,713 | -HS- | M] () -- C:\WINDOWS\System32\nawodope.dll
[2010/02/20 11:50:40 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\app_dll.dll.181015.old
[2010/02/20 06:28:08 | 000,039,424 | ---- | M] () -- C:\WINDOWS\System32\titeyota.dll
[2010/02/18 08:31:01 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\app_dll.dll.234734.old
[2010/02/18 08:25:57 | 000,002,713 | -HS- | M] () -- C:\WINDOWS\System32\vebojefa.dll
[2010/02/18 08:25:57 | 000,002,713 | -HS- | M] () -- C:\WINDOWS\System32\sijureha.dll
[2010/02/15 20:09:05 | 000,000,266 | ---- | M] () -- C:\WINDOWS\edululefarizazo.dll
[2010/02/15 16:36:42 | 000,000,004 | ---- | M] () -- C:\Program Files\98384046.dat
[2010/02/14 20:18:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/14 20:18:56 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/02/14 13:16:48 | 000,000,004 | ---- | M] () -- C:\Program Files\1016125.dat
[2010/02/14 12:23:44 | 000,045,568 | -HS- | M] () -- C:\WINDOWS\System32\kezolape.dll
[2010/02/14 12:23:44 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\jijejamu.dll
[2010/02/14 12:23:08 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\app_dll.dll.192875.old
[2010/02/14 12:22:12 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\agrsmmsg .exe
[2010/02/14 12:18:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\winscent.exe
[2010/02/14 12:18:04 | 000,028,320 | ---- | M] () -- C:\WINDOWS\secureit.com
[2010/02/14 12:18:04 | 000,018,941 | ---- | M] () -- C:\WINDOWS\microsoftdefend.dll
[2010/02/14 12:17:49 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\nwiz .exe
[2010/02/14 12:17:46 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\agrsmmsg .exe
[2010/02/14 12:17:37 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\rundll32 .exe
[2010/02/14 12:17:29 | 000,043,008 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe.vir
[2010/02/14 12:17:29 | 000,043,008 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/02/14 12:17:29 | 000,043,008 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe
[2010/02/14 12:17:26 | 000,021,504 | ---- | M] () -- C:\WINDOWS\System32\onyc.ffo
[2010/02/14 12:17:21 | 000,020,000 | ---- | M] () -- C:\WINDOWS\System32\ffe3rh.dll.vir
[2010/02/14 12:16:53 | 000,093,696 | ---- | M] () -- C:\WINDOWS\dcnxk1360.exe
[2010/02/14 12:16:51 | 000,043,008 | ---- | M] () -- C:\WINDOWS\System32\smss32 .exe
[2010/02/14 12:16:51 | 000,020,000 | ---- | M] () -- C:\WINDOWS\System32\jl0nly035j.dll
[2010/02/14 12:16:31 | 000,069,697 | ---- | M] () -- C:\WINDOWS\usfp2133.exe
[2010/02/14 12:06:13 | 000,147,456 | ---- | M] (Info-ZIP) -- C:\WINDOWS\System32\vbzip10.dll
[2010/02/13 01:00:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Pieper.job
[2010/02/09 16:06:54 | 000,051,720 | ---- | M] () -- C:\WINDOWS\System32\susonuno.exe
[2010/02/01 16:33:09 | 000,225,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/31 17:02:58 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\dusazewa.dll.vir
[2099/01/01 12:00:00 | 000,093,696 | -HS- | C] () -- C:\WINDOWS\System32\toyigeru.dll
[2099/01/01 12:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\sugefeso.dll.vir
[2099/01/01 12:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\ramuzovi.dll.vir
[2099/01/01 12:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\lukopijo.dll.vir
[2099/01/01 12:00:00 | 000,051,720 | -HS- | C] () -- C:\WINDOWS\System32\fajutuse.exe
[2099/01/01 12:00:00 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\wezegaho.dll
[2099/01/01 12:00:00 | 000,040,960 | -HS- | C] () -- C:\WINDOWS\System32\parajami.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jinorije.dll
[2099/01/01 12:00:00 | 000,038,912 | -HS- | C] () -- C:\WINDOWS\System32\gabihiwo.dll
[2099/01/01 12:00:00 | 000,025,600 | -HS- | C] () -- C:\WINDOWS\System32\mewutimu.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\maravaku
[2010/03/02 09:22:20 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/03/02 09:22:20 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/03/02 09:22:20 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/03/02 09:22:20 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/03/02 09:22:20 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/03/02 09:22:20 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/03/02 09:22:20 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/03/02 09:22:20 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/03/02 09:22:20 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/03/02 09:22:20 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/03/02 09:22:20 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/03/02 09:22:20 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/03/02 09:22:20 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/03/02 09:22:20 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/03/02 09:22:20 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/02 09:22:20 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/03/02 09:22:20 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/03/01 15:58:58 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/02/25 20:07:01 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/02/25 13:11:47 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/02/25 13:11:47 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/02/25 13:11:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/02/25 13:11:47 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/02/25 11:16:13 | 000,014,153 | RHS- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .scr
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Video .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Pictures .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Passwords .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\New Folder .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Music .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Documents .lnk
[2010/02/25 11:15:57 | 000,000,126 | RHS- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\autorun.inf
[2010/02/25 11:11:47 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\svchost.bat
[2010/02/25 11:04:42 | 000,156,160 | ---- | C] () -- C:\WINDOWS\msb.exe
[2010/02/25 11:04:08 | 000,020,000 | ---- | C] () -- C:\WINDOWS\System32\q1eiouzvo.dll
[2010/02/25 10:45:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\_VOIDndjmooaepm.dll
[2010/02/25 10:45:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\_VOIDwsmlkmppqd.dll
[2010/02/25 10:45:37 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\_VOIDltfuwdpqnx.sys
[2010/02/25 10:45:37 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\_VOIDdorccwgogh.dll
[2010/02/25 10:45:37 | 000,000,275 | ---- | C] () -- C:\WINDOWS\System32\_VOIDxxpmyniqjk.dat
[2010/02/25 10:45:04 | 000,000,435 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\OyHjhn.bat
[2010/02/25 10:44:54 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\mpbsqlvv.sys
[2010/02/25 10:44:48 | 000,156,160 | ---- | C] () -- C:\WINDOWS\msa.exe.vir
[2010/02/25 10:44:33 | 000,000,302 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/02/25 10:44:29 | 000,000,242 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/02/25 10:44:17 | 000,182,784 | ---- | C] () -- C:\WINDOWS\System32\sshnas21.dll
[2010/02/25 10:43:56 | 000,020,000 | ---- | C] () -- C:\WINDOWS\System32\g1qtc3v0x.dll
[2010/02/25 10:43:53 | 000,222,208 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\wWrbOJ.exe
[2010/02/25 10:43:48 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex.exe
[2010/02/25 10:43:48 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/25 10:43:48 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/25 10:43:48 | 000,054,272 | RHS- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/25 10:43:48 | 000,014,153 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe.vir
[2010/02/22 13:53:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\Bcbsmp50.bpl
[2010/02/22 13:44:00 | 000,016,244 | ---- | C] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/02/22 13:44:00 | 000,007,302 | ---- | C] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/02/22 13:44:00 | 000,007,148 | ---- | C] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/02/22 13:44:00 | 000,006,282 | ---- | C] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/02/22 12:39:44 | 000,002,900 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/22 12:39:14 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/02/22 12:39:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/02/22 12:39:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/02/21 19:33:57 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator.LULUBELL\ntuser.ini
[2010/02/21 19:33:55 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator.LULUBELL\NTUSER.DAT
[2010/02/21 19:15:11 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kerojade.dll
[2010/02/20 11:54:50 | 000,070,656 | -HS- | C] () -- C:\WINDOWS\System32\zilolowa.dll
[2010/02/20 11:54:49 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\jefosodi.dll
[2010/02/20 11:54:47 | 000,002,713 | -HS- | C] () -- C:\WINDOWS\System32\movezisa.dll
[2010/02/20 11:54:26 | 000,002,713 | -HS- | C] () -- C:\WINDOWS\System32\nawodope.dll
[2010/02/20 06:28:08 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\titeyota.dll
[2010/02/18 08:25:57 | 000,002,713 | -HS- | C] () -- C:\WINDOWS\System32\vebojefa.dll
[2010/02/18 08:25:57 | 000,002,713 | -HS- | C] () -- C:\WINDOWS\System32\sijureha.dll
[2010/02/15 20:08:57 | 000,000,266 | ---- | C] () -- C:\WINDOWS\edululefarizazo.dll
[2010/02/15 16:36:42 | 000,000,004 | ---- | C] () -- C:\Program Files\98384046.dat
[2010/02/14 20:18:56 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/02/14 20:18:56 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/02/14 13:16:48 | 000,000,004 | ---- | C] () -- C:\Program Files\1016125.dat
[2010/02/14 12:23:44 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\kezolape.dll
[2010/02/14 12:23:44 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jijejamu.dll
[2010/02/14 12:23:08 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\app_dll.dll.234734.old
[2010/02/14 12:23:08 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\app_dll.dll.192875.old
[2010/02/14 12:23:08 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\app_dll.dll.181015.old
[2010/02/14 12:23:08 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\app_dll.dll
[2010/02/14 12:22:36 | 000,000,218 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2010/02/14 12:22:36 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2010/02/14 12:22:12 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\agrsmmsg.exe
[2010/02/14 12:22:12 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\agrsmmsg .exe
[2010/02/14 12:18:06 | 001,489,408 | ---- | C] () -- C:\WINDOWS\System32\IS15.exe
[2010/02/14 12:18:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
[2010/02/14 12:18:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\winscent.exe
[2010/02/14 12:18:04 | 000,028,320 | ---- | C] () -- C:\WINDOWS\secureit.com
[2010/02/14 12:18:04 | 000,018,941 | ---- | C] () -- C:\WINDOWS\microsoftdefend.dll
[2010/02/14 12:17:49 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\nwiz.exe
[2010/02/14 12:17:49 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\nwiz .exe
[2010/02/14 12:17:46 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\agrsmmsg.exe
[2010/02/14 12:17:46 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\agrsmmsg .exe
[2010/02/14 12:17:37 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\rundll32.exe
[2010/02/14 12:17:37 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\rundll32 .exe
[2010/02/14 12:17:21 | 000,020,000 | ---- | C] () -- C:\WINDOWS\System32\ffe3rh.dll.vir
[2010/02/14 12:17:16 | 000,003,310 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/02/14 12:17:03 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe.vir
[2010/02/14 12:17:02 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\smss32.exe
[2010/02/14 12:17:02 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\smss32 .exe
[2010/02/14 12:16:56 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\onyc.ffo
[2010/02/14 12:16:53 | 000,093,696 | ---- | C] () -- C:\WINDOWS\dcnxk1360.exe
[2010/02/14 12:16:51 | 000,020,000 | ---- | C] () -- C:\WINDOWS\System32\jl0nly035j.dll
[2010/02/14 12:16:31 | 000,069,697 | ---- | C] () -- C:\WINDOWS\usfp2133.exe
[2010/02/14 12:02:24 | 000,507,392 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\iexplore.exe
[2010/02/09 16:06:54 | 000,051,720 | ---- | C] () -- C:\WINDOWS\System32\susonuno.exe
[2010/01/31 17:02:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/29 21:38:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/29 21:38:41 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/29 16:27:46 | 000,000,918 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/12/29 16:21:31 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/12/29 16:14:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/12/29 15:34:23 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/10 12:15:15 | 000,282,660 | ---- | C] () -- C:\WINDOWS\Fonts\Setup.exe
[2007/01/10 12:15:15 | 000,282,659 | -HS- | C] () -- C:\WINDOWS\Fonts\svchost .exe
[2004/08/04 07:00:00 | 000,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2004/08/04 07:00:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\wmcog32.dll
[2004/08/04 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 07:00:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\mshlps.dll
[2004/08/04 07:00:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\kbdsock.dll
[2004/08/04 07:00:00 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\membus.sys
[2004/01/09 06:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2010/02/25 19:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\FrostWire
[2010/02/25 19:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\LimeWire
[2010/02/25 13:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\Simply Super Software
[2009/12/29 20:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\Thinstall
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/02/28 21:00:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/02/25 22:00:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At73.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At74.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At75.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At76.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At77.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At78.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At79.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At80.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At81.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At82.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At83.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At84.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At85.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At86.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At87.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At88.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At89.job
[2010/02/25 20:08:39 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At90.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At91.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At92.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At93.job
[2010/02/28 21:00:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2010/02/25 22:00:35 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At95.job
[2010/02/25 21:29:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At96.job
[2010/01/18 23:58:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2010/02/28 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/02/28 21:05:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B4A5B783-8436-45C2-95EA-CB44AE0C7375}.job
[2010/03/01 16:12:44 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/03/01 16:12:44 | 000,000,302 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/02/25 21:00:03 | 000,095,360 | ---- | M] () MD5=AD3142BA248C630569C78673DEA2C266 -- C:\WINDOWS\system32\drivers\atapi.sys
[2010/02/25 21:00:03 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2009/12/29 15:37:02 | 000,471,040 | ---- | M] () MD5=B093B11802AB5C6546742E821C05F3B2 -- C:\WINDOWS\Sys\Explorer.exe

< MD5 for: NETLOGON.DLL >
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

< %SYSTEMDRIVE%\*.* >
[2008/10/04 18:16:03 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/22 16:40:32 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/10/04 18:16:03 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/02 09:17:48 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/04 18:16:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/10/04 18:16:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/12/29 16:23:22 | 000,013,678 | ---- | M] () -- C:\mszone.log
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 07:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/03/02 09:17:47 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/02/22 12:43:14 | 000,004,027 | ---- | M] () -- C:\rapport.txt
[2009/12/29 16:29:44 | 000,000,161 | ---- | M] () -- C:\sedinst.log
[2009/12/29 16:29:44 | 000,000,189 | ---- | M] () -- C:\sedinst2.log
[2009/12/29 16:26:24 | 000,000,169 | ---- | M] () -- C:\setup.log
[2009/12/29 16:30:55 | 000,019,724 | ---- | M] () -- C:\sunjava.log

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/12/29 07:50:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/29 07:50:55 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/12/29 07:50:55 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:22 AM

Posted 02 March 2010 - 11:58 AM

That is quite an infection.
  • Boot to the OTLPE CD
  • Please double-click OTLPE.exe to run it as you did before.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    QUOTE
    :OTL
    SRV - [2010/02/25 10:44:17 | 000,182,784 | ---- | M] () [Auto] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)
    SRV - [2004/08/04 07:00:00 | 000,053,248 | ---- | M] () [Auto] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
    DRV - [2004/08/04 07:00:00 | 000,002,304 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\membus.sys -- (membus)
    O4 - HKLM..\Run: [RRT-Auto] E:\RRT.exe File not found
    O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
    O4 - HKU\.DEFAULT..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\WINDOWS\Temp\win.exe ()
    O4 - HKU\.DEFAULT..\Run: [Remote System Protection] C:\WINDOWS\System32\ffe3rh.DLL File not found
    O4 - HKU\Administrator.LULUBELL_ON_C..\Run: [Remote System Protection] C:\WINDOWS\System32\ffe3rh.DLL File not found
    O4 - HKU\Administrator.LULUBELL_ON_C..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
    O4 - HKU\LASLEY_ON_C..\Run: [Remote System Protection] C:\WINDOWS\System32\ffe3rh.DLL File not found
    O4 - HKU\LASLEY_ON_C..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
    O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Temp\setup.exe ()
    O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
    O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [eventcreatexp.exe] C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Temp\eventcreatexp.exe ()
    O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [jccaex] C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex.exe ()
    O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [jccaex ] c:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe ()
    O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [RecordNow!] File not found
    O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
    O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [TOY5KNQ8OC] c:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Temp\cjd .exe ()
    O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] c:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Temp\xr6q6 .exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O20 - AppInit_DLLs: (app_dll.dll) - C:\WINDOWS\System32\app_dll.dll ()
    O36 - AppCertDlls: AppSecDll - (C:\WINDOWS\system32\mshlps.dll) - C:\WINDOWS\system32\mshlps.dll ()

    :files
    C:\WINDOWS\system32\winlogon32.exe ()
    C:\WINDOWS\*.tmp
    C:\WINDOWS\System32\*.tmp
    C:\WINDOWS\System32\dusazewa.dll.vir
    C:\WINDOWS\System32\toyigeru.dll
    C:\WINDOWS\System32\sugefeso.dll.vir
    C:\WINDOWS\System32\ramuzovi.dll.vir
    C:\WINDOWS\System32\lukopijo.dll.vir
    C:\WINDOWS\System32\fajutuse.exe
    C:\WINDOWS\System32\wezegaho.dll
    C:\WINDOWS\System32\parajami.dll
    C:\WINDOWS\System32\jinorije.dll
    C:\WINDOWS\System32\gabihiwo.dll
    C:\WINDOWS\System32\mewutimu.dll
    C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    C:\WINDOWS\tasks\At95.job
    C:\WINDOWS\tasks\At23.job
    C:\WINDOWS\tasks\At96.job
    C:\WINDOWS\tasks\At93.job
    C:\WINDOWS\tasks\At92.job
    C:\WINDOWS\tasks\At91.job
    C:\WINDOWS\tasks\At90.job
    C:\WINDOWS\tasks\At89.job
    C:\WINDOWS\tasks\At88.job
    C:\WINDOWS\tasks\At87.job
    C:\WINDOWS\tasks\At86.job
    C:\WINDOWS\tasks\At85.job
    C:\WINDOWS\tasks\At84.job
    C:\WINDOWS\tasks\At83.job
    C:\WINDOWS\tasks\At82.job
    C:\WINDOWS\tasks\At81.job
    C:\WINDOWS\tasks\At80.job
    C:\WINDOWS\tasks\At79.job
    C:\WINDOWS\tasks\At78.job
    C:\WINDOWS\tasks\At77.job
    C:\WINDOWS\tasks\At76.job
    C:\WINDOWS\tasks\At75.job
    C:\WINDOWS\tasks\At74.job
    C:\WINDOWS\tasks\At73.job
    C:\WINDOWS\tasks\At9.job
    C:\WINDOWS\tasks\At8.job
    C:\WINDOWS\tasks\At7.job
    C:\WINDOWS\tasks\At6.job
    C:\WINDOWS\tasks\At5.job
    C:\WINDOWS\tasks\At4.job
    C:\WINDOWS\tasks\At3.job
    C:\WINDOWS\tasks\At24.job
    C:\WINDOWS\tasks\At21.job
    C:\WINDOWS\tasks\At20.job
    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\tasks\At19.job
    C:\WINDOWS\tasks\At18.job
    C:\WINDOWS\tasks\At17.job
    C:\WINDOWS\tasks\At16.job
    C:\WINDOWS\tasks\At15.job
    C:\WINDOWS\tasks\At14.job
    C:\WINDOWS\tasks\At13.job
    C:\WINDOWS\tasks\At12.job
    C:\WINDOWS\tasks\At11.job
    C:\WINDOWS\tasks\At10.job
    C:\WINDOWS\tasks\At1.job
    C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
    C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex.exe
    C:\WINDOWS\System32\IS15.exe
    C:\WINDOWS\System32\helper32.dll
    C:\WINDOWS\System32\warning.html
    C:\WINDOWS\System32\maravaku
    C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .scr
    C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe.vir
    C:\Documents and Settings\Pieper.PIEPER-5859368D\Video .lnk
    C:\Documents and Settings\Pieper.PIEPER-5859368D\Pictures .lnk
    C:\Documents and Settings\Pieper.PIEPER-5859368D\Passwords .lnk
    C:\Documents and Settings\Pieper.PIEPER-5859368D\New Folder .lnk
    C:\Documents and Settings\Pieper.PIEPER-5859368D\Music .lnk
    C:\Documents and Settings\Pieper.PIEPER-5859368D\Documents .lnk
    C:\Documents and Settings\Pieper.PIEPER-5859368D\autorun.inf
    C:\WINDOWS\System32\svchost.bat
    C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
    C:\WINDOWS\msb.exe
    C:\WINDOWS\System32\q1eiouzvo.dll
    C:\WINDOWS\System32\drivers\mpbsqlvv.sys
    C:\WINDOWS\System32\app_dll.dll
    C:\WINDOWS\System32\_VOIDwsmlkmppqd.dll
    C:\WINDOWS\System32\_VOIDndjmooaepm.dll
    C:\WINDOWS\System32\_VOIDxxpmyniqjk.dat
    C:\WINDOWS\System32\drivers\_VOIDltfuwdpqnx.sys
    C:\WINDOWS\System32\_VOIDdorccwgogh.dll
    C:\Documents and Settings\Pieper.PIEPER-5859368D\OyHjhn.bat
    C:\WINDOWS\System32\uses32.dat
    C:\WINDOWS\msa.exe.vir
    C:\WINDOWS\System32\sshnas21.dll
    C:\WINDOWS\System32\flags.ini
    C:\WINDOWS\System32\g1qtc3v0x.dll
    C:\Documents and Settings\Pieper.PIEPER-5859368D\wWrbOJ.exe
    C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
    C:\WINDOWS\System32\zilolowa.dll
    C:\WINDOWS\System32\jefosodi.dll
    C:\WINDOWS\System32\movezisa.dll
    C:\WINDOWS\System32\nawodope.dll
    C:\WINDOWS\System32\app_dll.dll.181015.old
    C:\WINDOWS\System32\titeyota.dll
    C:\WINDOWS\System32\app_dll.dll.234734.old
    C:\WINDOWS\System32\vebojefa.dll
    C:\WINDOWS\System32\sijureha.dll
    C:\WINDOWS\edululefarizazo.dll
    C:\Program Files\98384046.dat
    C:\Program Files\1016125.dat
    C:\WINDOWS\System32\kezolape.dll
    C:\WINDOWS\System32\jijejamu.dll
    C:\WINDOWS\System32\app_dll.dll.192875.old
    C:\WINDOWS\System32\winscent.exe
    C:\WINDOWS\secureit.com
    C:\WINDOWS\microsoftdefend.dll
    C:\Documents and Settings\Pieper.PIEPER-5859368D\nwiz .exe
    C:\Documents and Settings\Pieper.PIEPER-5859368D\agrsmmsg .exe
    C:\Documents and Settings\Pieper.PIEPER-5859368D\rundll32 .exe
    C:\WINDOWS\System32\winlogon32.exe.vir
    C:\WINDOWS\System32\winlogon32.exe
    C:\WINDOWS\System32\smss32.exe
    C:\WINDOWS\System32\onyc.ffo
    C:\WINDOWS\System32\ffe3rh.dll.vir
    C:\WINDOWS\dcnxk1360.exe
    C:\WINDOWS\System32\smss32 .exe
    C:\WINDOWS\System32\jl0nly035j.dll
    C:\WINDOWS\usfp2133.exe
    C:\WINDOWS\System32\susonuno.exe
    C:\WINDOWS\system32\membus.sys
    C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\system32\dllcache\atapi.sys /replace
    C:\rapport.txt
    C:\sedinst.log
    C:\sedinst2.log
    C:\setup.log
    C:\sunjava.log
    C:\WINDOWS\Sys\Explorer.exe

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

Restart the computer back to the OTLPE CD.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Registry to All
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:08:22 AM

Posted 02 March 2010 - 05:06 PM

========== OTL ==========
Service\Driver key SSHNAS not found.
File C:\WINDOWS\system32\sshnas21.dll not found.
Service\Driver key 6to4 not found.
File C:\WINDOWS\system32\6to4v32.dll not found.
Service\Driver key membus not found.
File C:\WINDOWS\system32\membus.sys not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RRT-Auto not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe not found.
File C:\WINDOWS\system32\smss32.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\asg984jgkfmgasi8ug98jgkfgfb not found.
File C:\WINDOWS\Temp\win.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Remote System Protection not found.
Registry value HKEY_USERS\Administrator.LULUBELL_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Remote System Protection not found.
Registry value HKEY_USERS\Administrator.LULUBELL_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe not found.
File C:\WINDOWS\system32\smss32.exe not found.
Registry value HKEY_USERS\LASLEY_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Remote System Protection not found.
Registry value HKEY_USERS\LASLEY_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe not found.
File C:\WINDOWS\system32\smss32.exe not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\asg984jgkfmgasi8ug98jgkfgfb not found.
File C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Temp\setup.exe not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\eventcreatexp.exe not found.
File C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Temp\eventcreatexp.exe not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\jccaex not found.
File C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex.exe not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\jccaex not found.
File c:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\RecordNow! not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe not found.
File C:\WINDOWS\system32\smss32.exe not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\TOY5KNQ8OC not found.
File c:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Temp\cjd .exe not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\uishf9wuifwuh387fh3wufinhjfdwefe not found.
File c:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Temp\xr6q6 .exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_USERS\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop not found.
Registry value HKEY_USERS\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_USERS\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_USERS\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop not found.
Registry value HKEY_USERS\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_USERS\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_USERS\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:app_dll.dll deleted successfully.
File C:\WINDOWS\System32\app_dll.dll not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\AppCertDlls\\AppSecDll:C:\WINDOWS\system32\mshlps.dll deleted successfully.
File C:\WINDOWS\system32\mshlps.dll not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\winlogon32.exe () not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\System32\dusazewa.dll.vir not found.
File\Folder C:\WINDOWS\System32\toyigeru.dll not found.
File\Folder C:\WINDOWS\System32\sugefeso.dll.vir not found.
File\Folder C:\WINDOWS\System32\ramuzovi.dll.vir not found.
File\Folder C:\WINDOWS\System32\lukopijo.dll.vir not found.
File\Folder C:\WINDOWS\System32\fajutuse.exe not found.
File\Folder C:\WINDOWS\System32\wezegaho.dll not found.
File\Folder C:\WINDOWS\System32\parajami.dll not found.
File\Folder C:\WINDOWS\System32\jinorije.dll not found.
File\Folder C:\WINDOWS\System32\gabihiwo.dll not found.
File\Folder C:\WINDOWS\System32\mewutimu.dll not found.
File\Folder C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job not found.
File\Folder C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
File\Folder C:\WINDOWS\tasks\At95.job not found.
File\Folder C:\WINDOWS\tasks\At23.job not found.
File\Folder C:\WINDOWS\tasks\At96.job not found.
File\Folder C:\WINDOWS\tasks\At93.job not found.
File\Folder C:\WINDOWS\tasks\At92.job not found.
File\Folder C:\WINDOWS\tasks\At91.job not found.
File\Folder C:\WINDOWS\tasks\At90.job not found.
File\Folder C:\WINDOWS\tasks\At89.job not found.
File\Folder C:\WINDOWS\tasks\At88.job not found.
File\Folder C:\WINDOWS\tasks\At87.job not found.
File\Folder C:\WINDOWS\tasks\At86.job not found.
File\Folder C:\WINDOWS\tasks\At85.job not found.
File\Folder C:\WINDOWS\tasks\At84.job not found.
File\Folder C:\WINDOWS\tasks\At83.job not found.
File\Folder C:\WINDOWS\tasks\At82.job not found.
File\Folder C:\WINDOWS\tasks\At81.job not found.
File\Folder C:\WINDOWS\tasks\At80.job not found.
File\Folder C:\WINDOWS\tasks\At79.job not found.
File\Folder C:\WINDOWS\tasks\At78.job not found.
File\Folder C:\WINDOWS\tasks\At77.job not found.
File\Folder C:\WINDOWS\tasks\At76.job not found.
File\Folder C:\WINDOWS\tasks\At75.job not found.
File\Folder C:\WINDOWS\tasks\At74.job not found.
File\Folder C:\WINDOWS\tasks\At73.job not found.
File\Folder C:\WINDOWS\tasks\At9.job not found.
File\Folder C:\WINDOWS\tasks\At8.job not found.
File\Folder C:\WINDOWS\tasks\At7.job not found.
File\Folder C:\WINDOWS\tasks\At6.job not found.
File\Folder C:\WINDOWS\tasks\At5.job not found.
File\Folder C:\WINDOWS\tasks\At4.job not found.
File\Folder C:\WINDOWS\tasks\At3.job not found.
File\Folder C:\WINDOWS\tasks\At24.job not found.
File\Folder C:\WINDOWS\tasks\At21.job not found.
File\Folder C:\WINDOWS\tasks\At20.job not found.
File\Folder C:\WINDOWS\tasks\At2.job not found.
File\Folder C:\WINDOWS\tasks\At19.job not found.
File\Folder C:\WINDOWS\tasks\At18.job not found.
File\Folder C:\WINDOWS\tasks\At17.job not found.
File\Folder C:\WINDOWS\tasks\At16.job not found.
File\Folder C:\WINDOWS\tasks\At15.job not found.
File\Folder C:\WINDOWS\tasks\At14.job not found.
File\Folder C:\WINDOWS\tasks\At13.job not found.
File\Folder C:\WINDOWS\tasks\At12.job not found.
File\Folder C:\WINDOWS\tasks\At11.job not found.
File\Folder C:\WINDOWS\tasks\At10.job not found.
File\Folder C:\WINDOWS\tasks\At1.job not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex.exe not found.
File\Folder C:\WINDOWS\System32\IS15.exe not found.
File\Folder C:\WINDOWS\System32\helper32.dll not found.
File\Folder C:\WINDOWS\System32\warning.html not found.
File\Folder C:\WINDOWS\System32\maravaku not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .scr not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe.vir not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\Video .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\Pictures .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\Passwords .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\New Folder .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\Music .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\Documents .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\autorun.inf not found.
File\Folder C:\WINDOWS\System32\svchost.bat not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe not found.
File\Folder C:\WINDOWS\msb.exe not found.
File\Folder C:\WINDOWS\System32\q1eiouzvo.dll not found.
File\Folder C:\WINDOWS\System32\drivers\mpbsqlvv.sys not found.
File\Folder C:\WINDOWS\System32\app_dll.dll not found.
File\Folder C:\WINDOWS\System32\_VOIDwsmlkmppqd.dll not found.
File\Folder C:\WINDOWS\System32\_VOIDndjmooaepm.dll not found.
File\Folder C:\WINDOWS\System32\_VOIDxxpmyniqjk.dat not found.
File\Folder C:\WINDOWS\System32\drivers\_VOIDltfuwdpqnx.sys not found.
File\Folder C:\WINDOWS\System32\_VOIDdorccwgogh.dll not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\OyHjhn.bat not found.
File\Folder C:\WINDOWS\System32\uses32.dat not found.
File\Folder C:\WINDOWS\msa.exe.vir not found.
File\Folder C:\WINDOWS\System32\sshnas21.dll not found.
File\Folder C:\WINDOWS\System32\flags.ini not found.
File\Folder C:\WINDOWS\System32\g1qtc3v0x.dll not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\wWrbOJ.exe not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe not found.
File\Folder C:\WINDOWS\System32\zilolowa.dll not found.
File\Folder C:\WINDOWS\System32\jefosodi.dll not found.
File\Folder C:\WINDOWS\System32\movezisa.dll not found.
File\Folder C:\WINDOWS\System32\nawodope.dll not found.
File\Folder C:\WINDOWS\System32\app_dll.dll.181015.old not found.
File\Folder C:\WINDOWS\System32\titeyota.dll not found.
File\Folder C:\WINDOWS\System32\app_dll.dll.234734.old not found.
File\Folder C:\WINDOWS\System32\vebojefa.dll not found.
File\Folder C:\WINDOWS\System32\sijureha.dll not found.
File\Folder C:\WINDOWS\edululefarizazo.dll not found.
File\Folder C:\Program Files\98384046.dat not found.
File\Folder C:\Program Files\1016125.dat not found.
File\Folder C:\WINDOWS\System32\kezolape.dll not found.
File\Folder C:\WINDOWS\System32\jijejamu.dll not found.
File\Folder C:\WINDOWS\System32\app_dll.dll.192875.old not found.
File\Folder C:\WINDOWS\System32\winscent.exe not found.
File\Folder C:\WINDOWS\secureit.com not found.
File\Folder C:\WINDOWS\microsoftdefend.dll not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\nwiz .exe not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\agrsmmsg .exe not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\rundll32 .exe not found.
File\Folder C:\WINDOWS\System32\winlogon32.exe.vir not found.
File\Folder C:\WINDOWS\System32\winlogon32.exe not found.
File\Folder C:\WINDOWS\System32\smss32.exe not found.
File\Folder C:\WINDOWS\System32\onyc.ffo not found.
File\Folder C:\WINDOWS\System32\ffe3rh.dll.vir not found.
File\Folder C:\WINDOWS\dcnxk1360.exe not found.
File\Folder C:\WINDOWS\System32\smss32 .exe not found.
File\Folder C:\WINDOWS\System32\jl0nly035j.dll not found.
File\Folder C:\WINDOWS\usfp2133.exe not found.
File\Folder C:\WINDOWS\System32\susonuno.exe not found.
File\Folder C:\WINDOWS\system32\membus.sys not found.
File C:\WINDOWS\system32\drivers\atapi.sys successfully replaced with C:\WINDOWS\system32\dllcache\atapi.sys
File\Folder C:\rapport.txt not found.
File\Folder C:\sedinst.log not found.
File\Folder C:\sedinst2.log not found.
File\Folder C:\setup.log not found.
File\Folder C:\sunjava.log not found.
File\Folder C:\WINDOWS\Sys\Explorer.exe not found.

OTLPE by OldTimer - Version 3.1.30.3 log created on 03022010_165701


#8 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:08:22 AM

Posted 02 March 2010 - 05:20 PM

========== OTL ==========
Service\Driver key SSHNAS not found.
File C:\WINDOWS\system32\sshnas21.dll not found.
Service\Driver key 6to4 not found.
File C:\WINDOWS\system32\6to4v32.dll not found.
Service\Driver key membus not found.
File C:\WINDOWS\system32\membus.sys not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RRT-Auto not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe not found.
File C:\WINDOWS\system32\smss32.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\asg984jgkfmgasi8ug98jgkfgfb not found.
File C:\WINDOWS\Temp\win.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Remote System Protection not found.
Registry value HKEY_USERS\Administrator.LULUBELL_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Remote System Protection not found.
Registry value HKEY_USERS\Administrator.LULUBELL_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe not found.
File C:\WINDOWS\system32\smss32.exe not found.
Registry value HKEY_USERS\LASLEY_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Remote System Protection not found.
Registry value HKEY_USERS\LASLEY_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe not found.
File C:\WINDOWS\system32\smss32.exe not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\asg984jgkfmgasi8ug98jgkfgfb not found.
File C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Temp\setup.exe not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\eventcreatexp.exe not found.
File C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Temp\eventcreatexp.exe not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\jccaex not found.
File C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex.exe not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\jccaex not found.
File c:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\RecordNow! not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe not found.
File C:\WINDOWS\system32\smss32.exe not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\TOY5KNQ8OC not found.
File c:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Temp\cjd .exe not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\uishf9wuifwuh387fh3wufinhjfdwefe not found.
File c:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Temp\xr6q6 .exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_USERS\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop not found.
Registry value HKEY_USERS\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_USERS\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_USERS\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop not found.
Registry value HKEY_USERS\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_USERS\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_USERS\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_USERS\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:app_dll.dll deleted successfully.
File C:\WINDOWS\System32\app_dll.dll not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\AppCertDlls\\AppSecDll:C:\WINDOWS\system32\mshlps.dll deleted successfully.
File C:\WINDOWS\system32\mshlps.dll not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\winlogon32.exe () not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\System32\dusazewa.dll.vir not found.
File\Folder C:\WINDOWS\System32\toyigeru.dll not found.
File\Folder C:\WINDOWS\System32\sugefeso.dll.vir not found.
File\Folder C:\WINDOWS\System32\ramuzovi.dll.vir not found.
File\Folder C:\WINDOWS\System32\lukopijo.dll.vir not found.
File\Folder C:\WINDOWS\System32\fajutuse.exe not found.
File\Folder C:\WINDOWS\System32\wezegaho.dll not found.
File\Folder C:\WINDOWS\System32\parajami.dll not found.
File\Folder C:\WINDOWS\System32\jinorije.dll not found.
File\Folder C:\WINDOWS\System32\gabihiwo.dll not found.
File\Folder C:\WINDOWS\System32\mewutimu.dll not found.
File\Folder C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job not found.
File\Folder C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
File\Folder C:\WINDOWS\tasks\At95.job not found.
File\Folder C:\WINDOWS\tasks\At23.job not found.
File\Folder C:\WINDOWS\tasks\At96.job not found.
File\Folder C:\WINDOWS\tasks\At93.job not found.
File\Folder C:\WINDOWS\tasks\At92.job not found.
File\Folder C:\WINDOWS\tasks\At91.job not found.
File\Folder C:\WINDOWS\tasks\At90.job not found.
File\Folder C:\WINDOWS\tasks\At89.job not found.
File\Folder C:\WINDOWS\tasks\At88.job not found.
File\Folder C:\WINDOWS\tasks\At87.job not found.
File\Folder C:\WINDOWS\tasks\At86.job not found.
File\Folder C:\WINDOWS\tasks\At85.job not found.
File\Folder C:\WINDOWS\tasks\At84.job not found.
File\Folder C:\WINDOWS\tasks\At83.job not found.
File\Folder C:\WINDOWS\tasks\At82.job not found.
File\Folder C:\WINDOWS\tasks\At81.job not found.
File\Folder C:\WINDOWS\tasks\At80.job not found.
File\Folder C:\WINDOWS\tasks\At79.job not found.
File\Folder C:\WINDOWS\tasks\At78.job not found.
File\Folder C:\WINDOWS\tasks\At77.job not found.
File\Folder C:\WINDOWS\tasks\At76.job not found.
File\Folder C:\WINDOWS\tasks\At75.job not found.
File\Folder C:\WINDOWS\tasks\At74.job not found.
File\Folder C:\WINDOWS\tasks\At73.job not found.
File\Folder C:\WINDOWS\tasks\At9.job not found.
File\Folder C:\WINDOWS\tasks\At8.job not found.
File\Folder C:\WINDOWS\tasks\At7.job not found.
File\Folder C:\WINDOWS\tasks\At6.job not found.
File\Folder C:\WINDOWS\tasks\At5.job not found.
File\Folder C:\WINDOWS\tasks\At4.job not found.
File\Folder C:\WINDOWS\tasks\At3.job not found.
File\Folder C:\WINDOWS\tasks\At24.job not found.
File\Folder C:\WINDOWS\tasks\At21.job not found.
File\Folder C:\WINDOWS\tasks\At20.job not found.
File\Folder C:\WINDOWS\tasks\At2.job not found.
File\Folder C:\WINDOWS\tasks\At19.job not found.
File\Folder C:\WINDOWS\tasks\At18.job not found.
File\Folder C:\WINDOWS\tasks\At17.job not found.
File\Folder C:\WINDOWS\tasks\At16.job not found.
File\Folder C:\WINDOWS\tasks\At15.job not found.
File\Folder C:\WINDOWS\tasks\At14.job not found.
File\Folder C:\WINDOWS\tasks\At13.job not found.
File\Folder C:\WINDOWS\tasks\At12.job not found.
File\Folder C:\WINDOWS\tasks\At11.job not found.
File\Folder C:\WINDOWS\tasks\At10.job not found.
File\Folder C:\WINDOWS\tasks\At1.job not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex.exe not found.
File\Folder C:\WINDOWS\System32\IS15.exe not found.
File\Folder C:\WINDOWS\System32\helper32.dll not found.
File\Folder C:\WINDOWS\System32\warning.html not found.
File\Folder C:\WINDOWS\System32\maravaku not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .scr not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe.vir not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\Video .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\Pictures .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\Passwords .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\New Folder .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\Music .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\Documents .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\autorun.inf not found.
File\Folder C:\WINDOWS\System32\svchost.bat not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe not found.
File\Folder C:\WINDOWS\msb.exe not found.
File\Folder C:\WINDOWS\System32\q1eiouzvo.dll not found.
File\Folder C:\WINDOWS\System32\drivers\mpbsqlvv.sys not found.
File\Folder C:\WINDOWS\System32\app_dll.dll not found.
File\Folder C:\WINDOWS\System32\_VOIDwsmlkmppqd.dll not found.
File\Folder C:\WINDOWS\System32\_VOIDndjmooaepm.dll not found.
File\Folder C:\WINDOWS\System32\_VOIDxxpmyniqjk.dat not found.
File\Folder C:\WINDOWS\System32\drivers\_VOIDltfuwdpqnx.sys not found.
File\Folder C:\WINDOWS\System32\_VOIDdorccwgogh.dll not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\OyHjhn.bat not found.
File\Folder C:\WINDOWS\System32\uses32.dat not found.
File\Folder C:\WINDOWS\msa.exe.vir not found.
File\Folder C:\WINDOWS\System32\sshnas21.dll not found.
File\Folder C:\WINDOWS\System32\flags.ini not found.
File\Folder C:\WINDOWS\System32\g1qtc3v0x.dll not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\wWrbOJ.exe not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe not found.
File\Folder C:\WINDOWS\System32\zilolowa.dll not found.
File\Folder C:\WINDOWS\System32\jefosodi.dll not found.
File\Folder C:\WINDOWS\System32\movezisa.dll not found.
File\Folder C:\WINDOWS\System32\nawodope.dll not found.
File\Folder C:\WINDOWS\System32\app_dll.dll.181015.old not found.
File\Folder C:\WINDOWS\System32\titeyota.dll not found.
File\Folder C:\WINDOWS\System32\app_dll.dll.234734.old not found.
File\Folder C:\WINDOWS\System32\vebojefa.dll not found.
File\Folder C:\WINDOWS\System32\sijureha.dll not found.
File\Folder C:\WINDOWS\edululefarizazo.dll not found.
File\Folder C:\Program Files\98384046.dat not found.
File\Folder C:\Program Files\1016125.dat not found.
File\Folder C:\WINDOWS\System32\kezolape.dll not found.
File\Folder C:\WINDOWS\System32\jijejamu.dll not found.
File\Folder C:\WINDOWS\System32\app_dll.dll.192875.old not found.
File\Folder C:\WINDOWS\System32\winscent.exe not found.
File\Folder C:\WINDOWS\secureit.com not found.
File\Folder C:\WINDOWS\microsoftdefend.dll not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\nwiz .exe not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\agrsmmsg .exe not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\rundll32 .exe not found.
File\Folder C:\WINDOWS\System32\winlogon32.exe.vir not found.
File\Folder C:\WINDOWS\System32\winlogon32.exe not found.
File\Folder C:\WINDOWS\System32\smss32.exe not found.
File\Folder C:\WINDOWS\System32\onyc.ffo not found.
File\Folder C:\WINDOWS\System32\ffe3rh.dll.vir not found.
File\Folder C:\WINDOWS\dcnxk1360.exe not found.
File\Folder C:\WINDOWS\System32\smss32 .exe not found.
File\Folder C:\WINDOWS\System32\jl0nly035j.dll not found.
File\Folder C:\WINDOWS\usfp2133.exe not found.
File\Folder C:\WINDOWS\System32\susonuno.exe not found.
File\Folder C:\WINDOWS\system32\membus.sys not found.
File C:\WINDOWS\system32\drivers\atapi.sys successfully replaced with C:\WINDOWS\system32\dllcache\atapi.sys
File\Folder C:\rapport.txt not found.
File\Folder C:\sedinst.log not found.
File\Folder C:\sedinst2.log not found.
File\Folder C:\setup.log not found.
File\Folder C:\sunjava.log not found.
File\Folder C:\WINDOWS\Sys\Explorer.exe not found.

OTLPE by OldTimer - Version 3.1.30.3 log created on 03022010_165701


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:22 AM

Posted 02 March 2010 - 06:00 PM

Did you run that fix twice? Run the second part of my request in Post 6.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:08:22 AM

Posted 02 March 2010 - 08:04 PM

I ran it, thought it posted up, but I'll go do that again. Sorry!
Thanks again for your time and knowledge....it's much appreciated.

#11 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:08:22 AM

Posted 02 March 2010 - 09:06 PM

OTL logfile created on: 3/2/2010 8:05:45 PM - Run
OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 325.00 Mb Available Physical Memory | 64.00% Memory free
459.00 Mb Paging File | 338.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 31.15 Gb Free Space | 55.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2010/01/29 17:03:42 | 000,135,664 | ---- | M] (Google Inc.) [Auto] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/30 10:02:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/29 22:43:39 | 000,182,768 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/08/05 17:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/07/27 14:25:24 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi)
SRV - [2004/04/07 14:22:00 | 000,073,728 | R--- | M] (NVIDIA Corporation) [Auto] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/02/20 19:19:38 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/02/25 21:00:03 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2004/08/04 13:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 07:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/04 07:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2004/08/04 07:00:00 | 000,451,456 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2004/08/04 07:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2004/08/04 07:00:00 | 000,336,256 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2004/08/04 07:00:00 | 000,263,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2004/08/04 07:00:00 | 000,209,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2004/08/04 07:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2004/08/04 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/04 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2004/08/04 07:00:00 | 000,176,512 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2004/08/04 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/04 07:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/04 07:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/04 07:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2004/08/04 07:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2004/08/04 07:00:00 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/04 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 07:00:00 | 000,124,800 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2004/08/04 07:00:00 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/04 07:00:00 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2004/08/04 07:00:00 | 000,092,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2004/08/04 07:00:00 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/04 07:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/04 07:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/04 07:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2004/08/04 07:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/04 07:00:00 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2004/08/04 07:00:00 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/04 07:00:00 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/04 07:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/04 07:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/04 07:00:00 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/04 07:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/04 07:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/04 07:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/04 07:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/04 07:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/04 07:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/04 07:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2004/08/04 07:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2004/08/04 07:00:00 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2004/08/04 07:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/04 07:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2004/08/04 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/04 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/04 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 07:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/04 07:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2004/08/04 07:00:00 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/04 07:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 07:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/04 07:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2004/08/04 07:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/04 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/04 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/04 07:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/04 07:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/04 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2004/08/04 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2004/08/04 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 07:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/04 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 07:00:00 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/04 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 07:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2004/08/04 07:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/04 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 07:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/04 07:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/04 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2004/08/04 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2004/08/04 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 07:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 07:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2004/08/04 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/08/04 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/04 01:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/03 23:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/03 23:15:06 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2004/08/03 23:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/03 23:08:48 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2004/08/03 23:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/03 23:07:50 | 000,171,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2004/08/03 23:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2004/08/03 23:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2004/08/03 22:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2004/08/03 22:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2004/08/03 22:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2004/08/03 22:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/03 22:58:34 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/03 22:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2004/08/03 18:07:42 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2004/08/03 18:07:40 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2004/08/03 17:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/05/08 10:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/04/14 08:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/04/07 14:22:00 | 001,382,634 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/04/05 17:42:36 | 000,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/02/01 18:22:00 | 000,100,384 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2004/01/30 10:01:40 | 001,205,292 | R--- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/13 16:40:28 | 000,612,032 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/12/02 09:27:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/10/23 10:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/07 22:40:00 | 000,094,601 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/08 19:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tiumflt.sys -- (DevUpper)
DRV - [2003/07/30 02:02:00 | 000,017,168 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2003/06/06 12:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/02/18 19:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2001/08/17 14:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 08:58:00 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.LULUBELL_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\LASLEY_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\LASLEY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.faceboo.com/
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Pieper.PIEPER-5859368D_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\Pieper.PIEPER-5859368D_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/25 19:29:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/02/22 12:41:59 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\System32\agrsmmsg.exe ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\apoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\cfd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe (Microsoft Corporation)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe ()
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] c:\program files\quicktime\qttask .exe (Microsoft Corporation)
O4 - HKLM..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\usrprmpt.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Microsoft Corporation)
O4 - HKU\Administrator.LULUBELL_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\LASLEY_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [jccaex ] c:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe ()
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\System32\winlogon32.exe File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\Pieper.PIEPER-5859368D_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\WINDOWS\Amber Migration.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/04 18:16:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/02 19:53:05 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/03/02 19:51:49 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/03/02 19:51:48 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/03/02 19:51:48 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/03/02 19:51:48 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/03/02 19:51:48 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/03/02 19:51:48 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/03/02 19:51:48 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/03/02 16:55:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/25 20:13:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/25 20:12:43 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/25 20:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/25 19:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Desktop\Unused Desktop Shortcuts
[2010/02/25 13:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\My Documents\Simply Super Software
[2010/02/25 13:11:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/02/25 13:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/02/25 13:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\Simply Super Software
[2010/02/22 16:37:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/22 13:53:56 | 000,248,832 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\vclx50.bpl
[2010/02/22 13:53:55 | 002,023,424 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\vcl50.bpl
[2010/02/22 13:53:55 | 001,873,920 | ---- | C] (Raize Software, Inc.) -- C:\WINDOWS\System32\Rz30Ctls50.bpl
[2010/02/22 13:53:54 | 001,496,064 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\cc3250mt.dll
[2010/02/22 13:53:54 | 000,025,600 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\BORLNDMM.DLL
[2010/02/22 13:04:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/22 12:39:14 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/02/22 12:39:14 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/02/22 12:39:14 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/02/22 12:39:14 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010/02/22 12:39:14 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/02/22 12:39:14 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/02/22 12:39:14 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/02/22 12:39:14 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010/02/21 19:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Application Data\Malwarebytes
[2010/02/21 19:34:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.LULUBELL\IETldCache
[2010/02/21 19:33:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.LULUBELL\Application Data\Microsoft
[2010/02/21 19:33:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\SendTo
[2010/02/21 19:33:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Application Data
[2010/02/21 19:33:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Start Menu
[2010/02/21 19:33:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.LULUBELL\Cookies
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Templates
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Recent
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\PrintHood
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\NetHood
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\My Documents
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings\Application Data\Microsoft
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Favorites
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Desktop
[2010/02/20 09:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LASLEY\Local Settings\Application Data\Yahoo
[2010/02/20 09:41:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LASLEY\PrivacIE
[2010/02/20 09:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LASLEY\Application Data\Yahoo!
[2010/02/20 09:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LASLEY\Application Data\Sonic
[2010/02/20 09:15:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
[2010/02/14 14:03:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\PrivacIE
[2010/02/14 14:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Yahoo
[2010/02/14 14:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Yahoo!
[2010/02/14 14:02:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
[2010/02/14 13:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\AdobeUM
[2010/02/14 13:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
[2010/02/14 13:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\My Documents\My eBooks
[2010/02/14 13:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\My Documents
[2010/02/14 13:04:47 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\PrivacIE
[2010/02/14 13:04:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
[2010/02/14 12:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
[2010/02/14 12:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2010/02/14 12:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\runit
[2010/02/14 12:06:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Fonts\'
[2010/02/14 12:06:13 | 000,147,456 | ---- | C] (Info-ZIP) -- C:\WINDOWS\System32\vbzip10.dll
[2010/02/13 21:19:04 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/02/09 19:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\Identities
[2010/02/02 20:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/01/31 21:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache

========== Files - Modified Within 30 Days ==========

[2010/03/02 20:03:00 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/02 19:56:12 | 000,001,452 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/03/02 17:32:46 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\NTUSER.DAT
[2010/03/02 17:32:46 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\LASLEY\NTUSER.DAT
[2010/03/02 17:32:46 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\NTUSER.DAT
[2010/03/02 09:18:43 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2010/03/02 09:18:43 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
[2010/03/02 09:18:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/02 09:18:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/02 09:17:48 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/01 16:12:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/01 15:59:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/28 21:05:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B4A5B783-8436-45C2-95EA-CB44AE0C7375}.job
[2010/02/28 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/02/28 21:00:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/02/28 21:00:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/02/28 20:53:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/26 21:51:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\LASLEY\ntuser.ini
[2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/25 22:30:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\ntuser.ini
[2010/02/25 22:08:45 | 002,945,566 | -H-- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\IconCache.db
[2010/02/25 21:00:03 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/02/25 20:08:34 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\hphmon05.exe
[2010/02/25 20:08:27 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\nwiz.exe
[2010/02/25 20:08:26 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\rundll32.exe
[2010/02/25 20:08:24 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\agrsmmsg.exe
[2010/02/25 20:08:23 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/25 19:11:44 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2010/02/25 19:11:43 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\agrsmmsg.exe
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Video .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Pictures .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Passwords .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\New Folder .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Music .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Documents .lnk
[2010/02/25 10:43:49 | 000,054,272 | RHS- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/22 16:40:32 | 000,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/22 16:40:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/22 16:40:32 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/02/22 16:19:10 | 000,507,392 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\iexplore.exe
[2010/02/22 13:44:00 | 000,016,244 | ---- | M] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/02/22 13:44:00 | 000,007,302 | ---- | M] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/02/22 13:44:00 | 000,007,148 | ---- | M] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/02/22 13:44:00 | 000,006,282 | ---- | M] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/02/22 12:42:05 | 000,002,900 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/22 11:54:54 | 000,052,984 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/22 11:47:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\ntuser.ini
[2010/02/22 11:47:44 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings\Application Data\IconCache.db
[2010/02/21 19:46:38 | 000,052,984 | ---- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/21 19:15:11 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\kerojade.dll
[2010/02/14 20:18:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/14 20:18:56 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/02/14 12:22:12 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\agrsmmsg .exe
[2010/02/14 12:06:13 | 000,147,456 | ---- | M] (Info-ZIP) -- C:\WINDOWS\System32\vbzip10.dll
[2010/02/13 01:00:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Pieper.job
[2010/02/01 16:33:09 | 000,225,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/03/02 19:51:49 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/03/02 19:51:49 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/03/02 19:51:49 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/03/02 19:51:49 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/03/02 19:51:49 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/03/02 19:51:49 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/03/02 19:51:49 | 000,001,452 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/03/02 19:51:49 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/03/02 19:51:49 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/03/02 19:51:49 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/03/02 19:51:49 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/03/02 19:51:49 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/03/02 19:51:49 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/03/02 19:51:49 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/03/02 19:51:49 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/02 19:51:49 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/03/02 19:51:49 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/03/01 15:58:58 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/02/25 13:11:47 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/02/25 13:11:47 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/02/25 13:11:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/02/25 13:11:47 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Video .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Pictures .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Passwords .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\New Folder .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Music .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Documents .lnk
[2010/02/25 10:43:48 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/25 10:43:48 | 000,054,272 | RHS- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/22 13:53:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\Bcbsmp50.bpl
[2010/02/22 13:44:00 | 000,016,244 | ---- | C] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/02/22 13:44:00 | 000,007,302 | ---- | C] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/02/22 13:44:00 | 000,007,148 | ---- | C] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/02/22 13:44:00 | 000,006,282 | ---- | C] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/02/22 12:39:44 | 000,002,900 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/22 12:39:14 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/02/22 12:39:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/02/22 12:39:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/02/21 19:33:57 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator.LULUBELL\ntuser.ini
[2010/02/21 19:33:55 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator.LULUBELL\NTUSER.DAT
[2010/02/21 19:15:11 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kerojade.dll
[2010/02/14 20:18:56 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/02/14 20:18:56 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/02/14 12:22:12 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\agrsmmsg.exe
[2010/02/14 12:22:12 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\agrsmmsg .exe
[2010/02/14 12:17:49 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\nwiz.exe
[2010/02/14 12:17:46 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\agrsmmsg.exe
[2010/02/14 12:17:37 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\rundll32.exe
[2010/02/14 12:02:24 | 000,507,392 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\iexplore.exe
[2010/01/31 17:02:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/29 21:38:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/29 21:38:41 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/29 16:27:46 | 000,000,918 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/12/29 16:21:31 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/12/29 16:14:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/12/29 15:34:23 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/10 12:15:15 | 000,282,660 | ---- | C] () -- C:\WINDOWS\Fonts\Setup.exe
[2007/01/10 12:15:15 | 000,282,659 | -HS- | C] () -- C:\WINDOWS\Fonts\svchost .exe
[2004/08/04 07:00:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\wmcog32.dll
[2004/08/04 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 07:00:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\kbdsock.dll
[2004/01/09 06:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2010/02/25 19:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\FrostWire
[2010/02/25 19:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\LimeWire
[2010/02/25 13:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\Simply Super Software
[2009/12/29 20:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\Thinstall
[2010/02/28 21:00:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/02/28 21:00:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2010/01/18 23:58:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2010/02/28 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/02/28 21:05:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B4A5B783-8436-45C2-95EA-CB44AE0C7375}.job

========== Purity Check ==========


< End of report >


OTL logfile created on: 3/2/2010 8:05:45 PM - Run
OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 325.00 Mb Available Physical Memory | 64.00% Memory free
459.00 Mb Paging File | 338.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 31.15 Gb Free Space | 55.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2010/01/29 17:03:42 | 000,135,664 | ---- | M] (Google Inc.) [Auto] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/30 10:02:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/29 22:43:39 | 000,182,768 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/08/05 17:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/07/27 14:25:24 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi)
SRV - [2004/04/07 14:22:00 | 000,073,728 | R--- | M] (NVIDIA Corporation) [Auto] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/02/20 19:19:38 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/02/25 21:00:03 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2004/08/04 13:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 07:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/04 07:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2004/08/04 07:00:00 | 000,451,456 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2004/08/04 07:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2004/08/04 07:00:00 | 000,336,256 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2004/08/04 07:00:00 | 000,263,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2004/08/04 07:00:00 | 000,209,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2004/08/04 07:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2004/08/04 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/04 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2004/08/04 07:00:00 | 000,176,512 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2004/08/04 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/04 07:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/04 07:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/04 07:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2004/08/04 07:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2004/08/04 07:00:00 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/04 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 07:00:00 | 000,124,800 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2004/08/04 07:00:00 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/04 07:00:00 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2004/08/04 07:00:00 | 000,092,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2004/08/04 07:00:00 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/04 07:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/04 07:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/04 07:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2004/08/04 07:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/04 07:00:00 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2004/08/04 07:00:00 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/04 07:00:00 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/04 07:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/04 07:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/04 07:00:00 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/04 07:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/04 07:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/04 07:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/04 07:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/04 07:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/04 07:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/04 07:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2004/08/04 07:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2004/08/04 07:00:00 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2004/08/04 07:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/04 07:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2004/08/04 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/04 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/04 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 07:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/04 07:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2004/08/04 07:00:00 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/04 07:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 07:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/04 07:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2004/08/04 07:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/04 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/04 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/04 07:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/04 07:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/04 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2004/08/04 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2004/08/04 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 07:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/04 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 07:00:00 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/04 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 07:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2004/08/04 07:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/04 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 07:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/04 07:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/04 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2004/08/04 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2004/08/04 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 07:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 07:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2004/08/04 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/08/04 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/04 01:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/03 23:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/03 23:15:06 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2004/08/03 23:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/03 23:08:48 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2004/08/03 23:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/03 23:07:50 | 000,171,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2004/08/03 23:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2004/08/03 23:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2004/08/03 22:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2004/08/03 22:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2004/08/03 22:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2004/08/03 22:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/03 22:58:34 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/03 22:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2004/08/03 18:07:42 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2004/08/03 18:07:40 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2004/08/03 17:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/05/08 10:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/04/14 08:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/04/07 14:22:00 | 001,382,634 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/04/05 17:42:36 | 000,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/02/01 18:22:00 | 000,100,384 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2004/01/30 10:01:40 | 001,205,292 | R--- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/13 16:40:28 | 000,612,032 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/12/02 09:27:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/10/23 10:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/07 22:40:00 | 000,094,601 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/08 19:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tiumflt.sys -- (DevUpper)
DRV - [2003/07/30 02:02:00 | 000,017,168 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2003/06/06 12:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/02/18 19:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2001/08/17 14:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 08:58:00 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.LULUBELL_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\LASLEY_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\LASLEY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.faceboo.com/
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Pieper.PIEPER-5859368D_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\Pieper.PIEPER-5859368D_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/25 19:29:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/02/22 12:41:59 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\System32\agrsmmsg.exe ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\apoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\cfd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe (Microsoft Corporation)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe ()
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] c:\program files\quicktime\qttask .exe (Microsoft Corporation)
O4 - HKLM..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\usrprmpt.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Microsoft Corporation)
O4 - HKU\Administrator.LULUBELL_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\LASLEY_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [jccaex ] c:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe ()
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\System32\winlogon32.exe File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\Pieper.PIEPER-5859368D_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\WINDOWS\Amber Migration.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/04 18:16:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/02 19:53:05 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/03/02 19:51:49 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/03/02 19:51:48 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/03/02 19:51:48 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/03/02 19:51:48 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/03/02 19:51:48 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/03/02 19:51:48 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/03/02 19:51:48 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/03/02 19:51:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/03/02 16:55:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/25 20:13:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/25 20:12:43 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/25 20:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/25 19:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Desktop\Unused Desktop Shortcuts
[2010/02/25 13:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\My Documents\Simply Super Software
[2010/02/25 13:11:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/02/25 13:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/02/25 13:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\Simply Super Software
[2010/02/22 16:37:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/22 13:53:56 | 000,248,832 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\vclx50.bpl
[2010/02/22 13:53:55 | 002,023,424 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\vcl50.bpl
[2010/02/22 13:53:55 | 001,873,920 | ---- | C] (Raize Software, Inc.) -- C:\WINDOWS\System32\Rz30Ctls50.bpl
[2010/02/22 13:53:54 | 001,496,064 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\cc3250mt.dll
[2010/02/22 13:53:54 | 000,025,600 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\BORLNDMM.DLL
[2010/02/22 13:04:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/22 12:39:14 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/02/22 12:39:14 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/02/22 12:39:14 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/02/22 12:39:14 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010/02/22 12:39:14 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/02/22 12:39:14 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/02/22 12:39:14 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/02/22 12:39:14 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010/02/21 19:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Application Data\Malwarebytes
[2010/02/21 19:34:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.LULUBELL\IETldCache
[2010/02/21 19:33:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.LULUBELL\Application Data\Microsoft
[2010/02/21 19:33:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\SendTo
[2010/02/21 19:33:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Application Data
[2010/02/21 19:33:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Start Menu
[2010/02/21 19:33:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.LULUBELL\Cookies
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Templates
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Recent
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\PrintHood
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\NetHood
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\My Documents
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings\Application Data\Microsoft
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Favorites
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Desktop
[2010/02/20 09:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LASLEY\Local Settings\Application Data\Yahoo
[2010/02/20 09:41:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LASLEY\PrivacIE
[2010/02/20 09:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LASLEY\Application Data\Yahoo!
[2010/02/20 09:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LASLEY\Application Data\Sonic
[2010/02/20 09:15:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
[2010/02/14 14:03:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\PrivacIE
[2010/02/14 14:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Yahoo
[2010/02/14 14:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Yahoo!
[2010/02/14 14:02:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
[2010/02/14 13:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\AdobeUM
[2010/02/14 13:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
[2010/02/14 13:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\My Documents\My eBooks
[2010/02/14 13:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\My Documents
[2010/02/14 13:04:47 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\PrivacIE
[2010/02/14 13:04:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
[2010/02/14 12:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
[2010/02/14 12:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2010/02/14 12:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\runit
[2010/02/14 12:06:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Fonts\'
[2010/02/14 12:06:13 | 000,147,456 | ---- | C] (Info-ZIP) -- C:\WINDOWS\System32\vbzip10.dll
[2010/02/13 21:19:04 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/02/09 19:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\Identities
[2010/02/02 20:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/01/31 21:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache

========== Files - Modified Within 30 Days ==========

[2010/03/02 20:03:00 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/02 19:56:12 | 000,001,452 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/03/02 17:32:46 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\NTUSER.DAT
[2010/03/02 17:32:46 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\LASLEY\NTUSER.DAT
[2010/03/02 17:32:46 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\NTUSER.DAT
[2010/03/02 09:18:43 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2010/03/02 09:18:43 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
[2010/03/02 09:18:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/02 09:18:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/02 09:17:48 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/01 16:12:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/01 15:59:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/28 21:05:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B4A5B783-8436-45C2-95EA-CB44AE0C7375}.job
[2010/02/28 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/02/28 21:00:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/02/28 21:00:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/02/28 20:53:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/26 21:51:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\LASLEY\ntuser.ini
[2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/25 22:30:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\ntuser.ini
[2010/02/25 22:08:45 | 002,945,566 | -H-- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\IconCache.db
[2010/02/25 21:00:03 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/02/25 20:08:34 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\hphmon05.exe
[2010/02/25 20:08:27 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\nwiz.exe
[2010/02/25 20:08:26 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\rundll32.exe
[2010/02/25 20:08:24 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\agrsmmsg.exe
[2010/02/25 20:08:23 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/25 19:11:44 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2010/02/25 19:11:43 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\agrsmmsg.exe
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Video .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Pictures .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Passwords .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\New Folder .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Music .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Documents .lnk
[2010/02/25 10:43:49 | 000,054,272 | RHS- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/22 16:40:32 | 000,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/22 16:40:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/22 16:40:32 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/02/22 16:19:10 | 000,507,392 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\iexplore.exe
[2010/02/22 13:44:00 | 000,016,244 | ---- | M] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/02/22 13:44:00 | 000,007,302 | ---- | M] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/02/22 13:44:00 | 000,007,148 | ---- | M] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/02/22 13:44:00 | 000,006,282 | ---- | M] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/02/22 12:42:05 | 000,002,900 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/22 11:54:54 | 000,052,984 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/22 11:47:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\ntuser.ini
[2010/02/22 11:47:44 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings\Application Data\IconCache.db
[2010/02/21 19:46:38 | 000,052,984 | ---- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/21 19:15:11 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\kerojade.dll
[2010/02/14 20:18:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/14 20:18:56 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/02/14 12:22:12 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\agrsmmsg .exe
[2010/02/14 12:06:13 | 000,147,456 | ---- | M] (Info-ZIP) -- C:\WINDOWS\System32\vbzip10.dll
[2010/02/13 01:00:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Pieper.job
[2010/02/01 16:33:09 | 000,225,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/03/02 19:51:49 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/03/02 19:51:49 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/03/02 19:51:49 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/03/02 19:51:49 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/03/02 19:51:49 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/03/02 19:51:49 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/03/02 19:51:49 | 000,001,452 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/03/02 19:51:49 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/03/02 19:51:49 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/03/02 19:51:49 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/03/02 19:51:49 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/03/02 19:51:49 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/03/02 19:51:49 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/03/02 19:51:49 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/03/02 19:51:49 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/02 19:51:49 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/03/02 19:51:49 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/03/01 15:58:58 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/25 21:29:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/02/25 13:11:47 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/02/25 13:11:47 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/02/25 13:11:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/02/25 13:11:47 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Video .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Pictures .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Passwords .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\New Folder .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Music .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Documents .lnk
[2010/02/25 10:43:48 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/25 10:43:48 | 000,054,272 | RHS- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/22 13:53:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\Bcbsmp50.bpl
[2010/02/22 13:44:00 | 000,016,244 | ---- | C] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/02/22 13:44:00 | 000,007,302 | ---- | C] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/02/22 13:44:00 | 000,007,148 | ---- | C] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/02/22 13:44:00 | 000,006,282 | ---- | C] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/02/22 13:27:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/02/22 12:39:44 | 000,002,900 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/22 12:39:14 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/02/22 12:39:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/02/22 12:39:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/02/21 19:33:57 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator.LULUBELL\ntuser.ini
[2010/02/21 19:33:55 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator.LULUBELL\NTUSER.DAT
[2010/02/21 19:15:11 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kerojade.dll
[2010/02/14 20:18:56 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/02/14 20:18:56 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/02/14 12:22:12 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\agrsmmsg.exe
[2010/02/14 12:22:12 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\agrsmmsg .exe
[2010/02/14 12:17:49 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\nwiz.exe
[2010/02/14 12:17:46 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\agrsmmsg.exe
[2010/02/14 12:17:37 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\rundll32.exe
[2010/02/14 12:02:24 | 000,507,392 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\iexplore.exe
[2010/01/31 17:02:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/29 21:38:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/29 21:38:41 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/29 16:27:46 | 000,000,918 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/12/29 16:21:31 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/12/29 16:14:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/12/29 15:34:23 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/10 12:15:15 | 000,282,660 | ---- | C] () -- C:\WINDOWS\Fonts\Setup.exe
[2007/01/10 12:15:15 | 000,282,659 | -HS- | C] () -- C:\WINDOWS\Fonts\svchost .exe
[2004/08/04 07:00:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\wmcog32.dll
[2004/08/04 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 07:00:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\kbdsock.dll
[2004/01/09 06:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2010/02/25 19:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\FrostWire
[2010/02/25 19:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\LimeWire
[2010/02/25 13:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\Simply Super Software
[2009/12/29 20:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\Thinstall
[2010/02/28 21:00:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/02/28 21:00:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2010/01/18 23:58:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2010/02/28 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/02/28 21:05:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B4A5B783-8436-45C2-95EA-CB44AE0C7375}.job

========== Purity Check ==========


< End of report >

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:22 AM

Posted 02 March 2010 - 10:09 PM

  • Boot to the OTLPE CD
  • Please double-click OTLPE.exe to run it as you did before.
  • Copy the lines in the Code below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    CODE
    :files
    C:\WINDOWS\tasks\At22.job
    C:\WINDOWS\tasks\At94.job
    C:\Documents and Settings\Pieper.PIEPER-5859368D\nwiz.exe
    C:\Documents and Settings\Pieper.PIEPER-5859368D\rundll32.exe
    C:\Documents and Settings\Pieper.PIEPER-5859368D\agrsmmsg.exe
    C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
    C:\Documents and Settings\Pieper.PIEPER-5859368D\Video .lnk
    C:\Documents and Settings\Pieper.PIEPER-5859368D\Pictures .lnk
    C:\Documents and Settings\Pieper.PIEPER-5859368D\Passwords .lnk
    C:\Documents and Settings\Pieper.PIEPER-5859368D\New Folder .lnk
    C:\Documents and Settings\Pieper.PIEPER-5859368D\Music .lnk
    C:\Documents and Settings\Pieper.PIEPER-5859368D\Documents .lnk
    C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
    C:\WINDOWS\System32\tmp.reg
    C:\WINDOWS\System32\kerojade.dll
    C:\WINDOWS\System32\WS2Fix.exe
    C:\Documents and Settings\Pieper.PIEPER-5859368D\nwiz.exe
    C:\Documents and Settings\Pieper.PIEPER-5859368D\agrsmmsg.exe
    C:\Documents and Settings\Pieper.PIEPER-5859368D\rundll32.exe
    C:\Documents and Settings\Pieper.PIEPER-5859368D\iexplore.exe
    C:\WINDOWS\Fonts\Setup.exe
    C:\WINDOWS\Fonts\svchost .exe

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\system32\\userinit.exe,"

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

Restart the computer back to the OTLPE CD.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Registry to All
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:08:22 AM

Posted 03 March 2010 - 10:09 AM

========== FILES ==========
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At94.job moved successfully.
C:\Documents and Settings\Pieper.PIEPER-5859368D\nwiz.exe moved successfully.
C:\Documents and Settings\Pieper.PIEPER-5859368D\rundll32.exe moved successfully.
C:\Documents and Settings\Pieper.PIEPER-5859368D\agrsmmsg.exe moved successfully.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\Video .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\Pictures .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\Passwords .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\New Folder .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\Music .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\Documents .lnk not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe not found.
C:\WINDOWS\System32\tmp.reg moved successfully.
C:\WINDOWS\System32\kerojade.dll moved successfully.
C:\WINDOWS\System32\WS2Fix.exe moved successfully.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\nwiz.exe not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\agrsmmsg.exe not found.
File\Folder C:\Documents and Settings\Pieper.PIEPER-5859368D\rundll32.exe not found.
C:\Documents and Settings\Pieper.PIEPER-5859368D\iexplore.exe moved successfully.
C:\WINDOWS\Fonts\Setup.exe moved successfully.
C:\WINDOWS\Fonts\svchost .exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\Windows\\system32\\userinit.exe," /E : value set successfully!

OTLPE by OldTimer - Version 3.1.30.3 log created on 03032010_100250
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Next log to follow momentarily

#14 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:08:22 AM

Posted 03 March 2010 - 11:05 AM

OTL logfile created on: 3/3/2010 10:53:41 AM - Run
OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 329.00 Mb Available Physical Memory | 64.00% Memory free
459.00 Mb Paging File | 340.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 31.15 Gb Free Space | 55.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2010/01/29 17:03:42 | 000,135,664 | ---- | M] (Google Inc.) [Auto] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/30 10:02:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/29 22:43:39 | 000,182,768 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/08/05 17:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/07/27 14:25:24 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi)
SRV - [2004/04/07 14:22:00 | 000,073,728 | R--- | M] (NVIDIA Corporation) [Auto] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/02/20 19:19:38 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/02/25 21:00:03 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2004/08/04 13:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 07:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/04 07:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2004/08/04 07:00:00 | 000,451,456 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2004/08/04 07:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2004/08/04 07:00:00 | 000,336,256 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2004/08/04 07:00:00 | 000,263,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2004/08/04 07:00:00 | 000,209,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2004/08/04 07:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2004/08/04 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/04 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2004/08/04 07:00:00 | 000,176,512 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2004/08/04 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/04 07:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/04 07:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/04 07:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2004/08/04 07:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2004/08/04 07:00:00 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/04 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 07:00:00 | 000,124,800 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2004/08/04 07:00:00 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/04 07:00:00 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2004/08/04 07:00:00 | 000,092,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2004/08/04 07:00:00 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/04 07:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/04 07:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/04 07:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2004/08/04 07:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/04 07:00:00 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2004/08/04 07:00:00 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/04 07:00:00 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/04 07:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/04 07:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/04 07:00:00 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/04 07:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/04 07:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/04 07:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/04 07:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/04 07:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/04 07:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/04 07:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2004/08/04 07:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2004/08/04 07:00:00 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2004/08/04 07:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/04 07:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2004/08/04 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/04 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/04 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 07:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/04 07:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2004/08/04 07:00:00 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/04 07:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 07:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/04 07:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2004/08/04 07:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/04 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/04 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/04 07:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/04 07:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/04 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2004/08/04 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2004/08/04 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 07:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/04 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 07:00:00 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/04 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 07:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2004/08/04 07:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/04 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 07:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/04 07:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/04 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2004/08/04 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2004/08/04 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 07:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 07:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2004/08/04 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/08/04 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/04 01:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/03 23:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/03 23:15:06 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2004/08/03 23:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/03 23:08:48 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2004/08/03 23:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/03 23:07:50 | 000,171,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2004/08/03 23:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2004/08/03 23:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2004/08/03 22:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2004/08/03 22:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2004/08/03 22:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2004/08/03 22:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/03 22:58:34 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/03 22:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2004/08/03 18:07:42 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2004/08/03 18:07:40 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2004/08/03 17:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/05/08 10:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/04/14 08:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/04/07 14:22:00 | 001,382,634 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/04/05 17:42:36 | 000,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/02/01 18:22:00 | 000,100,384 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2004/01/30 10:01:40 | 001,205,292 | R--- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/13 16:40:28 | 000,612,032 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/12/02 09:27:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/10/23 10:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/07 22:40:00 | 000,094,601 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/08 19:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tiumflt.sys -- (DevUpper)
DRV - [2003/07/30 02:02:00 | 000,017,168 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2003/06/06 12:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/02/18 19:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2001/08/17 14:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 08:58:00 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.LULUBELL_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\LASLEY_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\LASLEY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.faceboo.com/
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Pieper.PIEPER-5859368D_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\Pieper.PIEPER-5859368D_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/25 19:29:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/02/22 12:41:59 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\System32\agrsmmsg.exe ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\apoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\cfd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe (Microsoft Corporation)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe ()
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] c:\program files\quicktime\qttask .exe (Microsoft Corporation)
O4 - HKLM..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\usrprmpt.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Microsoft Corporation)
O4 - HKU\Administrator.LULUBELL_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\LASLEY_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [jccaex ] c:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe ()
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\Pieper.PIEPER-5859368D_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\WINDOWS\Amber Migration.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/04 18:16:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/03 10:51:43 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/03/03 10:50:27 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/03/03 10:50:27 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/03/03 10:50:27 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/03/03 10:50:27 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/03/03 10:50:27 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/03/03 10:50:27 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/03/02 16:55:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/25 20:13:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/25 20:12:43 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/25 20:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/25 19:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Desktop\Unused Desktop Shortcuts
[2010/02/25 13:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\My Documents\Simply Super Software
[2010/02/25 13:11:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/02/25 13:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/02/25 13:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\Simply Super Software
[2010/02/22 16:37:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/22 13:53:56 | 000,248,832 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\vclx50.bpl
[2010/02/22 13:53:55 | 002,023,424 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\vcl50.bpl
[2010/02/22 13:53:55 | 001,873,920 | ---- | C] (Raize Software, Inc.) -- C:\WINDOWS\System32\Rz30Ctls50.bpl
[2010/02/22 13:53:54 | 001,496,064 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\cc3250mt.dll
[2010/02/22 13:53:54 | 000,025,600 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\BORLNDMM.DLL
[2010/02/22 13:04:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/22 12:39:14 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/02/22 12:39:14 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/02/22 12:39:14 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/02/22 12:39:14 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010/02/22 12:39:14 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/02/22 12:39:14 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/02/22 12:39:14 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/02/22 12:39:14 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010/02/21 19:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Application Data\Malwarebytes
[2010/02/21 19:34:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.LULUBELL\IETldCache
[2010/02/21 19:33:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.LULUBELL\Application Data\Microsoft
[2010/02/21 19:33:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\SendTo
[2010/02/21 19:33:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Application Data
[2010/02/21 19:33:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Start Menu
[2010/02/21 19:33:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.LULUBELL\Cookies
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Templates
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Recent
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\PrintHood
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\NetHood
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\My Documents
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings\Application Data\Microsoft
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Favorites
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Desktop
[2010/02/20 09:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LASLEY\Local Settings\Application Data\Yahoo
[2010/02/20 09:41:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LASLEY\PrivacIE
[2010/02/20 09:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LASLEY\Application Data\Yahoo!
[2010/02/20 09:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LASLEY\Application Data\Sonic
[2010/02/20 09:15:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
[2010/02/14 14:03:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\PrivacIE
[2010/02/14 14:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Yahoo
[2010/02/14 14:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Yahoo!
[2010/02/14 14:02:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
[2010/02/14 13:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\AdobeUM
[2010/02/14 13:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
[2010/02/14 13:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\My Documents\My eBooks
[2010/02/14 13:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\My Documents
[2010/02/14 13:04:47 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\PrivacIE
[2010/02/14 13:04:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
[2010/02/14 12:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
[2010/02/14 12:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2010/02/14 12:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\runit
[2010/02/14 12:06:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Fonts\'
[2010/02/14 12:06:13 | 000,147,456 | ---- | C] (Info-ZIP) -- C:\WINDOWS\System32\vbzip10.dll
[2010/02/13 21:19:04 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/02/09 19:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\Identities
[2010/02/02 20:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer

========== Files - Modified Within 30 Days ==========

[2010/03/03 10:52:20 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/03 10:47:18 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2010/03/03 10:47:18 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
[2010/03/03 10:47:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/03 10:47:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/03 10:45:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B4A5B783-8436-45C2-95EA-CB44AE0C7375}.job
[2010/03/03 10:08:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/03 10:08:22 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/02 21:03:20 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\NTUSER.DAT
[2010/03/02 17:32:46 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\NTUSER.DAT
[2010/03/02 17:32:46 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\LASLEY\NTUSER.DAT
[2010/03/01 16:12:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/01 15:59:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/28 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/02/26 21:51:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\LASLEY\ntuser.ini
[2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/25 22:30:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\ntuser.ini
[2010/02/25 22:08:45 | 002,945,566 | -H-- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\IconCache.db
[2010/02/25 21:00:03 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/02/25 20:08:34 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\hphmon05.exe
[2010/02/25 20:08:23 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/25 19:11:44 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2010/02/25 19:11:43 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\agrsmmsg.exe
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Video .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Pictures .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Passwords .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\New Folder .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Music .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Documents .lnk
[2010/02/25 10:43:49 | 000,054,272 | RHS- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/22 16:40:32 | 000,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/22 16:40:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/22 16:40:32 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/02/22 13:44:00 | 000,016,244 | ---- | M] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/02/22 13:44:00 | 000,007,302 | ---- | M] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/02/22 13:44:00 | 000,007,148 | ---- | M] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/02/22 13:44:00 | 000,006,282 | ---- | M] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/02/22 11:54:54 | 000,052,984 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/22 11:47:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\ntuser.ini
[2010/02/22 11:47:44 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings\Application Data\IconCache.db
[2010/02/21 19:46:38 | 000,052,984 | ---- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/14 20:18:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/14 20:18:56 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/02/14 12:22:12 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\agrsmmsg .exe
[2010/02/14 12:06:13 | 000,147,456 | ---- | M] (Info-ZIP) -- C:\WINDOWS\System32\vbzip10.dll
[2010/02/13 01:00:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Pieper.job
[2010/02/01 16:33:09 | 000,225,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/03/03 10:50:27 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/03/03 10:50:27 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/03/03 10:50:27 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/03/03 10:50:27 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/03/03 10:50:27 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/03/03 10:50:27 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/03/03 10:50:27 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/03/03 10:50:27 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/03/03 10:50:27 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/03/03 10:50:27 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/03/03 10:50:27 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/03/03 10:50:27 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/03/03 10:50:27 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/03/03 10:50:27 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/03/03 10:50:27 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/03 10:50:27 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/03/03 10:50:27 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/03/01 15:58:58 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/25 13:11:47 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/02/25 13:11:47 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/02/25 13:11:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/02/25 13:11:47 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Video .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Pictures .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Passwords .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\New Folder .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Music .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Documents .lnk
[2010/02/25 10:43:48 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/25 10:43:48 | 000,054,272 | RHS- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/22 13:53:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\Bcbsmp50.bpl
[2010/02/22 13:44:00 | 000,016,244 | ---- | C] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/02/22 13:44:00 | 000,007,302 | ---- | C] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/02/22 13:44:00 | 000,007,148 | ---- | C] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/02/22 13:44:00 | 000,006,282 | ---- | C] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/02/22 12:39:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/02/22 12:39:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/02/21 19:33:57 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator.LULUBELL\ntuser.ini
[2010/02/21 19:33:55 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator.LULUBELL\NTUSER.DAT
[2010/02/14 20:18:56 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/02/14 20:18:56 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/02/14 12:22:12 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\agrsmmsg.exe
[2010/02/14 12:22:12 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\agrsmmsg .exe
[2010/01/31 17:02:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/29 21:38:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/29 21:38:41 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/29 16:27:46 | 000,000,918 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/12/29 16:21:31 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/12/29 16:14:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/12/29 15:34:23 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/04 07:00:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\wmcog32.dll
[2004/08/04 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 07:00:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\kbdsock.dll
[2004/01/09 06:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2010/02/25 19:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\FrostWire
[2010/02/25 19:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\LimeWire
[2010/02/25 13:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\Simply Super Software
[2009/12/29 20:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\Thinstall
[2010/01/18 23:58:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2010/02/28 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/03/03 10:45:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B4A5B783-8436-45C2-95EA-CB44AE0C7375}.job

========== Purity Check ==========


< End of report >


OTL logfile created on: 3/3/2010 10:53:41 AM - Run
OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 329.00 Mb Available Physical Memory | 64.00% Memory free
459.00 Mb Paging File | 340.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 31.15 Gb Free Space | 55.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2010/01/29 17:03:42 | 000,135,664 | ---- | M] (Google Inc.) [Auto] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/30 10:02:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/29 22:43:39 | 000,182,768 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/08/05 17:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/07/27 14:25:24 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi)
SRV - [2004/04/07 14:22:00 | 000,073,728 | R--- | M] (NVIDIA Corporation) [Auto] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/02/20 19:19:38 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/02/25 21:00:03 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2004/08/04 13:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 07:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/04 07:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2004/08/04 07:00:00 | 000,451,456 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2004/08/04 07:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2004/08/04 07:00:00 | 000,336,256 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2004/08/04 07:00:00 | 000,263,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2004/08/04 07:00:00 | 000,209,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2004/08/04 07:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2004/08/04 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/04 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2004/08/04 07:00:00 | 000,176,512 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2004/08/04 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/04 07:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/04 07:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/04 07:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2004/08/04 07:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2004/08/04 07:00:00 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/04 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 07:00:00 | 000,124,800 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2004/08/04 07:00:00 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/04 07:00:00 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2004/08/04 07:00:00 | 000,092,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2004/08/04 07:00:00 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/04 07:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/04 07:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/04 07:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2004/08/04 07:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/04 07:00:00 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2004/08/04 07:00:00 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/04 07:00:00 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/04 07:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/04 07:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/04 07:00:00 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/04 07:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/04 07:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/04 07:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/04 07:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/04 07:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/04 07:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/04 07:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2004/08/04 07:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2004/08/04 07:00:00 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2004/08/04 07:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/04 07:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2004/08/04 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/04 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/04 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 07:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/04 07:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2004/08/04 07:00:00 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/04 07:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 07:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/04 07:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2004/08/04 07:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/04 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/04 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/04 07:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/04 07:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/04 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2004/08/04 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2004/08/04 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 07:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/04 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 07:00:00 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/04 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 07:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2004/08/04 07:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/04 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 07:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/04 07:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/04 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2004/08/04 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2004/08/04 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 07:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 07:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2004/08/04 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/08/04 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/04 01:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/03 23:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/03 23:15:06 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2004/08/03 23:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/03 23:08:48 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2004/08/03 23:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/03 23:07:50 | 000,171,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2004/08/03 23:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2004/08/03 23:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2004/08/03 22:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2004/08/03 22:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2004/08/03 22:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2004/08/03 22:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/03 22:58:34 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/03 22:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2004/08/03 18:07:42 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2004/08/03 18:07:40 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2004/08/03 17:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/05/08 10:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/04/14 08:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/04/07 14:22:00 | 001,382,634 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/04/05 17:42:36 | 000,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/02/01 18:22:00 | 000,100,384 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2004/01/30 10:01:40 | 001,205,292 | R--- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/13 16:40:28 | 000,612,032 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/12/02 09:27:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/10/23 10:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/07 22:40:00 | 000,094,601 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/08 19:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tiumflt.sys -- (DevUpper)
DRV - [2003/07/30 02:02:00 | 000,017,168 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2003/06/06 12:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/02/18 19:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2001/08/17 14:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 08:58:00 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.LULUBELL_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\LASLEY_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\LASLEY_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\LASLEY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.faceboo.com/
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Pieper.PIEPER-5859368D_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\Pieper.PIEPER-5859368D_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Pieper.PIEPER-5859368D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/25 19:29:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/02/22 12:41:59 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Pieper.PIEPER-5859368D_ON_C\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\System32\agrsmmsg.exe ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\apoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\cfd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe (Microsoft Corporation)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe ()
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] c:\program files\quicktime\qttask .exe (Microsoft Corporation)
O4 - HKLM..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\usrprmpt.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Microsoft Corporation)
O4 - HKU\Administrator.LULUBELL_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\LASLEY_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [jccaex ] c:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe ()
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\Pieper.PIEPER-5859368D_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.LULUBELL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LASLEY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Pieper.PIEPER-5859368D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\Pieper.PIEPER-5859368D_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\WINDOWS\Amber Migration.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/04 18:16:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/03 10:51:43 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/03/03 10:50:27 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/03/03 10:50:27 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/03/03 10:50:27 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/03/03 10:50:27 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/03/03 10:50:27 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/03/03 10:50:27 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/03/03 10:50:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/03/02 16:55:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/25 20:13:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/25 20:12:43 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/25 20:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/25 19:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Desktop\Unused Desktop Shortcuts
[2010/02/25 13:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\My Documents\Simply Super Software
[2010/02/25 13:11:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/02/25 13:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/02/25 13:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\Simply Super Software
[2010/02/22 16:37:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/22 13:53:56 | 000,248,832 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\vclx50.bpl
[2010/02/22 13:53:55 | 002,023,424 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\vcl50.bpl
[2010/02/22 13:53:55 | 001,873,920 | ---- | C] (Raize Software, Inc.) -- C:\WINDOWS\System32\Rz30Ctls50.bpl
[2010/02/22 13:53:54 | 001,496,064 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\cc3250mt.dll
[2010/02/22 13:53:54 | 000,025,600 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\BORLNDMM.DLL
[2010/02/22 13:04:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/22 12:39:14 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/02/22 12:39:14 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/02/22 12:39:14 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/02/22 12:39:14 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010/02/22 12:39:14 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/02/22 12:39:14 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/02/22 12:39:14 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/02/22 12:39:14 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010/02/21 19:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Application Data\Malwarebytes
[2010/02/21 19:34:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.LULUBELL\IETldCache
[2010/02/21 19:33:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.LULUBELL\Application Data\Microsoft
[2010/02/21 19:33:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\SendTo
[2010/02/21 19:33:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Application Data
[2010/02/21 19:33:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Start Menu
[2010/02/21 19:33:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.LULUBELL\Cookies
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Templates
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Recent
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\PrintHood
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\NetHood
[2010/02/21 19:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\My Documents
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings\Application Data\Microsoft
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Favorites
[2010/02/21 19:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LULUBELL\Desktop
[2010/02/20 09:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LASLEY\Local Settings\Application Data\Yahoo
[2010/02/20 09:41:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LASLEY\PrivacIE
[2010/02/20 09:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LASLEY\Application Data\Yahoo!
[2010/02/20 09:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LASLEY\Application Data\Sonic
[2010/02/20 09:15:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
[2010/02/14 14:03:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\PrivacIE
[2010/02/14 14:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Yahoo
[2010/02/14 14:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Yahoo!
[2010/02/14 14:02:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
[2010/02/14 13:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\AdobeUM
[2010/02/14 13:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
[2010/02/14 13:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\My Documents\My eBooks
[2010/02/14 13:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\My Documents
[2010/02/14 13:04:47 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\PrivacIE
[2010/02/14 13:04:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
[2010/02/14 12:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
[2010/02/14 12:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2010/02/14 12:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\runit
[2010/02/14 12:06:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Fonts\'
[2010/02/14 12:06:13 | 000,147,456 | ---- | C] (Info-ZIP) -- C:\WINDOWS\System32\vbzip10.dll
[2010/02/13 21:19:04 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/02/09 19:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\Identities
[2010/02/02 20:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer

========== Files - Modified Within 30 Days ==========

[2010/03/03 10:52:20 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/03 10:47:18 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2010/03/03 10:47:18 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
[2010/03/03 10:47:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/03 10:47:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/03 10:45:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B4A5B783-8436-45C2-95EA-CB44AE0C7375}.job
[2010/03/03 10:08:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/03 10:08:22 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/02 21:03:20 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\NTUSER.DAT
[2010/03/02 17:32:46 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\NTUSER.DAT
[2010/03/02 17:32:46 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\LASLEY\NTUSER.DAT
[2010/03/01 16:12:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/01 15:59:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/28 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/02/26 21:51:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\LASLEY\ntuser.ini
[2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/25 22:30:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\ntuser.ini
[2010/02/25 22:08:45 | 002,945,566 | -H-- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\IconCache.db
[2010/02/25 21:00:03 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/02/25 20:08:34 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\hphmon05.exe
[2010/02/25 20:08:23 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/25 19:11:44 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2010/02/25 19:11:43 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\agrsmmsg.exe
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Video .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Pictures .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Passwords .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\New Folder .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Music .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Documents .lnk
[2010/02/25 10:43:49 | 000,054,272 | RHS- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/22 16:40:32 | 000,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/22 16:40:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/22 16:40:32 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/02/22 13:44:00 | 000,016,244 | ---- | M] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/02/22 13:44:00 | 000,007,302 | ---- | M] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/02/22 13:44:00 | 000,007,148 | ---- | M] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/02/22 13:44:00 | 000,006,282 | ---- | M] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/02/22 11:54:54 | 000,052,984 | ---- | M] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/22 11:47:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\ntuser.ini
[2010/02/22 11:47:44 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings\Application Data\IconCache.db
[2010/02/21 19:46:38 | 000,052,984 | ---- | M] () -- C:\Documents and Settings\Administrator.LULUBELL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/14 20:18:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/14 20:18:56 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/02/14 12:22:12 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\agrsmmsg .exe
[2010/02/14 12:06:13 | 000,147,456 | ---- | M] (Info-ZIP) -- C:\WINDOWS\System32\vbzip10.dll
[2010/02/13 01:00:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Pieper.job
[2010/02/01 16:33:09 | 000,225,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/03/03 10:50:27 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/03/03 10:50:27 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/03/03 10:50:27 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/03/03 10:50:27 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/03/03 10:50:27 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/03/03 10:50:27 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/03/03 10:50:27 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/03/03 10:50:27 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/03/03 10:50:27 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/03/03 10:50:27 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/03/03 10:50:27 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/03/03 10:50:27 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/03/03 10:50:27 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/03/03 10:50:27 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/03/03 10:50:27 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/03 10:50:27 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/03/03 10:50:27 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/03/01 15:58:58 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/25 13:11:47 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/02/25 13:11:47 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/02/25 13:11:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/02/25 13:11:47 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Video .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Pictures .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Passwords .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\New Folder .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Music .lnk
[2010/02/25 11:16:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Documents .lnk
[2010/02/25 10:43:48 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/25 10:43:48 | 000,054,272 | RHS- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\jccaex .exe
[2010/02/22 13:53:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\Bcbsmp50.bpl
[2010/02/22 13:44:00 | 000,016,244 | ---- | C] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/02/22 13:44:00 | 000,007,302 | ---- | C] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/02/22 13:44:00 | 000,007,148 | ---- | C] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/02/22 13:44:00 | 000,006,282 | ---- | C] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/02/22 12:39:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/02/22 12:39:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/02/21 19:33:57 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator.LULUBELL\ntuser.ini
[2010/02/21 19:33:55 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator.LULUBELL\NTUSER.DAT
[2010/02/14 20:18:56 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/02/14 20:18:56 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/02/14 12:22:12 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\agrsmmsg.exe
[2010/02/14 12:22:12 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\agrsmmsg .exe
[2010/01/31 17:02:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/29 21:38:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/29 21:38:41 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/29 16:27:46 | 000,000,918 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/12/29 16:21:31 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/12/29 16:14:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/12/29 15:34:23 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/04 07:00:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\wmcog32.dll
[2004/08/04 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 07:00:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\kbdsock.dll
[2004/01/09 06:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2010/02/25 19:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\FrostWire
[2010/02/25 19:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\LimeWire
[2010/02/25 13:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\Simply Super Software
[2009/12/29 20:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pieper.PIEPER-5859368D\Application Data\Thinstall
[2010/01/18 23:58:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2010/02/28 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/03/03 10:45:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B4A5B783-8436-45C2-95EA-CB44AE0C7375}.job

========== Purity Check ==========


< End of report >

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:22 AM

Posted 03 March 2010 - 12:08 PM

You should now be able to boot in Normal Mode. Connect to the Internet and follow these steps:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  4. Double click on combofix.exe & follow the prompts.
  5. Install the Recovery Console if prompted.
  6. When finished, it will produce a report for you.
  7. Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users