Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirection problem


  • This topic is locked This topic is locked
28 replies to this topic

#1 mafishman1

mafishman1

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 15 April 2010 - 08:35 PM

Hello, I have already read a lot about this and just need help removing the google redirection virus problem. My problem is same as what most have had...search results are redirecting to other sites. I have not been able to post in this forum with the DDS log pasted in as it says it cannot load webpage. So I am going to post this without it and then try to reply with it. We will see what happens. I will attach the attach.txt and ark.txt files though. Thanks in advance.

It will NOT let me post if I paste my DDS log. No clue why. Is there a max post size??

Attached Files


Edited by Budapest, 15 April 2010 - 08:50 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:07 PM

Posted 19 April 2010 - 10:33 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 mafishman1

mafishman1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 19 April 2010 - 07:11 PM

Hello!! Thanks in advance for any help. Well it seems things are getting worse. When I tried to run OTL it said it is not a valid Win32 application and won't run. The first problem I had on my compluter was a false microsoft security thing that wouldn't let me run anything, included the internet. I was able to solve that problem. I also had a problem with a continuous "Jus-in-Time debugger" popup that I also solved on my own. Then the Google redirect thing started happening which I can't fix on my own. I did notice that over the last couple days I have gotten a couple of Win32 errors and noticed that suddenlt last night my screen saver never would come on automatically like normal. Also, occasionally while waiting for help here, my computer would just drag to the point it wouldn't do much of anything. So that's all my problems I believe. But I can't run OTL currently. I have used Malwarebytes and Hitman Pro recently and have McAfee as security on my computer.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:07 PM

Posted 20 April 2010 - 10:54 AM

Hi,

could you please try to run ComboFix:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2





--------------------------------------------------------------------

Double click on Combo-Fix.com & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 mafishman1

mafishman1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 20 April 2010 - 07:26 PM

Well everyday it gets worse. Now I have a fake security essentials antivirus program that appears to be blocking applications. It even replaced my desktop background with a big warning. I tried to run combofix twice, but both it went to the blue screen saying a problem has been detected and windows has been shut down. What next?

#6 mafishman1

mafishman1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 20 April 2010 - 07:27 PM

By the way, it says bad_pool_caller under that message, if that helps at all.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:07 PM

Posted 21 April 2010 - 05:21 AM

Hi,

do you have the possibility to download aobut 300Mb and create a live-cd to boot your PC from there?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 mafishman1

mafishman1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 21 April 2010 - 07:40 AM

Yes I can do that, just let me know what I need to do.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:07 PM

Posted 21 April 2010 - 10:34 AM

Hi,

awesum, please do the following then:

OK this file is big Print these instruction out so that you know what you are doing

Two programmes to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings[list]
  • Change Drivers to SafeList
  • Copy and Paste the following code into the textbox. Do not include the word "Code"

    Please note: You can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.

    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Push
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 mafishman1

mafishman1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 22 April 2010 - 06:36 PM

Sorry it is taking a while to get this done. I'm very busy at work. Anyway, I now can not use Internet explorer. It encounters an error and closes every time. I'm posting this from my phone. I only have 1 computer so doing this from another one could take some time if that's what I need to do. This is getting frustrating. Everytime I start my computer something else doesn't work.

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:07 PM

Posted 24 April 2010 - 03:36 PM

Hi,

have you tried getting online from safe mode with networking support?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 mafishman1

mafishman1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 24 April 2010 - 05:07 PM

Yes I did try that. It immediately gave the "a problem has been encountered and windows has been shut down to prevent problems" message. So I still can't do anything. I will have access to a clean computer this weekend and can download the program to boot from a cd. I think that's my only option right now.

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:07 PM

Posted 24 April 2010 - 06:09 PM

Hi,

just so it was mentioned: If you feel this is making to much trouble or is to time consuming and want to reformat, just say so and I'd be happy to offer you some advice on the steps you are unclear on.

I'll happily help to get your PC back up and running, but don't feel compelled to bring this to an end instead of reformating because fo me.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 mafishman1

mafishman1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 24 April 2010 - 06:22 PM

I don't mind trying to fix it unless you think reformatting would be a better option. What would the consequences be of reformatting versus just taking the time to fix the problems?

#15 mafishman1

mafishman1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 24 April 2010 - 09:58 PM

Ok we have progress!!! I used a friend's computer and was able to boot from a cd and run the OTL scan. So here are the results below. Let me know what's next.


OTL logfile created on: 4/24/2010 11:10:09 PM - Run
OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 302.00 Mb Available Physical Memory | 59.00% Memory free
459.00 Mb Paging File | 332.00 Mb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.70 Gb Total Space | 0.85 Gb Free Space | 2.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (MDM)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/09/07 18:12:32 | 000,225,353 | ---- | M] (IntelŪ Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 18:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 18:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 18:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand] -- -- (Pcouffin)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - [2010/04/20 09:05:30 | 000,075,264 | ---- | M] (Villlys Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\efaa.sys -- (efaa)
DRV - [2010/04/15 03:46:36 | 000,030,688 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/10/26 14:01:00 | 002,830,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/31 10:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys -- (s24trans)
DRV - [2004/08/13 04:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 03:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 03:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 03:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/12 10:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\iwca.sys -- (IWCA)
DRV - [2004/08/07 20:51:04 | 003,210,496 | ---- | M] (IntelŪ Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\w29n51.sys -- (w29n51) Intel®
DRV - [2004/08/06 16:32:44 | 000,104,735 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/04 05:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/20 13:14:06 | 000,258,160 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/02/13 13:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2003/11/13 20:21:16 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/11/13 20:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 20:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/02 10:02:42 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\Mateo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\Mateo_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Mateo_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Mateo_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Mateo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
IE - HKU\Mateo_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\Mateo_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\Mateo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Mateo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/18 22:39:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/03 18:39:44 | 000,000,000 | ---D | M]

[2008/04/06 00:02:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/05 23:55:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {2b6a23d8-cecb-409a-b6c0-284836f592bf} - C:\WINDOWS\System32\kawoyake.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Mateo_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Mateo_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [bacstray] C:\WINDOWS\System32\BacsTray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [batimolib] C:\WINDOWS\System32\devopaha.DLL ()
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [sawuyugele] C:\WINDOWS\System32\wayapego.dll ()
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\SYSTEM32\smss32.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\.DEFAULT..\Run: [smss32.exe] C:\WINDOWS\SYSTEM32\smss32.exe ()
O4 - HKU\Mateo_ON_C..\Run: [ares] C:\Program Files\Ares\Ares.exe File not found
O4 - HKU\Mateo_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Mateo_ON_C..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe (Security essentials)
O4 - HKU\Mateo_ON_C..\Run: [smss32.exe] C:\WINDOWS\SYSTEM32\smss32.exe ()
O4 - HKU\Mateo_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\Mateo\Start Menu\Programs\Startup\BAMMediaPlayerUpdater.lnk = C:\Program Files\BAMMediaPlayer\updater.exe ()
O4 - Startup: C:\Documents and Settings\Mateo\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Mateo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Mateo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\Mateo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\Mateo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Mateo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Mateo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Mateo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\Mateo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helpers32.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\helpers32.dll File not found
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} https://bookmaker.secureprivate.com/MidasCa...OCXiovation.cab (Stm Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\SYSTEM32\winlogon32.exe ()
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O21 - SSODL: kayazagaf - {e04e89b5-5e82-46a4-b535-415d493e33f2} - C:\WINDOWS\System32\fapilizu.dll File not found
O21 - SSODL: rovohijum - {04c59bf9-53b4-42ac-a324-6a43942086ff} - C:\WINDOWS\System32\jekulanu.dll File not found
O21 - SSODL: yoletavis - {f8ec199a-8f87-4571-bf36-e9da6d9b4774} - C:\WINDOWS\SYSTEM32\devopaha.dll ()
O22 - SharedTaskScheduler: {04c59bf9-53b4-42ac-a324-6a43942086ff} - jugezatag - C:\WINDOWS\System32\jekulanu.dll File not found
O22 - SharedTaskScheduler: {e04e89b5-5e82-46a4-b535-415d493e33f2} - tokatiluy - C:\WINDOWS\System32\fapilizu.dll File not found
O22 - SharedTaskScheduler: {f8ec199a-8f87-4571-bf36-e9da6d9b4774} - jugezatag - C:\WINDOWS\SYSTEM32\devopaha.dll ()
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msansspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PEVSystemStart - Service
SafeBootMin: procexp90.Sys - Driver

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E09572C3-02CE-0978-64CB-EB5AD6D4C4CF} - Viewpoint Media Player
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll File not found
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/12/14 09:31:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/22 19:30:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\HPAppData
[2010/04/22 19:30:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Google
[2010/04/20 20:18:22 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2010/04/20 19:47:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/20 19:27:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/20 19:27:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/20 19:27:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/20 19:27:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/20 19:25:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/20 19:19:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/20 19:17:39 | 000,163,328 | ---- | C] (Villlys Inc.) -- C:\WINDOWS\System32\18467.exe
[2010/04/20 19:05:40 | 001,038,856 | ---- | C] (ADC ltd.) -- C:\Program Files\wpp.exe
[2010/04/20 18:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Securityessentials2010
[2010/04/20 09:05:30 | 000,075,264 | ---- | C] (Villlys Inc) -- C:\WINDOWS\System32\efaa.sys
[2010/04/13 23:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/04/13 23:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/12 21:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/12 21:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/12 21:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/10 20:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/10 17:34:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/10 17:34:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/10 17:34:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/10 13:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/10 13:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/08 15:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/08 15:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/24 23:10:53 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/24 18:02:16 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tuzodumo
[2010/04/24 18:01:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 18:01:54 | 000,011,289 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/04/24 18:01:45 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\xcydixxb.job
[2010/04/24 18:01:45 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ljazqszr.job
[2010/04/24 18:01:45 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\iqcfsfxx.job
[2010/04/24 18:01:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/24 18:01:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/04/24 18:01:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/24 18:01:35 | 536,129,536 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/22 20:03:49 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/22 20:03:36 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2010/04/22 20:03:35 | 000,037,873 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/04/22 20:03:34 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Mateo\NTUSER.DAT
[2010/04/22 20:03:34 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mateo\NTUSER.INI
[2010/04/22 20:02:16 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\plmtxlfq.job
[2010/04/22 19:43:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/04/22 19:43:13 | 000,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/22 19:43:07 | 000,004,278 | ---- | M] () -- C:\WINDOWS\System32\warnings.html
[2010/04/22 19:29:09 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/20 19:48:01 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/04/20 19:17:40 | 000,163,328 | ---- | M] (Villlys Inc.) -- C:\WINDOWS\System32\18467.exe
[2010/04/20 19:17:20 | 003,922,245 | R--- | M] () -- C:\Documents and Settings\Mateo\Desktop\Combo-Fix.exe
[2010/04/20 19:06:33 | 000,000,115 | ---- | M] () -- C:\Program Files\ypp_723139.bat
[2010/04/20 19:05:50 | 001,038,856 | ---- | M] (ADC ltd.) -- C:\Program Files\wpp.exe
[2010/04/20 18:59:05 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/20 18:58:14 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\Mateo\Desktop\Security essentials 2010.lnk
[2010/04/20 09:05:30 | 000,075,264 | ---- | M] (Villlys Inc) -- C:\WINDOWS\System32\efaa.sys
[2010/04/20 08:56:45 | 000,048,128 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/04/20 08:56:45 | 000,048,128 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe
[2010/04/19 19:20:55 | 000,074,460 | ---- | M] () -- C:\Documents and Settings\Mateo\Desktop\OTL.exe
[2010/04/19 19:14:33 | 000,041,984 | -HS- | M] () -- C:\WINDOWS\System32\riligize.dll
[2010/04/18 01:50:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/17 19:21:12 | 000,242,688 | ---- | M] () -- C:\Documents and Settings\Mateo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/15 20:31:58 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Mateo\Desktop\gmer.zip
[2010/04/15 20:18:26 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Mateo\Desktop\dds.scr
[2010/04/15 20:15:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mateo\defogger_reenable
[2010/04/15 20:15:09 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mateo\Desktop\Defogger.exe
[2010/04/15 19:12:58 | 000,000,688 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/04/15 03:46:36 | 000,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
[2010/04/15 03:46:36 | 000,030,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYM_U3.SYS
[2010/04/15 03:10:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/15 01:13:49 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/04/12 15:24:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/11 21:52:21 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Mateo\My Documents\Fisher_Resume_Final.doc
[2010/04/10 14:46:05 | 000,000,355 | ---- | M] () -- C:\Documents and Settings\Mateo\Desktop\fix.reg
[2010/04/10 14:30:44 | 000,016,540 | -HS- | M] () -- C:\Documents and Settings\Mateo\Local Settings\Application Data\kH832332nVa32
[2010/04/10 14:18:52 | 000,016,350 | -HS- | M] () -- C:\Documents and Settings\Mateo\Local Settings\Application Data\1804697988
[2010/04/07 00:21:37 | 000,004,916 | -HS- | M] () -- C:\Documents and Settings\Mateo\Local Settings\Application Data\86K35bLqF
[2010/04/07 00:21:37 | 000,000,004 | ---- | M] () -- C:\Program Files\30534105.dat
[2010/04/03 18:41:48 | 000,023,110 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010/04/01 01:00:10 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/03/31 18:40:31 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/31 18:40:30 | 000,528,202 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/31 18:40:30 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/22 20:03:36 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2010/04/20 19:48:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/20 19:47:51 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/20 19:27:01 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/20 19:27:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/20 19:27:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/20 19:27:01 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/20 19:27:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/20 19:17:20 | 003,922,245 | R--- | C] () -- C:\Documents and Settings\Mateo\Desktop\Combo-Fix.exe
[2010/04/20 19:06:33 | 000,000,115 | ---- | C] () -- C:\Program Files\ypp_723139.bat
[2010/04/20 18:58:02 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\Mateo\Desktop\Security essentials 2010.lnk
[2010/04/20 18:57:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/04/20 08:57:02 | 000,004,278 | ---- | C] () -- C:\WINDOWS\System32\warnings.html
[2010/04/20 08:56:57 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/04/20 08:56:57 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\smss32.exe
[2010/04/19 19:20:49 | 000,074,460 | ---- | C] () -- C:\Documents and Settings\Mateo\Desktop\OTL.exe
[2010/04/19 19:14:33 | 000,041,984 | -HS- | C] () -- C:\WINDOWS\System32\riligize.dll
[2010/04/16 17:09:01 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\plmtxlfq.job
[2010/04/16 05:09:10 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\xcydixxb.job
[2010/04/15 20:33:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mateo\Desktop\gmer.exe
[2010/04/15 20:31:53 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Mateo\Desktop\gmer.zip
[2010/04/15 20:18:22 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Mateo\Desktop\dds.scr
[2010/04/15 20:15:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mateo\defogger_reenable
[2010/04/15 20:15:08 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mateo\Desktop\Defogger.exe
[2010/04/15 17:08:36 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\ljazqszr.job
[2010/04/10 20:32:02 | 000,000,688 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/04/10 20:20:56 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/10 14:46:04 | 000,000,355 | ---- | C] () -- C:\Documents and Settings\Mateo\Desktop\fix.reg
[2010/04/10 13:46:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/10 00:39:23 | 000,016,350 | -HS- | C] () -- C:\Documents and Settings\Mateo\Local Settings\Application Data\1804697988
[2010/04/10 00:19:03 | 000,016,540 | -HS- | C] () -- C:\Documents and Settings\Mateo\Local Settings\Application Data\kH832332nVa32
[2010/04/07 00:21:37 | 000,000,004 | ---- | C] () -- C:\Program Files\30534105.dat
[2010/04/07 00:20:30 | 000,004,916 | -HS- | C] () -- C:\Documents and Settings\Mateo\Local Settings\Application Data\86K35bLqF
[2010/04/03 18:37:32 | 000,023,110 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/01/20 19:04:05 | 000,094,720 | -HS- | C] () -- C:\WINDOWS\System32\devopaha.dll
[2010/01/20 19:04:05 | 000,041,984 | -HS- | C] () -- C:\WINDOWS\System32\bebowefo.dll
[2010/01/20 07:04:07 | 000,042,496 | -HS- | C] () -- C:\WINDOWS\System32\yosineku.dll
[2010/01/18 17:17:20 | 000,094,720 | -HS- | C] () -- C:\WINDOWS\System32\dadeyisi.dll
[2010/01/18 17:17:20 | 000,041,984 | -HS- | C] () -- C:\WINDOWS\System32\mekijoru.dll
[2010/01/18 05:17:15 | 000,042,496 | -HS- | C] () -- C:\WINDOWS\System32\kimapuge.dll
[2010/01/17 17:16:55 | 000,095,232 | -HS- | C] () -- C:\WINDOWS\System32\sufohuwe.dll
[2010/01/17 17:16:55 | 000,041,984 | -HS- | C] () -- C:\WINDOWS\System32\virebeyu.dll
[2010/01/17 05:17:42 | 000,041,984 | -HS- | C] () -- C:\WINDOWS\System32\zefulipa.dll
[2010/01/16 17:09:00 | 000,094,720 | -HS- | C] () -- C:\WINDOWS\System32\napijelu.dll
[2010/01/16 17:09:00 | 000,064,512 | -HS- | C] () -- C:\WINDOWS\System32\moyedebi.dll
[2010/01/16 17:09:00 | 000,041,984 | -HS- | C] () -- C:\WINDOWS\System32\muvapevi.dll
[2010/01/16 05:09:04 | 000,094,720 | -HS- | C] () -- C:\WINDOWS\System32\lulapifi.dll
[2010/01/15 17:09:09 | 000,065,024 | -HS- | C] () -- C:\WINDOWS\System32\wayapego.dll
[2010/01/15 17:09:09 | 000,065,024 | -HS- | C] () -- C:\WINDOWS\System32\nolahaga.dll
[2010/01/15 17:09:09 | 000,065,024 | -HS- | C] () -- C:\WINDOWS\System32\kawoyake.dll
[2010/01/15 05:08:32 | 000,094,720 | -HS- | C] () -- C:\WINDOWS\System32\tigefeki.dll
[2009/04/01 12:56:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mateo\Ÿ9Ÿ9
[2009/03/01 03:05:11 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Mateo\Application Data\ay6wYKYrnn.gif
[2009/03/01 03:05:11 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Mateo\Application Data\ay6wYKYryy.gif
[2009/03/01 03:05:10 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Mateo\Application Data\ay6wYKYrtt.gif
[2008/08/23 16:14:42 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/06/08 13:18:29 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Mateo\Local Settings\Application Data\AutobahnAcceleratorInstall.txt
[2008/03/29 22:10:00 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\Mateo\Application Data\autobahn.log
[2007/05/26 13:37:12 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/05/26 13:37:11 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/11/30 00:09:00 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\A30C3E205C.dll
[2004/12/26 01:43:40 | 000,242,688 | ---- | C] () -- C:\Documents and Settings\Mateo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/12/25 16:42:52 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Mateo\Local Settings\Application Data\fusioncache.dat
[2004/12/25 16:21:09 | 006,553,600 | -H-- | C] () -- C:\Documents and Settings\Mateo\NTUSER.DAT
[2004/12/25 16:21:09 | 000,012,288 | -H-- | C] () -- C:\Documents and Settings\Mateo\ntuser.dat.LOG
[2004/12/25 16:21:09 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Mateo\NTUSER.INI
[2004/12/21 18:47:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/12/14 10:15:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/14 10:09:57 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/14 10:05:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/14 09:49:20 | 000,057,344 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2004/12/14 09:49:20 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/12/14 09:44:48 | 000,262,144 | ---- | C] () -- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
[2004/12/14 09:44:48 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
[2004/12/14 09:34:10 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:49:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 10:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/10 15:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 15:08:16 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\NTUSER.INI
[2004/08/10 15:08:14 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.INI
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/01/17 19:20:39 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/17 16:07:42 | 000,030,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYM_U3.SYS
[1980/01/01 08:00:00 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[1980/01/01 08:00:00 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

========== LOP Check ==========

[2009/04/02 20:06:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\SACore
[2009/05/10 20:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2007/12/03 21:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateo\Application Data\Aim
[2005/12/02 17:08:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Mateo\Application Data\Blippy Games
[2010/04/20 19:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateo\Application Data\Free Download Manager
[2007/12/23 17:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateo\Application Data\iWin
[2005/09/09 15:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateo\Application Data\Leadertech
[2009/07/19 19:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateo\Application Data\Opera
[2007/08/05 01:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateo\Application Data\SecondLife
[2007/01/30 20:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateo\Application Data\Viewpoint
[2010/04/24 18:01:45 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\iqcfsfxx.job
[2010/04/24 18:01:45 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\ljazqszr.job
[2010/04/15 01:13:49 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/04/01 01:00:10 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/04/22 20:02:16 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\plmtxlfq.job
[2010/04/24 18:01:45 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\xcydixxb.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/09/23 20:09:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/09/23 20:09:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/09/23 20:09:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/09/23 20:09:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:46:57 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dnsapi.dll
[2010/03/11 08:38:52 | 006,067,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\ieframe.dll
[2010/03/11 08:38:52 | 000,268,288 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\iertutil.dll
[2008/04/13 20:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\mstask.dll
[2008/04/13 20:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\ntdsapi.dll
[2008/04/13 20:12:03 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\psapi.dll
[2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\shell32.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 14:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/10 14:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/10 14:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/20 18:59:05 | 000,015,944 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\hitmanpro35.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys
[2010/04/15 03:46:36 | 000,030,688 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys

========== Files - Unicode (All) ==========
[2010/04/19 19:14:22 | 000,095,232 | ---- | M] ()(C:\Documents and Settings\Mateo\Desktop\N???????????) -- C:\Documents and Settings\Mateo\Desktop\N粐▰粕��▧粕⟌粕ৄ
[2010/04/19 19:14:22 | 000,095,232 | ---- | C] ()(C:\Documents and Settings\Mateo\Desktop\N???????????) -- C:\Documents and Settings\Mateo\Desktop\N粐▰粕��▧粕⟌粕ৄ
< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users