Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware help. HijackThis logs plus more information


  • This topic is locked This topic is locked
35 replies to this topic

#1 frawgster

frawgster

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 03 December 2010 - 11:10 PM

Since yesterday, I've been having difficulties with my PC.

I'm running Windows Vista Home Premium, build 6002.

Here are some of the problems I'm having.

Upon boot up, I greeted with an error that says that sshnas21.dll cannot be found.

Also, some links I click on in google redirect me to a random search engine of some sort. This hasn't happened to me in the last 4 hours or so, though.

I've attached some screenshots of the various errors and trojan warnings that I'm given. I've also attached my HijackThis log.

So far, I've run Spy Sweeper, Registry Easy, and Malware Bytes. I've run all three in both normal mode, and in safe mode. Each time I run them, threats are found and removed, but return upon reboot. Registry Easy has repaired my registry, but it doesn't seem to make a difference. Nothing seems to have fixed the problems I'm having. I'm lost as to what I should do to fix these problems. My computer runs normally, but I'm plagued by these types of error messages.

Please help.

Attached File  trojan03.jpg   53.87KB   3 downloadsAttached File  trojan04.jpg   14.23KB   2 downloadsAttached File  trojan02.jpg   53.02KB   2 downloadsAttached File  trojan01.jpg   42.91KB   2 downloadsAttached File  hijackthis.log   16.95KB   2 downloads

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:07 PM

Posted 04 December 2010 - 01:39 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 frawgster

frawgster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 04 December 2010 - 10:15 AM

I appreciate the prompt reply. :)

I'm attaching my DDS and GMER logs. As instructed, I disconnected from the Internet when running DDS, and disabled my CD emulation software while running GMER. I hope my logs aid you in helping me to fix the problems I'm having. Thanks again for the reply :)

EDIT: Here's a bit more info. Since I created and uploaded these logs, my computer has not been behaving as abnormally as it was before. I'm still getting AVG warnings about iexplore.exe being a virus, but they're coming in less frequently than before. I opened my task manager and shut down two suspicious processes. "keygen.exe" was running, and was gobbling up a ton of my processor's resources. "drweb.exe" was running 3 times. I shut it down as well.

EDIT AGAIN: I've received the AVG iexplore warning 4 more times. Each time was tied to a different process. The first time the warning was tied to services.exe, which was running 5 times, 1 of which seems legitimate. I shut down the other 4 via the task manager. The second warning was tied to cmd.exe, which was running 2 times. I shut both instances down via the task manager. The third warning was tied to avp32.exe, which was running 2 times. I shut both instances down via the task manager. The fourth warning was tied to svchost.ext, which was running 19 times, 15 of which seemed to be legitmate. I shut the other 4 down via the task manager. All AVG warnings are labled "trojan horse generic".

Attached File  DDS.txt   26.34KB   5 downloadsAttached File  gmer.log   150.8KB   5 downloads

Edited by frawgster, 04 December 2010 - 02:50 PM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:07 PM

Posted 04 December 2010 - 06:26 PM

Hello frawgster,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

2.
Download and Rename Combofix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below. You must rename it 1234.scr before saving it to your desktop.

Link 1
Link 2


Posted Image


Posted Image
--------------------------------------------------------------------
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on 1234.scr & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 frawgster

frawgster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 04 December 2010 - 10:02 PM

Update. I ran rkill as instructed. I then ran Combofix. While combofix was running, I stepped away from the computer for 20 minutes. When I returned, my machine had restarted. There is no log file present, and an error message was on my screen indicating that windows had recovered from an unexpected shutdown in the form of a blue screen.

Shall I try to run rkill and combofix again? Should I keep an eye on my computer to try to get specifics about the blue screen? My rkill log is attached. Thanks again for all your help.

Attached File  rkill.log   740bytes   1 downloads

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:07 PM

Posted 04 December 2010 - 10:22 PM

Hello,

Please look and see if there is a log at C:\Combofix.txt and see if there is a log. If not then try running it Rkill then Combofix directly after it.

Edited by fireman4it, 04 December 2010 - 10:22 PM.
spelling

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 frawgster

frawgster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 04 December 2010 - 11:26 PM

There is no log. I ran RKill again. I ran combofix again. Windows got a blue screen (BSOD) error after stage 16 was completed.

Details of the error are:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 1000007e
BCP1: C0000005
BCP2: 828885D8
BCP3: 8BD44794
BCP4: 8BD44490
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini120410-02.dmp
C:\Users\OJCLAUD\AppData\Local\Temp\WER-85816-0.sysdata.xml
C:\Users\OJCLAUD\AppData\Local\Temp\WER8CB4.tmp.version.txt

I am unable to locate file number 2 and 3 above, as I no longer have the "Folder Options" selection in my Control Panel that is necessary for me to reveal hidden files/folders. Come to think of it, before I started having problems, I had "show hidding files/folders" checked by default. All of my file extensions would show by default. That's no longer the case.

How should I proceed?

Edited by frawgster, 04 December 2010 - 11:58 PM.


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:07 PM

Posted 05 December 2010 - 05:22 PM

Hello,

Well I have found the problem that may be preventing Combofix from finishing.

1.
ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.

2.
Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".

3.
Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

4.
Please download exeHelper to your desktop. Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

5.
Download and Run ComboFix from Safemode

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Now Boot into Safemode

    This can be done tapping the F8 key as soon as you start your computer
    You will be brought to a menu where you can choose to boot into safe mode.
    Make sure you choose the option with networking support.
    Please see here for additional details.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Edited by fireman4it, 05 December 2010 - 05:24 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 frawgster

frawgster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 05 December 2010 - 05:54 PM

I will do this, but please note that I uninstalled AVG before running ComboFix the first time. I will post my results when I have them. One question. Should I still save combofix as 1234.scr, or shall I just save it as combofix.exe? Thanks :)

Edited by frawgster, 05 December 2010 - 05:55 PM.


#10 frawgster

frawgster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 05 December 2010 - 08:14 PM

I followed the steps, and ran Combofix in safe mode. It ran for over an hour, and made no progress. My computer eventually locked up, and I was forced to do a hard reboot. I'm attaching my rkill and exehelper logs.
Attached File  rkill.log   1.16KB   0 downloads Attached File  exehelperlog.txt   414bytes   1 downloads

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:07 PM

Posted 05 December 2010 - 09:14 PM

Hello,

1.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 frawgster

frawgster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 05 December 2010 - 10:08 PM

Contents of my OTL file are as follows:


OTL logfile created on: 12/5/2010 7:03:53 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\OJCLAUD\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 62.32 Gb Free Space | 21.99% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 9.46 Gb Free Space | 64.58% Space Free | Partition Type: NTFS
Drive J: | 232.88 Gb Total Space | 87.10 Gb Free Space | 37.40% Space Free | Partition Type: NTFS

Computer Name: OJCLAUD-PC | User Name: OJCLAUD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\OJCLAUD\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\4261188399.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\2868445695.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\cmd.exe ()
PRC - C:\Windows\debug.exe ()
PRC - C:\Windows\user.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\iexplarer.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\install.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\win32.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\system.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\avp32.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\smss.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\login.exe ()
PRC - C:\Windows\hexdump.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\spoolsv.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\wininst.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\sysedit.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\taskmgr.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\lsass.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\csrss.exe ()
PRC - C:\Windows\setup.exe ()
PRC - C:\Windows\winlogon.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\win16.exe ()
PRC - C:\Windows\nvsvc32.exe ()
PRC - C:\Windows\win32.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\gdi32.exe ()
PRC - C:\Windows\services.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\drweb.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\winlogon.exe ()
PRC - C:\Windows\cmd.exe ()
PRC - C:\Windows\spoolsv.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\win.exe ()
PRC - C:\Windows\iexplarer.exe ()
PRC - C:\Windows\avp.exe ()
PRC - C:\Windows\login.exe ()
PRC - C:\Windows\smss.exe ()
PRC - C:\Windows\gdi32.exe ()
PRC - C:\Windows\system.exe ()
PRC - C:\Windows\svchost.exe ()
PRC - C:\Windows\svchost.exe ()
PRC - C:\Windows\mdm.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\nvsvc32.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\svchost.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\svchost.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\services.exe ()
PRC - C:\Windows\lsass.exe ()
PRC - C:\Windows\taskmgr.exe ()
PRC - C:\Windows\install.exe ()
PRC - C:\Windows\wininst.exe ()
PRC - C:\Windows\avp32.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\mdm.exe ()
PRC - C:\Windows\sysedit.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Temp\hexdump.exe ()
PRC - C:\Windows\winamp.exe ()
PRC - C:\Windows\drweb.exe ()
PRC - C:\Users\OJCLAUD\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Users\OJCLAUD\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Logitech\Vid\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Dell Support Center\gs_agent\dsc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\HDD Health\hddhealth.exe (PANTERASoft)
PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\lxbccoms.exe ( )
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Windows\System32\brss01a.exe (brother Industries Ltd)
PRC - C:\Windows\System32\brsvc01a.exe (brother Industries Ltd)


========== Modules (SafeList) ==========

MOD - C:\Users\OJCLAUD\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\toxi5.dll ()
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dciman32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ddraw.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wsock32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\Windows\System32\opengl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\glu32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe File not found
SRV - (HDD & SSD access service) -- C:\Program Files\Common Files\BinarySense\disksvc.exe File not found
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (ASTSRV) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (lxbc_device) -- C:\Windows\System32\lxbccoms.exe ( )
SRV - (Brother XP spl Service) -- C:\Windows\System32\brsvc01a.exe (brother Industries Ltd)


========== Driver Services (SafeList) ==========

DRV - (VBoxNetFlt) -- C:\Windows\System32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\OJCLAUD\AppData\Local\Temp\catchme.sys File not found
DRV - (RegGuard) -- C:\Windows\System32\drivers\regguard.sys (Greatis Software)
DRV - (Partizan) -- C:\Windows\system32\drivers\Partizan.sys (Greatis Software)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LVUVC) Logitech Webcam 500(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (WsAudioDevice_383) -- C:\Windows\System32\drivers\WsAudioDevice_383.sys (Wondershare)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (ssidrv) -- C:\Windows\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\Windows\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (RT25USBAP) -- C:\Windows\System32\drivers\RT25USBAP.SYS (Ralink Technology Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (TPkd) -- C:\Windows\System32\Tpkd.vxd ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.13


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 22:34:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/08/21 16:34:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/04 07:11:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/04 07:11:09 | 000,000,000 | ---D | M]

[2009/01/09 18:00:43 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Extensions
[2009/01/09 18:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/12/03 06:20:37 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\u8vwkm8j.default\extensions
[2010/08/09 21:24:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\u8vwkm8j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/09 21:24:52 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\u8vwkm8j.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/12/04 20:23:00 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions
[2010/09/25 11:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/09/25 11:41:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/09 18:11:54 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}(2)
[2010/09/25 11:41:30 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/09/25 11:41:30 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010/09/25 11:41:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/25 11:41:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/26 06:51:45 | 000,000,000 | ---D | M] (Text-to-Image) -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2009/11/30 23:18:28 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\bettergmail2@ginatrapani.org
[2010/09/25 11:41:28 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\linky@gemal.dk
[2010/09/25 11:41:28 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\multilinks@plugin
[2010/12/04 19:08:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/04 07:11:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/07/23 17:34:38 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/09 09:55:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 06:10:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/04 07:10:51 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/12/04 07:10:51 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010/03/27 17:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/04 07:10:57 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/06/24 19:57:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/06/24 19:57:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/06/24 19:57:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/06/24 19:57:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/06/24 19:57:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/06/24 19:57:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/06/24 19:57:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/10/17 16:15:18 | 000,721,608 | ---- | M] (SwiftView, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npsview.dll
[2010/12/04 07:11:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/12/04 07:11:00 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/12/03 01:03:28 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
[2010/12/04 07:11:00 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/12/04 07:11:00 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/12/04 07:11:00 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/12/04 07:11:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/12/04 07:11:00 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/12/05 15:48:26 | 000,001,999 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 15 more lines...
O2 - BHO: (C:\Windows\system32\toxi5.dll) - {B1B220C1-A503-59BD-F413-02B53A2C8954} - C:\Windows\System32\toxi5.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LvOJfeefn0Z] C:\Users\OJCLAUD\AppData\Local\Temp\system.exe ()
O4 - HKLM..\Run: [LvOJfeefn20ALAUD\AppData\Local\Temp\2868445695.exe] C:\Users\OJCLAUD\AppData\Local\Temp\2868445695.exe ()
O4 - HKLM..\Run: [LvOJfeefnb] C:\Users\OJCLAUD\AppData\Local\Temp\mdm.exe ()
O4 - HKLM..\Run: [LvOJfeefneP] C:\Users\OJCLAUD\AppData\Local\Temp\avp32.exe ()
O4 - HKLM..\Run: [LvOJfeefnePnfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEjwH7WCCBMqXMiwYcJUBwv6SeWwIsFUGDFOzMixo0aPIDdmFAkyFcmRGC2qHBixYMuW
KxV+nEjTpM2aNWfetPmx506cO30ShGkwpsOXRl0mXcq06cqPA/3QdErVKNGqRv08pEZxaFGBV78q
BctSrMWWEL1y1VhUqlaIHjdSE+mHa8OwTfHexUpQq0JqXAHzxar3IsaIUwcPhquYqd+yZAXCtYsw
LNHLMQ8WRkiR5z+3dc0utJzZ5eGuSTUzDTy5dWDArtMaPN149FLU/zjmnrj5b++/h2sPnniUtfHY
x5MjX856rGiBj8G+1SgVt9fKBvFe1k0W6dLft52+/wZ/2zhs88lhF5xZXaXe5sIHmmwc0Tpk2zCN
/x2dPyHp9Qe5ZRJo8+U2YIHPyQcgROQxtBlv9+3HmEX2uSeZdeNFZpZgTA0IWk0XAaaffDc1xGBK
8SEklXMazkaZQY8VJluC+4GFoGmvQdafhgL2aN9cGa1FEWbeefgVbRjSWJFqqsk3RXQavpRjQlAC
l9pDFbIEWF0mTSEZUG4tBBdKuWEF4nopRpVliBCJJGF3o62pVJNFqYYiZtBNoadU7wk2pnVa1XcQ
akSW9SdLng1qW14r4oVSYuvdWCaFpTGEYmSI7WmjiAZyypAfXl40qXP1TWipm4tmtaJYIFmaUYSB
3v8FW5UsXkVUkBqmoiduEQnZX5O0GqhWUYftyCJ0OVXF52c/vajQmd71dRGUsyp6VnG53bprcYFZ
uBWhTQW1ZlglZejqnTN+Wudnbj35pF8civXgsRplioKtDrYpb6TXiecSYtVxRRyiYPrFYLz9crRW
jr/xupu76WZ3lILyBTubrprGNN95SHWWJsXQiUscwNnF66hUeu4J6ncYAvYkuJKZ/G99kqUMc0Ep
z4XwV3YhhhlGKIBar8zYtehfhD95yBN13ZLKLMrvTpTyFHSqlORcYXKmJM1tZbwQqBuBRXR2d/qH
MQpToB00pnKqlGzVXy59KWdydRkxqFO0/SamTwb/WCW8VQvm6T9ql5QR2n6N3O9n2cIMEwqQ5y0i
Y2lDjnbfe5E25FBtaiVg3BTlJCJXTw6Lt5Kk2jcgWjGOijDcuV0uZtqnsTYmbK3Vzlkqao8as0lq
r4q6mPMdzK5EJe7WtNhow31Q6dcCOBTmfYUWcq+aWftS5Z5zti10xHZV4K0n1u6H5SStBRbktDF5
NN2WU70uk4JmfaFJ1GgKN9BzazxtqHQTVVmcdZGU0ep00qqY9ZZGnJsEZiLBA9NaguYajh2nQDup
XNqqcyDejC5pYNITeia0s5hER1fWo1JouoW9o+lpbSrSk4raYqDNLU5ipJOdDQciwnW1CCZjul/l
/9jnq9WhqSvPYw3eppMko5lQgQ7ZmMNKaJCgyQ9nMkST8Likt+ydD3JwWp/eSja5AVJDbSJkEHQs
1zzmTCZlkeqfU5CIwhplZ0WA09L80ga9Ou2pap5DywDn57sz0i42MsRTtn62Fi6xkUuIiR/a1Mip
gYGFj5DEHa4GaZSu2M+O7DLe4iDCR15t6yoplMyRfoSzSTZOMyionWvA56gxxS+TvBtiFsOXt7nB
MZTkw9sYsaPEKmUvWnLxTs8+kzMn3Stk0KOW4EgkNq98UX6dyV/eXimbD9oOOUO8l5/YaDnjAYac
AytliPB2uR4O72vsolVvJCWfllyOjnuaD5Skif8lAsYubRKrYmtEE6gRHkeXBAln5cClweYZyID+
cdf3nIIyh3mlbGUyYlSOmUsUMOuFyPJhlXZomM3Bkn2NE6GdPDKlRulIko18ZDnJEs5YsuR8idxX
FfsYLvsVxnYEixWG8BYqsDHuWVp736sEwr1B8U6WmjkYoX4kIlAVLjtszF/kJnNN2U2PegrxGkW3
qVOZ3K5Mn/QQHw9yueh4h1rv6xVccBpLUtYlqq8pXnMmM7jYzVSrhxwisXRJ1oSK1SUIfCdDXuY/
RNmlg9FZojb1ZkxMiS1eXXIo7+46up4JrKDH3NkL0xag4O3UpgbhY+9cJDibZQlswywajEDjvtr/
HnV+xdLoJTeIONEQJVaqzJ6pBjXBDWIMe3g9HpoEp0bCZfWLDh3ikKALOcFZt0ukFd5gxalYuoHN
XZT6EpBwUlWeEHVXYHpUs2rympzgD7BPClp6u3eXbp4xfoYE42wsJxm1VbdWRDVVbnbVIBVVZ1kB
NZvfIHRUt77qvFc0zDSB5KvOamkya0Rj/9rzEwIJDH+kZKNqJwk87lE3aFg7cIfR6C6ihome0VOl
ljhUqrlZS8Z9aZPNRsesITVyS5el3/Iugt8aKhd2EeoLOSMnOaZCTmqqBWBUXPq/qcmyu8SMSoR4
TKeosulgoEqxbugkNbldKkjuUwv6phw2O22t/yD+jXNagPbkmrYEuGVCSvYqVs8bFxhkIUuJhWfm
rGzeNEbjkdKHgyTghoB0N7ixMXgAK8lIx0+XnoRrbCvEsaXQhE8cKxaH5NiWGYUpYD6WKtkuyEU5
vmSzfURizIbyHqwuWbh+XXLUsnyzie2OWx+2lBmpeFRejVevaYGPRFatyaUWEEoVcvZPc3jVr6LR
tK8EJVU28y7UWJRxSCmoSanMm0h3zi2YbamiACWk0wh6XTaEycBKCMhlNWnJYKTkqqfqPE7qaDPJ
W/ZWBI5ccsWss357mna9+TSb5IqlUh1yHBP864Vcm30eswynerUas8FLTLhl721R0ygaF3Ga1f8j
y6eFmmhkeahdoXR4sRWG24wL/DlWRefvfPfvZdY6Wn+2EZqmxRPEELqMDtGumrLmLJeqxkeii1I/
CfY1B/O0ZF3E3Xxv0p5+/WeGgN6XBN13Inmua1VCZhfVKIK5zTCpXR9aeNyW93SXQv3AcX85Tjzs
b22Hh+faFsqFCRneoVhsSTaaL4G2DqYYZ3vox4qPwf7DZUJ+mC4SnxOxlr74vO8d6jIni08es/IP
KfJapQJiqhTz9GTvK1oP6ZGKGQ/CjYW9k4rlIE3U5/K4WxLxjsWx3yd2TMu/m3OlL5jcE7hICsuL
405MkIyQzKNGcZ2yvlc6nOS6zCyf/jaydhC562tok6ArRvsEc7bb8N6jyhA7RaETf3dhzx+n4gTL
snX7J/lTwwMPD/Yp9iG99FN8IT7AVymOF2jcMRxotxcBdSlhkxqX4Td6Jynmx3xmp0fR53b3AX1h
xDk7YUeFInfUNz+/In/0dxWyhjvP83IX6Dux9TGdhHkymCYq6BsvSGucU4P0YRr3N3wSmGTfwXG9
RiI5qDo8WINosUm18X7fIUAmcoGtoyg5mITb9z6vx3pO6IBlNS4FERAAOw] C:\Users\OJCLAUD\AppData\Local\Temp\avp32.exe ()
O4 - HKLM..\Run: [LvOJfeefnf] C:\Users\OJCLAUD\AppData\Local\Temp\win.exe ()
O4 - HKLM..\Run: [LvOJfeefnfQ] C:\Users\OJCLAUD\AppData\Local\Temp\win16.exe ()
O4 - HKLM..\Run: [LvOJfeefngP] C:\Users\OJCLAUD\AppData\Local\Temp\win32.exe ()
O4 - HKLM..\Run: [LvOJfeefnqe] C:\Users\OJCLAUD\AppData\Local\Temp\login.exe ()
O4 - HKLM..\Run: [LvOJfeefnqg] C:\Users\OJCLAUD\AppData\Local\Temp\hexdump.exe ()
O4 - HKLM..\Run: [LvOJfeefnsb] C:\Users\OJCLAUD\AppData\Local\Temp\drweb.exe ()
O4 - HKLM..\Run: [LvOJfeefnsb (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] C:\Users\OJCLAUD\AppData\Local\Temp\drweb.exe ()
O4 - HKLM..\Run: [LvOJfeefnsd] C:\Users\OJCLAUD\AppData\Local\Temp\taskmgr.exe ()
O4 - HKLM..\Run: [LvOJfeefnsf] C:\Users\OJCLAUD\AppData\Local\Temp\lsass.exe ()
O4 - HKLM..\Run: [LvOJfeefntg] C:\Users\OJCLAUD\AppData\Local\Temp\wininst.exe ()
O4 - HKLM..\Run: [LvOJfeefnth] C:\Users\OJCLAUD\AppData\Local\Temp\svchost.exe ()
O4 - HKLM..\Run: [LvOJfeefntpf] C:\Users\OJCLAUD\AppData\Local\Temp\iexplarer.exe ()
O4 - HKLM..\Run: [LvOJfeefnuf] C:\Users\OJCLAUD\AppData\Local\Temp\csrss.exe ()
O4 - HKLM..\Run: [LvOJfeefnusc] C:\Users\OJCLAUD\AppData\Local\Temp\winlogon.exe ()
O4 - HKLM..\Run: [LvOJfeefnvZ] C:\Users\OJCLAUD\AppData\Local\Temp\install.exe ()
O4 - HKLM..\Run: [LvOJfeefnwe] C:\Users\OJCLAUD\AppData\Local\Temp\setup.exe File not found
O4 - HKLM..\Run: [LvOJfeefnwg] C:\Users\OJCLAUD\AppData\Local\Temp\spoolsv.exe ()
O4 - HKLM..\Run: [LvOJfeefnwpc] C:\Users\OJCLAUD\AppData\Local\Temp\services.exe ()
O4 - HKLM..\Run: [LvOJfeefnxb] C:\Users\OJCLAUD\AppData\Local\Temp\sysedit.exe ()
O4 - HKLM..\Run: [LvOJfeefnxc] C:\Users\OJCLAUD\AppData\Local\Temp\smss.exe ()
O4 - HKLM..\Run: [LvOJfeefnY] C:\Users\OJCLAUD\AppData\Local\Temp\cmd.exe ()
O4 - HKLM..\Run: [LvOJfeefnz1BLAUD\AppData\Local\Temp\4261188399.exe] C:\Users\OJCLAUD\AppData\Local\Temp\4261188399.exe ()
O4 - HKLM..\Run: [LvOJfeefnz9] C:\Users\OJCLAUD\AppData\Local\Temp\nvsvc32.exe ()
O4 - HKLM..\Run: [LvOJfeefnZP] C:\Users\OJCLAUD\AppData\Local\Temp\gdi32.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Mqpe] C:\Windows\avp.exe ()
O4 - HKLM..\Run: [MqpSc] C:\Windows\avp32.exe ()
O4 - HKLM..\Run: [Mqqoc] C:\Windows\debug.exe ()
O4 - HKLM..\Run: [Mqqsc] C:\Windows\drweb.exe ()
O4 - HKLM..\Run: [MqqZ] C:\Windows\cmd.exe ()
O4 - HKLM..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Windows\cmd.exe ()
O4 - HKLM..\Run: [MqqZndtop.info&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP9R+0ewoMGDCBMqXMgQ4cCGCf0slAixosWLGDMmTAWR40ONGT9C/EhNJEGTCikWfKgSpMuX
MBM+RHnSIM2YOA/erNjSIMecQINeNJnqp8CTOy0mPenxKMmjNlcWLIqx50CrMmVSS7VUqNeSBf1I
pNkVKNeyG41WjTi0JFivcCty9KNWIVqlUmsOpApVIM2iYO+GdeiH7Fa3T+MqzlpUZWKdi/Myfbtx
JszCCLn6dRu5s0XMDBMLdlmy6UCRW/n2xSiSIleuU5I+He25qth/dZX2XMxZskPSbsUazV0bJGWN
qVqO3vtP7NihWRsefq36dF/DiJ07b05QM+iQQR+v/zRKNivdqDtlh72N8rj0hYC3TpVfU6/NrXS1
76a8u3hF9xglpxBxdtGH20FT3OYQZeJJVlRdveEG2GYlOaeZfVclR1eFBk2xmnGSNWjdgulJZdJ5
vh34kYLwWYbQdiRapFqBiFWYnIBt3chdd/4dRByAI3XX33245fdbVBIa+CKL913oo5MkuqVhfg8G
udeJLA4JU4NI1RfYf1C9JheKpEFIjUpieUhUX3zNVGNz2jl5FlMjkXeQfj0ieZxJ1p34U1I6LlUe
UmIKlCBCCT6HG2IeHQaWcDCG6FRXc+6EJpNgZgbYa9NtOp2BfTqlE47XrSeWi0iC51ekS57nKIVU
Av8H5UpEfcppacFpiOtZUn7K6IF42dfdn1JtKKmRR5JG60nCoUdhY3GOZWunyU2xqaecZutranbW
x52iBLGaaqjEpUmXZpz1SVViTG4Kp5bAAsXShow6aq+2YtZo4BT8RreakhlJNCSkMnrbHL8I8zvn
sMRpuNGppT0YH1gEjrtZiI3FFnG1qjVlKp+4ljQFCrEtKNWFby5InXb8ivhuVodJlnDCJFvb5qgo
6VqsHwn2zPPPiZZ1prW/iYzZaROm2iqJqfCLQoRQSWlXXWmOjAIKzpF8tZYrkjqVXfxuyPPMA+7m
8IA+6wc0vHeeOpWFac5X72mIUUh3gnz6UTOvvaH/63FeDP5z9dN6De6hsyM2d/aQ1CB8VFFOH2od
kxZGxDLPU55744wQwV3X5rOO955eX46N7qTq0l2aTm/pjQKEVx9qMEPNbjRycvINlPC5hT16I5XA
t8SxXSD9DOHLxKcG5GzhHmp6jQtXWLO+9t599em6by00pGpDNba1cOutsJiRhjr7VgoXWDymRfbe
0J8RUoowuvx5hLC+Jm9F8nOnuf665sD73U/KJZwEocAmrwlbY7wWMJ4RTyNXaZm3eMacAV0nd7RK
l1OapkA34ed7CRJgqM6En60VqjmxC42ogCWSByGMXityWm6WE7a/pKgiidKJgnZCoEIJiG7AU2C0
/3qXsMTxaYNbW1RpXCe7ruRsgI1TmNvo8sIPQbB8egKJhsjjMNx5jnu/g1R8osPBEOpHdyOzFv68
NTntKS8Vg+MK23j0OAaWMUMF3F+8SpQSzFnQJRkTY+WElKzQhE4gHKQISapWMg1S7y3UiB2j4ti7
uj3pQFWy3e4Y2a/ZZaRpa6PSg2jzNjL50SbtsmKpEDmfwtRMJmmUHYZONp00wsZqlYyN+/hGkfwE
Bn8zG9nYaqa2aGVOP5nzWaK+N7YACiZu4SqM1/YikR6iiE/eAaUQf5ewYwoweGIznNZINqVvhnGL
wtliGEEIwkR905gBBKBmqsW7ZDpwdGD7mbmKOf/E/HCPn9Ca0yv79D3UwfObZxpcfgy3TtydZZSv
8eWZFCQWra0kbGwEFoxcNjQyRaVbqmSIrhq3m1hJKJ4PAmBqVFpGUQ7TnI152Z4Ed73uKFRAaEpS
3R6ZrhoeZWxfmiV+iDU7aD4QJhpa5hfXyTv2Pe5Lb7qflOZ3xMSxSmRXG6rVDnemcM3oLP7s2qqk
Who9GgxA2smgofAmKuuY5jL6JOrvMFm7a/qlUTd5HkdeWLHZ5VAgN0Vk5LxqFJUs8K1Qel4tW5ay
kEZTOX/1V0yMlr5B1sQ061SipAzCs9fdkq1VhUxNTjW4CDF0Rz+tzlykeVesEg0pMsSZvoijVLf/
+QZVSlMhbtyJlZk07Ex99QlQD6aw0WiuIKX1URy9aiSqkSpCPYtf0CxJR7ntNILfyYxQtmM+H+XM
d/3ZFXGHRk46JcuyTmFiOs+itaA97lKD8Qn6SIYUt9gyaqdrK9r0ec+oPYaU8VUhJGniyxNOJWxV
bJJPYnre60Grl1orjGGLlJsZ9iwiwrwJWujJ2efm6Wu4Ot9h0nqnNL6SdSc9mr8al9x3vWZwNQ3j
b6yCOagJbmStHY5kmwc0pfZsVgAO0GQuIsYDJywibQISAmPXs06mREKcHdAMzSuQZrJudZ0LpX6U
Gtwtsc5J6uGsNM9VM8JFE3dsBNjbfmIk3K7I/6MfauG4XlXR7N7nVWeV2IPX1j/H8GbKN8yMa9Ik
wNzKd4BUudGGqylakfolNLuyFecg+cnI1CpeIG504pj7TcgYkU2r9bOJREVR1EJHlahBWVslxi1u
rfC2n65gTijzo0wpDr3imp3EpNke/fYpO79Wna/bGlT3jFBFvv7lwgyNQBDN7a6ooxhPkdZmRlUy
Ytf23ZSYE7LAFSkvhb2LoLSC5Ucvz7Hcho9jR5Iz3T7Jrn18kY7mCmmiNKxDp260Un4Z5HVXNyTG
3uOoPTIlVFtROCTJXG4T553ecmdy/mbeUZ2FSOrhRdafxvS+3V0ZOAMSgMLtcriULHCN5yl+F//D
p7rxaWN9MwVZ3vb3nRYoHh1Z8XT5CrB11KTfQua75SnPYFAN7iOliJw6IZa5plKq546Bq204Otul
/31yoZG8u7Rj91GpPc1zUWtaoYPbeA4LOpSK8tH/OuTIAy1uE507oyg/q7C9C5RzsebQYJ9Wt7mO
5LBAtOleb7rEPDnZl9Dt7iRpu7DTRT8NRsd86yVUq0GKn9T28elqMbDi+LJAibbFZT6X/KBSNMeN
V9qIoxw2hlCCrEAP8ketCU+/FwJ0MoJp0yfruWP/Zixh0f7Op/ohsYONcKgiEqwcZznbdwwyVedW
5MGCoISgXzzoD9DjouvusWc/a5JHf9xBWjA19bfEQGyOiGCZAdWHjeP99Q+rM0dUeVRaL1/3b6n9
Sif8Z4AcaOmHf7P6tUP4ZX/+p1kGERAAOw] C:\Windows\cmd.exe ()
O4 - HKLM..\Run: [MqrMc] C:\Windows\gdi32.exe ()
O4 - HKLM..\Run: [Mqrta] C:\Windows\install.exe ()
O4 - HKLM..\Run: [Mqrtc] C:\Windows\hexdump.exe ()
O4 - HKLM..\Run: [Mqruqc] C:\Windows\iexplarer.exe ()
O4 - HKLM..\Run: [Mqsrc] C:\Windows\login.exe ()
O4 - HKLM..\Run: [Mqsuc] C:\Windows\lsass.exe ()
O4 - HKLM..\Run: [MqsZ] C:\Windows\mdm.exe ()
O4 - HKLM..\Run: [Mqtw+] C:\Windows\nvsvc32.exe ()
O4 - HKLM..\Run: [Mque] C:\Windows\user.exe ()
O4 - HKLM..\Run: [Mqug] C:\Windows\smss.exe ()
O4 - HKLM..\Run: [Mqurb] C:\Windows\taskmgr.exe ()
O4 - HKLM..\Run: [Mquse] C:\Windows\svchost.exe ()
O4 - HKLM..\Run: [Mquta] C:\Windows\services.exe ()
O4 - HKLM..\Run: [Mqutc] C:\Windows\sysedit.exe ()
O4 - HKLM..\Run: [Mquuf] C:\Windows\spoolsv.exe ()
O4 - HKLM..\Run: [Mquvc] C:\Windows\setup.exe ()
O4 - HKLM..\Run: [Mquvcla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\setup.exe ()
O4 - HKLM..\Run: [Mquxe] C:\Windows\system.exe ()
O4 - HKLM..\Run: [MqvPc] C:\Windows\win32.exe ()
O4 - HKLM..\Run: [Mqvpe] C:\Windows\winamp.exe ()
O4 - HKLM..\Run: [Mqvpela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\winamp.exe ()
O4 - HKLM..\Run: [Mqvpela/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\winamp.exe ()
O4 - HKLM..\Run: [Mqvre] C:\Windows\wininst.exe ()
O4 - HKLM..\Run: [Mqvrela/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\Windows\wininst.exe ()
O4 - HKLM..\Run: [Mqvsc] C:\Windows\winlogon.exe ()
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [uPc+kt0NXuTaXms] C:\Windows\System32\ar0jbtyy4t.DLL ()
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth.exe (PANTERASoft)
O4 - HKCU..\Run: [Logitech Vid HD] C:\Program Files\Logitech\Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [LvOJfeefn0Z] C:\Users\OJCLAUD\AppData\Local\Temp\system.exe ()
O4 - HKCU..\Run: [LvOJfeefn20ALAUD\AppData\Local\Temp\2868445695.exe] C:\Users\OJCLAUD\AppData\Local\Temp\2868445695.exe ()
O4 - HKCU..\Run: [LvOJfeefnb] C:\Users\OJCLAUD\AppData\Local\Temp\mdm.exe ()
O4 - HKCU..\Run: [LvOJfeefneP] C:\Users\OJCLAUD\AppData\Local\Temp\avp32.exe ()
O4 - HKCU..\Run: [LvOJfeefnePnfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEjwH7WCCBMqXMiwYcJUBwv6SeWwIsFUGDFOzMixo0aPIDdmFAkyFcmRGC2qHBixYMuW
KxV+nEjTpM2aNWfetPmx506cO30ShGkwpsOXRl0mXcq06cqPA/3QdErVKNGqRv08pEZxaFGBV78q
BctSrMWWEL1y1VhUqlaIHjdSE+mHa8OwTfHexUpQq0JqXAHzxar3IsaIUwcPhquYqd+yZAXCtYsw
LNHLMQ8WRkiR5z+3dc0utJzZ5eGuSTUzDTy5dWDArtMaPN149FLU/zjmnrj5b++/h2sPnniUtfHY
x5MjX856rGiBj8G+1SgVt9fKBvFe1k0W6dLft52+/wZ/2zhs88lhF5xZXaXe5sIHmmwc0Tpk2zCN
/x2dPyHp9Qe5ZRJo8+U2YIHPyQcgROQxtBlv9+3HmEX2uSeZdeNFZpZgTA0IWk0XAaaffDc1xGBK
8SEklXMazkaZQY8VJluC+4GFoGmvQdafhgL2aN9cGa1FEWbeefgVbRjSWJFqqsk3RXQavpRjQlAC
l9pDFbIEWF0mTSEZUG4tBBdKuWEF4nopRpVliBCJJGF3o62pVJNFqYYiZtBNoadU7wk2pnVa1XcQ
akSW9SdLng1qW14r4oVSYuvdWCaFpTGEYmSI7WmjiAZyypAfXl40qXP1TWipm4tmtaJYIFmaUYSB
3v8FW5UsXkVUkBqmoiduEQnZX5O0GqhWUYftyCJ0OVXF52c/vajQmd71dRGUsyp6VnG53bprcYFZ
uBWhTQW1ZlglZejqnTN+Wudnbj35pF8civXgsRplioKtDrYpb6TXiecSYtVxRRyiYPrFYLz9crRW
jr/xupu76WZ3lILyBTubrprGNN95SHWWJsXQiUscwNnF66hUeu4J6ncYAvYkuJKZ/G99kqUMc0Ep
z4XwV3YhhhlGKIBar8zYtehfhD95yBN13ZLKLMrvTpTyFHSqlORcYXKmJM1tZbwQqBuBRXR2d/qH
MQpToB00pnKqlGzVXy59KWdydRkxqFO0/SamTwb/WCW8VQvm6T9ql5QR2n6N3O9n2cIMEwqQ5y0i
Y2lDjnbfe5E25FBtaiVg3BTlJCJXTw6Lt5Kk2jcgWjGOijDcuV0uZtqnsTYmbK3Vzlkqao8as0lq
r4q6mPMdzK5EJe7WtNhow31Q6dcCOBTmfYUWcq+aWftS5Z5zti10xHZV4K0n1u6H5SStBRbktDF5
NN2WU70uk4JmfaFJ1GgKN9BzazxtqHQTVVmcdZGU0ep00qqY9ZZGnJsEZiLBA9NaguYajh2nQDup
XNqqcyDejC5pYNITeia0s5hER1fWo1JouoW9o+lpbSrSk4raYqDNLU5ipJOdDQciwnW1CCZjul/l
/9jnq9WhqSvPYw3eppMko5lQgQ7ZmMNKaJCgyQ9nMkST8Likt+ydD3JwWp/eSja5AVJDbSJkEHQs
1zzmTCZlkeqfU5CIwhplZ0WA09L80ga9Ou2pap5DywDn57sz0i42MsRTtn62Fi6xkUuIiR/a1Mip
gYGFj5DEHa4GaZSu2M+O7DLe4iDCR15t6yoplMyRfoSzSTZOMyionWvA56gxxS+TvBtiFsOXt7nB
MZTkw9sYsaPEKmUvWnLxTs8+kzMn3Stk0KOW4EgkNq98UX6dyV/eXimbD9oOOUO8l5/YaDnjAYac
AytliPB2uR4O72vsolVvJCWfllyOjnuaD5Skif8lAsYubRKrYmtEE6gRHkeXBAln5cClweYZyID+
cdf3nIIyh3mlbGUyYlSOmUsUMOuFyPJhlXZomM3Bkn2NE6GdPDKlRulIko18ZDnJEs5YsuR8idxX
FfsYLvsVxnYEixWG8BYqsDHuWVp736sEwr1B8U6WmjkYoX4kIlAVLjtszF/kJnNN2U2PegrxGkW3
qVOZ3K5Mn/QQHw9yueh4h1rv6xVccBpLUtYlqq8pXnMmM7jYzVSrhxwisXRJ1oSK1SUIfCdDXuY/
RNmlg9FZojb1ZkxMiS1eXXIo7+46up4JrKDH3NkL0xag4O3UpgbhY+9cJDibZQlswywajEDjvtr/
HnV+xdLoJTeIONEQJVaqzJ6pBjXBDWIMe3g9HpoEp0bCZfWLDh3ikKALOcFZt0ukFd5gxalYuoHN
XZT6EpBwUlWeEHVXYHpUs2rympzgD7BPClp6u3eXbp4xfoYE42wsJxm1VbdWRDVVbnbVIBVVZ1kB
NZvfIHRUt77qvFc0zDSB5KvOamkya0Rj/9rzEwIJDH+kZKNqJwk87lE3aFg7cIfR6C6ihome0VOl
ljhUqrlZS8Z9aZPNRsesITVyS5el3/Iugt8aKhd2EeoLOSMnOaZCTmqqBWBUXPq/qcmyu8SMSoR4
TKeosulgoEqxbugkNbldKkjuUwv6phw2O22t/yD+jXNagPbkmrYEuGVCSvYqVs8bFxhkIUuJhWfm
rGzeNEbjkdKHgyTghoB0N7ixMXgAK8lIx0+XnoRrbCvEsaXQhE8cKxaH5NiWGYUpYD6WKtkuyEU5
vmSzfURizIbyHqwuWbh+XXLUsnyzie2OWx+2lBmpeFRejVevaYGPRFatyaUWEEoVcvZPc3jVr6LR
tK8EJVU28y7UWJRxSCmoSanMm0h3zi2YbamiACWk0wh6XTaEycBKCMhlNWnJYKTkqqfqPE7qaDPJ
W/ZWBI5ccsWss357mna9+TSb5IqlUh1yHBP864Vcm30eswynerUas8FLTLhl721R0ygaF3Ga1f8j
y6eFmmhkeahdoXR4sRWG24wL/DlWRefvfPfvZdY6Wn+2EZqmxRPEELqMDtGumrLmLJeqxkeii1I/
CfY1B/O0ZF3E3Xxv0p5+/WeGgN6XBN13Inmua1VCZhfVKIK5zTCpXR9aeNyW93SXQv3AcX85Tjzs
b22Hh+faFsqFCRneoVhsSTaaL4G2DqYYZ3vox4qPwf7DZUJ+mC4SnxOxlr74vO8d6jIni08es/IP
KfJapQJiqhTz9GTvK1oP6ZGKGQ/CjYW9k4rlIE3U5/K4WxLxjsWx3yd2TMu/m3OlL5jcE7hICsuL
405MkIyQzKNGcZ2yvlc6nOS6zCyf/jaydhC562tok6ArRvsEc7bb8N6jyhA7RaETf3dhzx+n4gTL
snX7J/lTwwMPD/Yp9iG99FN8IT7AVymOF2jcMRxotxcBdSlhkxqX4Td6Jynmx3xmp0fR53b3AX1h
xDk7YUeFInfUNz+/In/0dxWyhjvP83IX6Dux9TGdhHkymCYq6BsvSGucU4P0YRr3N3wSmGTfwXG9
RiI5qDo8WINosUm18X7fIUAmcoGtoyg5mITb9z6vx3pO6IBlNS4FERAAOw] C:\Users\OJCLAUD\AppData\Local\Temp\avp32.exe ()
O4 - HKCU..\Run: [LvOJfeefnf] C:\Users\OJCLAUD\AppData\Local\Temp\win.exe ()
O4 - HKCU..\Run: [LvOJfeefnfQ] C:\Users\OJCLAUD\AppData\Local\Temp\win16.exe ()
O4 - HKCU..\Run: [LvOJfeefngP] C:\Users\OJCLAUD\AppData\Local\Temp\win32.exe ()
O4 - HKCU..\Run: [LvOJfeefnqe] C:\Users\OJCLAUD\AppData\Local\Temp\login.exe ()
O4 - HKCU..\Run: [LvOJfeefnqg] C:\Users\OJCLAUD\AppData\Local\Temp\hexdump.exe ()
O4 - HKCU..\Run: [LvOJfeefnsb] C:\Users\OJCLAUD\AppData\Local\Temp\drweb.exe ()
O4 - HKCU..\Run: [LvOJfeefnsb (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] C:\Users\OJCLAUD\AppData\Local\Temp\drweb.exe ()
O4 - HKCU..\Run: [LvOJfeefnsd] C:\Users\OJCLAUD\AppData\Local\Temp\taskmgr.exe ()
O4 - HKCU..\Run: [LvOJfeefnsf] C:\Users\OJCLAUD\AppData\Local\Temp\lsass.exe ()
O4 - HKCU..\Run: [LvOJfeefntg] C:\Users\OJCLAUD\AppData\Local\Temp\wininst.exe ()
O4 - HKCU..\Run: [LvOJfeefnth] C:\Users\OJCLAUD\AppData\Local\Temp\svchost.exe ()
O4 - HKCU..\Run: [LvOJfeefntpf] C:\Users\OJCLAUD\AppData\Local\Temp\iexplarer.exe ()
O4 - HKCU..\Run: [LvOJfeefnuf] C:\Users\OJCLAUD\AppData\Local\Temp\csrss.exe ()
O4 - HKCU..\Run: [LvOJfeefnusc] C:\Users\OJCLAUD\AppData\Local\Temp\winlogon.exe ()
O4 - HKCU..\Run: [LvOJfeefnvZ] C:\Users\OJCLAUD\AppData\Local\Temp\install.exe ()
O4 - HKCU..\Run: [LvOJfeefnwe] C:\Users\OJCLAUD\AppData\Local\Temp\setup.exe File not found
O4 - HKCU..\Run: [LvOJfeefnwg] C:\Users\OJCLAUD\AppData\Local\Temp\spoolsv.exe ()
O4 - HKCU..\Run: [LvOJfeefnwpc] C:\Users\OJCLAUD\AppData\Local\Temp\services.exe ()
O4 - HKCU..\Run: [LvOJfeefnxb] C:\Users\OJCLAUD\AppData\Local\Temp\sysedit.exe ()
O4 - HKCU..\Run: [LvOJfeefnxc] C:\Users\OJCLAUD\AppData\Local\Temp\smss.exe ()
O4 - HKCU..\Run: [LvOJfeefnY] C:\Users\OJCLAUD\AppData\Local\Temp\cmd.exe ()
O4 - HKCU..\Run: [LvOJfeefnz1BLAUD\AppData\Local\Temp\4261188399.exe] C:\Users\OJCLAUD\AppData\Local\Temp\4261188399.exe ()
O4 - HKCU..\Run: [LvOJfeefnz9] C:\Users\OJCLAUD\AppData\Local\Temp\nvsvc32.exe ()
O4 - HKCU..\Run: [LvOJfeefnZP] C:\Users\OJCLAUD\AppData\Local\Temp\gdi32.exe ()
O4 - HKCU..\Run: [Mqpe] C:\Windows\avp.exe ()
O4 - HKCU..\Run: [MqpSc] C:\Windows\avp32.exe ()
O4 - HKCU..\Run: [Mqqoc] C:\Windows\debug.exe ()
O4 - HKCU..\Run: [Mqqsc] C:\Windows\drweb.exe ()
O4 - HKCU..\Run: [MqqZ] C:\Windows\cmd.exe ()
O4 - HKCU..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Windows\cmd.exe ()
O4 - HKCU..\Run: [MqqZndtop.info&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP9R+0ewoMGDCBMqXMgQ4cCGCf0slAixosWLGDMmTAWR40ONGT9C/EhNJEGTCikWfKgSpMuX
MBM+RHnSIM2YOA/erNjSIMecQINeNJnqp8CTOy0mPenxKMmjNlcWLIqx50CrMmVSS7VUqNeSBf1I
pNkVKNeyG41WjTi0JFivcCty9KNWIVqlUmsOpApVIM2iYO+GdeiH7Fa3T+MqzlpUZWKdi/Myfbtx
JszCCLn6dRu5s0XMDBMLdlmy6UCRW/n2xSiSIleuU5I+He25qth/dZX2XMxZskPSbsUazV0bJGWN
qVqO3vtP7NihWRsefq36dF/DiJ07b05QM+iQQR+v/zRKNivdqDtlh72N8rj0hYC3TpVfU6/NrXS1
76a8u3hF9xglpxBxdtGH20FT3OYQZeJJVlRdveEG2GYlOaeZfVclR1eFBk2xmnGSNWjdgulJZdJ5
vh34kYLwWYbQdiRapFqBiFWYnIBt3chdd/4dRByAI3XX33245fdbVBIa+CKL913oo5MkuqVhfg8G
udeJLA4JU4NI1RfYf1C9JheKpEFIjUpieUhUX3zNVGNz2jl5FlMjkXeQfj0ieZxJ1p34U1I6LlUe
UmIKlCBCCT6HG2IeHQaWcDCG6FRXc+6EJpNgZgbYa9NtOp2BfTqlE47XrSeWi0iC51ekS57nKIVU
Av8H5UpEfcppacFpiOtZUn7K6IF42dfdn1JtKKmRR5JG60nCoUdhY3GOZWunyU2xqaecZutranbW
x52iBLGaaqjEpUmXZpz1SVViTG4Kp5bAAsXShow6aq+2YtZo4BT8RreakhlJNCSkMnrbHL8I8zvn
sMRpuNGppT0YH1gEjrtZiI3FFnG1qjVlKp+4ljQFCrEtKNWFby5InXb8ivhuVodJlnDCJFvb5qgo
6VqsHwn2zPPPiZZ1prW/iYzZaROm2iqJqfCLQoRQSWlXXWmOjAIKzpF8tZYrkjqVXfxuyPPMA+7m
8IA+6wc0vHeeOpWFac5X72mIUUh3gnz6UTOvvaH/63FeDP5z9dN6De6hsyM2d/aQ1CB8VFFOH2od
kxZGxDLPU55744wQwV3X5rOO955eX46N7qTq0l2aTm/pjQKEVx9qMEPNbjRycvINlPC5hT16I5XA
t8SxXSD9DOHLxKcG5GzhHmp6jQtXWLO+9t599em6by00pGpDNba1cOutsJiRhjr7VgoXWDymRfbe
0J8RUoowuvx5hLC+Jm9F8nOnuf665sD73U/KJZwEocAmrwlbY7wWMJ4RTyNXaZm3eMacAV0nd7RK
l1OapkA34ed7CRJgqM6En60VqjmxC42ogCWSByGMXityWm6WE7a/pKgiidKJgnZCoEIJiG7AU2C0
/3qXsMTxaYNbW1RpXCe7ruRsgI1TmNvo8sIPQbB8egKJhsjjMNx5jnu/g1R8osPBEOpHdyOzFv68
NTntKS8Vg+MK23j0OAaWMUMF3F+8SpQSzFnQJRkTY+WElKzQhE4gHKQISapWMg1S7y3UiB2j4ti7
uj3pQFWy3e4Y2a/ZZaRpa6PSg2jzNjL50SbtsmKpEDmfwtRMJmmUHYZONp00wsZqlYyN+/hGkfwE
Bn8zG9nYaqa2aGVOP5nzWaK+N7YACiZu4SqM1/YikR6iiE/eAaUQf5ewYwoweGIznNZINqVvhnGL
wtliGEEIwkR905gBBKBmqsW7ZDpwdGD7mbmKOf/E/HCPn9Ca0yv79D3UwfObZxpcfgy3TtydZZSv
8eWZFCQWra0kbGwEFoxcNjQyRaVbqmSIrhq3m1hJKJ4PAmBqVFpGUQ7TnI152Z4Ed73uKFRAaEpS
3R6ZrhoeZWxfmiV+iDU7aD4QJhpa5hfXyTv2Pe5Lb7qflOZ3xMSxSmRXG6rVDnemcM3oLP7s2qqk
Who9GgxA2smgofAmKuuY5jL6JOrvMFm7a/qlUTd5HkdeWLHZ5VAgN0Vk5LxqFJUs8K1Qel4tW5ay
kEZTOX/1V0yMlr5B1sQ061SipAzCs9fdkq1VhUxNTjW4CDF0Rz+tzlykeVesEg0pMsSZvoijVLf/
+QZVSlMhbtyJlZk07Ex99QlQD6aw0WiuIKX1URy9aiSqkSpCPYtf0CxJR7ntNILfyYxQtmM+H+XM
d/3ZFXGHRk46JcuyTmFiOs+itaA97lKD8Qn6SIYUt9gyaqdrK9r0ec+oPYaU8VUhJGniyxNOJWxV
bJJPYnre60Grl1orjGGLlJsZ9iwiwrwJWujJ2efm6Wu4Ot9h0nqnNL6SdSc9mr8al9x3vWZwNQ3j
b6yCOagJbmStHY5kmwc0pfZsVgAO0GQuIsYDJywibQISAmPXs06mREKcHdAMzSuQZrJudZ0LpX6U
Gtwtsc5J6uGsNM9VM8JFE3dsBNjbfmIk3K7I/6MfauG4XlXR7N7nVWeV2IPX1j/H8GbKN8yMa9Ik
wNzKd4BUudGGqylakfolNLuyFecg+cnI1CpeIG504pj7TcgYkU2r9bOJREVR1EJHlahBWVslxi1u
rfC2n65gTijzo0wpDr3imp3EpNke/fYpO79Wna/bGlT3jFBFvv7lwgyNQBDN7a6ooxhPkdZmRlUy
Ytf23ZSYE7LAFSkvhb2LoLSC5Ucvz7Hcho9jR5Iz3T7Jrn18kY7mCmmiNKxDp260Un4Z5HVXNyTG
3uOoPTIlVFtROCTJXG4T553ecmdy/mbeUZ2FSOrhRdafxvS+3V0ZOAMSgMLtcriULHCN5yl+F//D
p7rxaWN9MwVZ3vb3nRYoHh1Z8XT5CrB11KTfQua75SnPYFAN7iOliJw6IZa5plKq546Bq204Otul
/31yoZG8u7Rj91GpPc1zUWtaoYPbeA4LOpSK8tH/OuTIAy1uE507oyg/q7C9C5RzsebQYJ9Wt7mO
5LBAtOleb7rEPDnZl9Dt7iRpu7DTRT8NRsd86yVUq0GKn9T28elqMbDi+LJAibbFZT6X/KBSNMeN
V9qIoxw2hlCCrEAP8ketCU+/FwJ0MoJp0yfruWP/Zixh0f7Op/ohsYONcKgiEqwcZznbdwwyVedW
5MGCoISgXzzoD9DjouvusWc/a5JHf9xBWjA19bfEQGyOiGCZAdWHjeP99Q+rM0dUeVRaL1/3b6n9
Sif8Z4AcaOmHf7P6tUP4ZX/+p1kGERAAOw] C:\Windows\cmd.exe ()
O4 - HKCU..\Run: [MqrMc] C:\Windows\gdi32.exe ()
O4 - HKCU..\Run: [Mqrta] C:\Windows\install.exe ()
O4 - HKCU..\Run: [Mqrtc] C:\Windows\hexdump.exe ()
O4 - HKCU..\Run: [Mqruqc] C:\Windows\iexplarer.exe ()
O4 - HKCU..\Run: [Mqsrc] C:\Windows\login.exe ()
O4 - HKCU..\Run: [Mqsuc] C:\Windows\lsass.exe ()
O4 - HKCU..\Run: [MqsZ] C:\Windows\mdm.exe ()
O4 - HKCU..\Run: [Mqtw+] C:\Windows\nvsvc32.exe ()
O4 - HKCU..\Run: [Mque] C:\Windows\user.exe ()
O4 - HKCU..\Run: [Mqug] C:\Windows\smss.exe ()
O4 - HKCU..\Run: [Mqurb] C:\Windows\taskmgr.exe ()
O4 - HKCU..\Run: [Mquse] C:\Windows\svchost.exe ()
O4 - HKCU..\Run: [Mquta] C:\Windows\services.exe ()
O4 - HKCU..\Run: [Mqutc] C:\Windows\sysedit.exe ()
O4 - HKCU..\Run: [Mquuf] C:\Windows\spoolsv.exe ()
O4 - HKCU..\Run: [Mquvc] C:\Windows\setup.exe ()
O4 - HKCU..\Run: [Mquvcla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\setup.exe ()
O4 - HKCU..\Run: [Mquxe] C:\Windows\system.exe ()
O4 - HKCU..\Run: [MqvPc] C:\Windows\win32.exe ()
O4 - HKCU..\Run: [Mqvpe] C:\Windows\winamp.exe ()
O4 - HKCU..\Run: [Mqvpela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\winamp.exe ()
O4 - HKCU..\Run: [Mqvpela/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\winamp.exe ()
O4 - HKCU..\Run: [Mqvre] C:\Windows\wininst.exe ()
O4 - HKCU..\Run: [Mqvrela/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\Windows\wininst.exe ()
O4 - HKCU..\Run: [Mqvsc] C:\Windows\winlogon.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uPc+kt0NXuTaXms] C:\Windows\System32\ar0jbtyy4t.DLL ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {B1B220C1-A503-59BD-F413-02B53A2C8954} - juaw98rajewifhausihuggdd - C:\Windows\System32\toxi5.dll ()
O24 - Desktop WallPaper: J:\Documents and Settings\OJ\My Documents\My Pictures\Wallpapers\Widescreen\326490-1024x768-kiss.jpg
O24 - Desktop BackupWallPaper: J:\Documents and Settings\OJ\My Documents\My Pictures\Wallpapers\Widescreen\326490-1024x768-kiss.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (ft Co) - File not found
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/02/13 14:05:07 | 000,000,000 | ---- | M] () - J:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{98e96921-e595-11dd-8bfb-001c26dcafe5}\Shell - "" = AutoRun
O33 - MountPoints2\{98e96921-e595-11dd-8bfb-001c26dcafe5}\Shell\AutoRun\command - "" = L:\Adobe CS5\Set-up.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\Windows\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (ount) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/05 19:02:52 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\OJCLAUD\Desktop\OTL.exe
[2010/12/05 15:48:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/05 15:48:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/05 15:48:32 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/12/05 15:47:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/05 15:47:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/12/05 15:46:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/03 19:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/03 18:55:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\Profiles
[2010/12/03 18:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2010/12/03 17:58:49 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/12/03 17:52:35 | 000,037,600 | ---- | C] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/12/03 17:52:35 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2010/12/03 17:52:28 | 000,000,000 | ---D | C] -- J:\Documents and Settings\OJ\My Documents\RegRun2
[2010/12/03 17:52:25 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2010/12/03 17:52:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2010/12/03 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/12/03 17:52:08 | 009,888,224 | ---- | C] (Greatis Software, LLC. ) -- C:\Users\OJCLAUD\Desktop\unhackme_setup.exe
[2010/12/03 01:12:34 | 000,000,000 | ---D | C] -- C:\Users\OJCLAUD\AppData\Roaming\WhiteSmokeTranslator
[2010/12/03 01:04:28 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/12/02 23:50:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/12/02 22:33:42 | 000,000,000 | ---D | C] -- C:\Users\OJCLAUD\Desktop\to be burned
[2010/12/02 22:25:54 | 000,000,000 | ---D | C] -- C:\Users\OJCLAUD\Desktop\toy story 3
[2010/11/14 22:19:06 | 000,000,000 | ---D | C] -- C:\23f60b7af022c5d44c0adb10
[2009/01/17 12:38:36 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbcserv.dll
[2009/01/17 12:38:36 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbcusb1.dll
[2009/01/17 12:38:36 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbchbn3.dll
[2009/01/17 12:38:36 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbccomc.dll
[2009/01/17 12:38:36 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbcpmui.dll
[2009/01/17 12:38:36 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbclmpm.dll
[2009/01/17 12:38:36 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbccomm.dll
[2009/01/17 12:38:36 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbcinpa.dll
[2009/01/17 12:38:36 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbciesc.dll
[2009/01/17 12:38:36 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBChcp.dll
[2009/01/17 12:38:36 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbcprox.dll
[2009/01/17 12:38:36 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbcpplc.dll
[2009/01/09 23:28:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\OJCLAUD\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/12/05 19:02:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\OJCLAUD\Desktop\OTL.exe
[2010/12/05 18:50:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/05 18:44:26 | 000,664,864 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/05 18:44:26 | 000,124,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/05 18:42:11 | 000,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/12/05 18:41:16 | 000,000,250 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/12/05 18:41:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/05 18:41:13 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/12/05 18:13:59 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1144636083-63767480-2131124494-1000UA.job
[2010/12/05 17:08:54 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{90EDD0BD-BEA6-4592-B879-8C78B7A581E8}.job
[2010/12/05 17:06:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/05 17:06:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/05 17:06:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/05 17:06:20 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/05 17:06:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2010/12/05 15:48:26 | 000,001,999 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2010/12/05 15:47:35 | 003,984,562 | R--- | M] () -- C:\Users\OJCLAUD\Desktop\ComboFix.exe
[2010/12/05 15:29:47 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/05 14:54:27 | 000,294,400 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\exeHelper.com
[2010/12/05 14:48:38 | 000,018,432 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\pointsmk.xls
[2010/12/05 12:43:07 | 000,055,300 | -H-- | M] () -- C:\Windows\debug.exe
[2010/12/05 09:02:22 | 000,055,300 | -H-- | M] () -- C:\Windows\user.exe
[2010/12/04 21:13:31 | 000,024,330 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\kLiPNoTiiCmini.png
[2010/12/04 21:13:31 | 000,000,132 | ---- | M] () -- C:\Users\OJCLAUD\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/12/04 21:13:24 | 000,137,118 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\kLiPNoTiiCmini.psd
[2010/12/04 21:05:58 | 000,037,012 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\ak47riflebig.jpg
[2010/12/04 20:56:43 | 000,069,776 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\orange_fruit_1600x1200.jpg
[2010/12/04 20:16:03 | 380,115,479 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/04 18:38:23 | 000,055,300 | -H-- | M] () -- C:\Windows\hexdump.exe
[2010/12/04 17:41:31 | 000,660,752 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\rkill.scr
[2010/12/04 16:11:19 | 000,055,300 | -H-- | M] () -- C:\Windows\setup.exe
[2010/12/04 16:11:16 | 000,055,300 | -H-- | M] () -- C:\Windows\winlogon.exe
[2010/12/04 16:11:11 | 000,055,300 | -H-- | M] () -- C:\Windows\nvsvc32.exe
[2010/12/04 16:11:09 | 000,055,300 | -H-- | M] () -- C:\Windows\win32.exe
[2010/12/04 12:44:20 | 000,055,300 | -H-- | M] () -- C:\Windows\services.exe
[2010/12/04 12:35:10 | 000,055,300 | -H-- | M] () -- C:\Windows\cmd.exe
[2010/12/04 12:35:08 | 000,055,300 | -H-- | M] () -- C:\Windows\spoolsv.exe
[2010/12/04 12:35:03 | 000,055,300 | -H-- | M] () -- C:\Windows\iexplarer.exe
[2010/12/04 11:17:10 | 000,159,232 | ---- | M] () -- C:\Users\OJCLAUD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/04 10:54:06 | 000,055,300 | -H-- | M] () -- C:\Windows\avp.exe
[2010/12/04 10:54:04 | 000,055,300 | -H-- | M] () -- C:\Windows\login.exe
[2010/12/04 10:54:02 | 000,055,300 | -H-- | M] () -- C:\Windows\smss.exe
[2010/12/04 10:45:45 | 000,055,300 | -H-- | M] () -- C:\Windows\gdi32.exe
[2010/12/04 10:45:40 | 000,055,300 | -H-- | M] () -- C:\Windows\system.exe
[2010/12/04 09:05:35 | 000,016,384 | ---- | M] () -- C:\Users\OJCLAUD\AppData\Roaming\keygen..exe
[2010/12/04 09:03:10 | 000,055,300 | -H-- | M] () -- C:\Windows\svchost.exe
[2010/12/04 09:03:07 | 000,055,300 | -H-- | M] () -- C:\Windows\mdm.exe
[2010/12/04 07:44:51 | 000,055,300 | -H-- | M] () -- C:\Windows\lsass.exe
[2010/12/04 06:01:23 | 000,074,752 | ---- | M] () -- C:\Users\OJCLAUD\AppData\Roaming\86967.exe
[2010/12/04 05:36:59 | 000,630,272 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\dds.scr
[2010/12/03 20:03:37 | 000,014,572 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\trojan04.jpg
[2010/12/03 20:03:04 | 000,055,163 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\trojan03.jpg
[2010/12/03 20:02:52 | 000,054,294 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\trojan02.jpg
[2010/12/03 20:02:17 | 000,043,942 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\trojan01.jpg
[2010/12/03 19:50:28 | 000,002,527 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\HiJackThis.lnk
[2010/12/03 19:32:10 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/12/03 18:34:26 | 000,000,042 | ---- | M] () -- C:\Windows\System32\RegistryEasy.lie
[2010/12/03 18:34:16 | 000,000,871 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\Registry Easy.lnk
[2010/12/03 17:52:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/12/03 17:52:39 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2010/12/03 17:52:39 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/12/03 17:52:35 | 000,037,600 | ---- | M] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/12/03 17:52:35 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2010/12/03 17:52:27 | 000,000,754 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\UnHackMe.lnk
[2010/12/03 17:41:09 | 000,055,300 | -H-- | M] () -- C:\Windows\taskmgr.exe
[2010/12/03 06:49:23 | 000,055,300 | -H-- | M] () -- C:\Windows\install.exe
[2010/12/03 06:49:11 | 000,055,300 | -H-- | M] () -- C:\Windows\wininst.exe
[2010/12/03 06:29:15 | 000,055,300 | -H-- | M] () -- C:\Windows\avp32.exe
[2010/12/03 03:46:13 | 000,055,300 | -H-- | M] () -- C:\Windows\sysedit.exe
[2010/12/03 01:04:58 | 000,055,300 | -H-- | M] () -- C:\Windows\winamp.exe
[2010/12/03 01:04:15 | 000,060,004 | -H-- | M] () -- C:\Windows\drweb.exe
[2010/12/03 01:04:02 | 000,030,000 | ---- | M] () -- C:\Windows\System32\ar0jbtyy4t.dll
[2010/12/03 01:03:55 | 000,030,000 | ---- | M] () -- C:\Windows\System32\toxi5.dll
[2010/12/03 01:03:01 | 000,046,080 | -H-- | M] () -- C:\Windows\System32\choionUI.dll
[2010/12/03 01:02:45 | 000,001,072 | ---- | M] () -- C:\Windows\System32\Improve Your PC.lnk
[2010/12/03 00:55:33 | 000,000,000 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\OTM.exe
[2010/12/02 23:45:20 | 004,026,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/02 22:59:12 | 000,000,668 | ---- | M] () -- C:\Users\OJCLAUD\AppData\Roaming\vso_ts_preview.xml
[2010/12/02 22:58:22 | 1764,665,344 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\despicableme.ISO
[2010/12/02 22:51:42 | 2093,350,912 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\easya.ISO
[2010/12/02 22:44:11 | 1371,717,632 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\socialnetwork.ISO
[2010/12/02 22:38:06 | 1350,023,168 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\frozen.ISO
[2010/12/02 22:30:54 | 2245,527,552 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\outofmyleage.ISO
[2010/12/02 20:15:41 | 000,299,520 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\donations.xls
[2010/12/01 19:18:58 | 000,189,440 | ---- | M] () -- C:\Windows\Cdykea.exe
[2010/11/28 11:14:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1144636083-63767480-2131124494-1000Core.job
[2010/11/27 20:36:48 | 008,662,076 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\Norwegian_Recycling--Miracles.mp3
[2010/11/27 17:26:24 | 000,030,001 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\Farmers®.pdf
[2010/11/23 21:09:24 | 000,035,303 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\Southwest Airlines - Purchase Confirmation.pdf
[2010/11/12 17:53:11 | 011,133,518 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\Video 2.wmv
[2010/11/11 12:44:56 | 009,888,224 | ---- | M] (Greatis Software, LLC. ) -- C:\Users\OJCLAUD\Desktop\unhackme_setup.exe
[2010/11/11 12:44:08 | 000,012,808 | ---- | M] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2010/11/11 07:09:50 | 004,289,574 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\100_2264.avi
[2010/11/11 07:09:42 | 002,864,526 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\100_2263.avi
[2010/11/11 07:09:36 | 005,698,870 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\100_2258.avi
[2010/11/08 22:40:46 | 066,366,450 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\100_2249.MOV
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\OJCLAUD\Desktop\gmer.exe
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe

========== Files Created - No Company Name ==========

[2010/12/05 17:06:20 | 3478,310,912 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/05 15:48:35 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/05 15:48:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/05 15:48:35 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/05 15:48:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/05 15:48:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/05 15:21:13 | 003,984,562 | R--- | C] () -- C:\Users\OJCLAUD\Desktop\ComboFix.exe
[2010/12/05 14:54:26 | 000,294,400 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\exeHelper.com
[2010/12/05 14:48:37 | 000,018,432 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\pointsmk.xls
[2010/12/05 12:43:07 | 000,055,300 | -H-- | C] () -- C:\Windows\debug.exe
[2010/12/05 09:02:22 | 000,055,300 | -H-- | C] () -- C:\Windows\user.exe
[2010/12/04 21:13:30 | 000,024,330 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\kLiPNoTiiCmini.png
[2010/12/04 21:13:23 | 000,137,118 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\kLiPNoTiiCmini.psd
[2010/12/04 21:06:01 | 000,037,012 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\ak47riflebig.jpg
[2010/12/04 20:56:47 | 000,069,776 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\orange_fruit_1600x1200.jpg
[2010/12/04 18:38:23 | 000,055,300 | -H-- | C] () -- C:\Windows\hexdump.exe
[2010/12/04 17:41:30 | 000,660,752 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\rkill.scr
[2010/12/04 16:11:09 | 000,055,300 | -H-- | C] () -- C:\Windows\win32.exe
[2010/12/04 12:35:08 | 000,055,300 | -H-- | C] () -- C:\Windows\spoolsv.exe
[2010/12/04 12:35:03 | 000,055,300 | -H-- | C] () -- C:\Windows\iexplarer.exe
[2010/12/04 10:54:06 | 000,055,300 | -H-- | C] () -- C:\Windows\avp.exe
[2010/12/04 10:54:04 | 000,055,300 | -H-- | C] () -- C:\Windows\login.exe
[2010/12/04 10:54:02 | 000,055,300 | -H-- | C] () -- C:\Windows\smss.exe
[2010/12/04 10:45:47 | 000,055,300 | -H-- | C] () -- C:\Windows\services.exe
[2010/12/04 10:45:45 | 000,055,300 | -H-- | C] () -- C:\Windows\gdi32.exe
[2010/12/04 10:45:43 | 000,055,300 | -H-- | C] () -- C:\Windows\winlogon.exe
[2010/12/04 10:45:40 | 000,055,300 | -H-- | C] () -- C:\Windows\system.exe
[2010/12/04 09:03:10 | 000,055,300 | -H-- | C] () -- C:\Windows\svchost.exe
[2010/12/04 09:03:07 | 000,055,300 | -H-- | C] () -- C:\Windows\mdm.exe
[2010/12/04 07:44:51 | 000,055,300 | -H-- | C] () -- C:\Windows\lsass.exe
[2010/12/04 06:08:13 | 000,296,448 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\gmer.exe
[2010/12/04 06:01:23 | 000,074,752 | ---- | C] () -- C:\Users\OJCLAUD\AppData\Roaming\86967.exe
[2010/12/04 05:36:55 | 000,630,272 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\dds.scr
[2010/12/03 20:05:08 | 000,055,163 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\trojan03.jpg
[2010/12/03 20:05:08 | 000,054,294 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\trojan02.jpg
[2010/12/03 20:05:08 | 000,043,942 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\trojan01.jpg
[2010/12/03 20:05:08 | 000,014,572 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\trojan04.jpg
[2010/12/03 19:50:17 | 000,002,527 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\HiJackThis.lnk
[2010/12/03 18:34:26 | 000,000,042 | ---- | C] () -- C:\Windows\System32\RegistryEasy.lie
[2010/12/03 18:34:16 | 000,000,871 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\Registry Easy.lnk
[2010/12/03 17:52:39 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/12/03 17:52:27 | 000,000,754 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\UnHackMe.lnk
[2010/12/03 17:41:06 | 000,055,300 | -H-- | C] () -- C:\Windows\taskmgr.exe
[2010/12/03 17:40:35 | 000,055,300 | -H-- | C] () -- C:\Windows\nvsvc32.exe
[2010/12/03 06:49:23 | 000,055,300 | -H-- | C] () -- C:\Windows\install.exe
[2010/12/03 06:49:11 | 000,055,300 | -H-- | C] () -- C:\Windows\wininst.exe
[2010/12/03 06:29:15 | 000,055,300 | -H-- | C] () -- C:\Windows\avp32.exe
[2010/12/03 04:54:11 | 000,055,300 | -H-- | C] () -- C:\Windows\setup.exe
[2010/12/03 03:46:13 | 000,055,300 | -H-- | C] () -- C:\Windows\sysedit.exe
[2010/12/03 01:11:35 | 000,055,300 | -H-- | C] () -- C:\Windows\cmd.exe
[2010/12/03 01:04:58 | 000,055,300 | -H-- | C] () -- C:\Windows\winamp.exe
[2010/12/03 01:04:13 | 000,060,004 | -H-- | C] () -- C:\Windows\drweb.exe
[2010/12/03 01:04:02 | 000,030,000 | ---- | C] () -- C:\Windows\System32\ar0jbtyy4t.dll
[2010/12/03 01:03:55 | 000,030,000 | ---- | C] () -- C:\Windows\System32\toxi5.dll
[2010/12/03 01:03:01 | 000,046,080 | -H-- | C] () -- C:\Windows\System32\choionUI.dll
[2010/12/03 01:02:45 | 000,001,072 | ---- | C] () -- C:\Windows\System32\Improve Your PC.lnk
[2010/12/03 00:55:33 | 000,000,000 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\OTM.exe
[2010/12/02 23:50:31 | 380,115,479 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/12/02 22:54:50 | 1764,665,344 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\despicableme.ISO
[2010/12/02 22:46:00 | 2093,350,912 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\easya.ISO
[2010/12/02 22:40:08 | 1371,717,632 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\socialnetwork.ISO
[2010/12/02 22:35:43 | 1350,023,168 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\frozen.ISO
[2010/12/02 22:27:19 | 2245,527,552 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\outofmyleage.ISO
[2010/12/01 19:21:56 | 000,016,384 | ---- | C] () -- C:\Users\OJCLAUD\AppData\Roaming\keygen..exe
[2010/12/01 19:19:15 | 000,189,440 | ---- | C] () -- C:\Windows\Cdykea.exe
[2010/12/01 19:19:00 | 000,000,250 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/11/27 20:36:43 | 008,662,076 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\Norwegian_Recycling--Miracles.mp3
[2010/11/27 17:26:24 | 000,030,001 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\Farmers®.pdf
[2010/11/25 21:41:41 | 000,299,520 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\donations.xls
[2010/11/23 21:09:24 | 000,035,303 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\Southwest Airlines - Purchase Confirmation.pdf
[2010/11/12 17:52:50 | 011,133,518 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\Video 2.wmv
[2010/11/11 07:09:42 | 004,289,574 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\100_2264.avi
[2010/11/11 07:09:37 | 002,864,526 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\100_2263.avi
[2010/11/11 07:09:26 | 005,698,870 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\100_2258.avi
[2010/11/10 23:00:55 | 066,366,450 | ---- | C] () -- C:\Users\OJCLAUD\Desktop\100_2249.MOV
[2010/10/05 18:36:00 | 000,000,132 | ---- | C] () -- C:\Users\OJCLAUD\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/09/09 07:44:55 | 000,000,115 | ---- | C] () -- C:\Users\OJCLAUD\AppData\Roaming\sview.ini
[2010/07/27 07:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 07:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 06:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/07/07 18:02:32 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/07/07 18:02:32 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/05/07 17:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 17:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/11/10 14:30:06 | 000,000,680 | ---- | C] () -- C:\Users\OJCLAUD\AppData\Local\d3d9caps.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/20 09:17:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/22 20:20:16 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/01/18 11:23:22 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/01/17 12:39:47 | 000,000,342 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/01/17 12:38:36 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbcutil.dll
[2009/01/17 12:38:36 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBCinst.dll
[2009/01/17 02:43:44 | 000,000,668 | ---- | C] () -- C:\Users\OJCLAUD\AppData\Roaming\vso_ts_preview.xml
[2009/01/11 21:17:44 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/01/11 21:17:44 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/01/11 21:17:44 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/01/11 07:38:23 | 000,012,070 | ---- | C] () -- C:\Users\OJCLAUD\AppData\Roaming\wklnhst.dat
[2009/01/11 07:37:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/01/10 13:30:38 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/01/10 13:30:38 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\AC151FDD7A.sys
[2009/01/10 12:01:39 | 000,000,463 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/01/10 12:01:39 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2009/01/10 12:01:39 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/01/10 11:56:42 | 000,001,059 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/01/10 11:56:42 | 000,000,153 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/01/10 11:55:41 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/01/10 11:55:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009/01/09 23:33:11 | 000,159,232 | ---- | C] () -- C:\Users\OJCLAUD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/09 23:28:30 | 000,000,034 | ---- | C] () -- C:\Users\OJCLAUD\AppData\Roaming\pcouffin.log
[2009/01/09 23:28:06 | 000,007,887 | ---- | C] () -- C:\Users\OJCLAUD\AppData\Roaming\pcouffin.cat
[2009/01/09 23:28:06 | 000,001,144 | ---- | C] () -- C:\Users\OJCLAUD\AppData\Roaming\pcouffin.inf
[2009/01/03 13:12:44 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/01/03 13:12:44 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/01/03 13:12:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/01/03 13:12:44 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/01/03 13:12:42 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2009/01/03 11:29:18 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2009/01/03 11:29:18 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2009/01/03 11:29:18 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008/02/11 17:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/02/22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbccoin.dll
[2007/02/13 09:14:18 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/10/25 14:51:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbcvs.dll
[2001/11/14 10:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/09/01 16:48:59 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\.BitTornado
[2010/10/10 06:07:40 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\.minecraft
[2010/11/26 22:47:43 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\.purple
[2010/05/19 20:49:46 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Alien Skin
[2010/08/22 00:05:30 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\ascii-art photoshop plugin
[2009/08/29 12:14:31 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Azureus
[2010/04/11 11:06:03 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Canneverbe Limited
[2009/01/18 11:26:03 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\DAEMON Tools
[2009/01/18 11:26:38 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\DAEMON Tools Lite
[2009/07/05 20:40:51 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\DAEMON Tools Pro
[2010/02/05 06:13:16 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\dBpoweramp
[2010/04/27 20:41:44 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\DialIdol.com
[2010/01/08 19:42:23 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\eFax Messenger
[2009/08/29 19:09:02 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\FileZilla
[2010/08/07 20:07:54 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Filter Forge
[2010/08/07 20:15:57 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Filter Forge 2
[2010/04/27 18:14:21 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\FMZilla
[2010/10/16 09:04:43 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\gtk-2.0
[2009/02/03 22:44:13 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Helios
[2010/08/23 06:08:14 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\IrfanView
[2010/01/08 19:42:53 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\j2 Global
[2009/12/19 11:44:34 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Leadertech
[2010/06/26 06:08:54 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Ludia
[2009/07/11 18:36:56 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Opera
[2009/02/01 13:02:48 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\PC-FAX TX
[2010/05/27 19:48:26 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Publish Providers
[2010/07/07 18:02:24 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Samsung
[2010/08/07 19:19:31 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Shinycore
[2010/05/27 19:48:22 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Sony
[2010/10/14 22:25:33 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/09 18:13:25 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\TeamViewer
[2009/02/09 21:45:13 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Template
[2010/01/17 10:46:12 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\TuneUp Software
[2010/12/05 11:57:36 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\uTorrent
[2010/12/02 22:59:11 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\Vso
[2010/12/03 17:47:12 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\WhiteSmokeTranslator
[2010/10/09 19:13:33 | 000,000,000 | ---D | M] -- C:\Users\OJCLAUD\AppData\Roaming\WinFF
[2010/12/05 18:40:11 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/05 17:08:54 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{90EDD0BD-BEA6-4592-B879-8C78B7A581E8}.job
[2010/12/05 18:41:16 | 000,000,250 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:242231A9

< End of report >

#13 frawgster

frawgster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 05 December 2010 - 10:09 PM

Contents of my extras file are as follows:


OTL Extras logfile created on: 12/5/2010 7:03:53 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\OJCLAUD\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 62.32 Gb Free Space | 21.99% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 9.46 Gb Free Space | 64.58% Space Free | Partition Type: NTFS
Drive J: | 232.88 Gb Total Space | 87.10 Gb Free Space | 37.40% Space Free | Partition Type: NTFS

Computer Name: OJCLAUD-PC | User Name: OJCLAUD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1144636083-63767480-2131124494-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108240F7-BCEB-40D3-95D0-1B0C7924EE98}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1BD358C4-DC83-447B-AB07-E9026AE1BA39}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36A90770-38FA-4DD6-AE48-3BD231B61F55}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4F7EE392-22CC-4A94-B693-B9A946A65DE6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6359EBB6-EAC1-496D-B914-80EA193E3096}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{962A3FB8-C0D9-4165-B3F9-03CEECCD869E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A4FE2956-5704-44E1-B3F7-914BEE1A72DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A546797B-B676-4641-8FF9-988107E756DB}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{C655851E-FFC7-4445-8E3D-11DF2B0E7771}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CBE09895-1C27-4B1A-942D-E9CDAEA8CB44}" = rport=2869 | protocol=6 | dir=out | app=system |
"{D5164414-4F10-4A74-80BE-F8B7A7ADAA22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FFA84220-4603-4FC6-9B84-002FEAA6D207}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0710CEC2-59CD-42CC-AD8C-BDA78311FC46}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{0FD9CE96-9447-4D19-8670-41639B54F9F9}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{18845B5D-C80F-4174-8ED8-DDDD17D46C7D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1F3FC6F4-4B81-46D5-9BDC-7F5EBBA5B48A}" = protocol=58 | dir=in | app=system |
"{213E887B-949F-4C86-81B9-4FB5CDBC6092}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{23E9093D-1F36-4710-885B-AED29457B877}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{2F26D17A-FAEF-4411-AFDD-A5D7F23C298F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{31A2551E-7F67-47AE-B1D1-486099080ABA}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{32A397FA-6137-4446-9434-F0A11C688CCB}" = protocol=6 | dir=in | app=c:\users\ojclaud\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{39D98599-AB6B-46FF-949B-99EA2F842A99}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{3D89E779-C45E-4A1B-B01C-7CCF501003D6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4093A240-3233-484E-88D3-A4D144D74F6B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{46548BFF-0B5F-4C74-A18A-F91FA96C5388}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4B96E9DF-5643-45A7-92D7-4E071869DF50}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E924EE7-700E-4B93-9843-3FF4C5FB1F07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5218691E-FEA4-4DF1-A66A-C4D2540AF062}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{52A972EB-57DC-4CCB-AE96-E1CE3EA0537C}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{55354105-A980-468C-9B57-65773227ACD8}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{5E8900B6-6371-438C-8254-B244AC04CC41}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7748A63C-9368-48CD-8ACE-91C3A8B287AE}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{7A12F42C-1934-4937-8BD8-B6077356F9E0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7C8B2727-7743-4F1E-B8C1-4AD6CE387CE5}" = protocol=6 | dir=in | app=c:\program files\logitech\vid\vid.exe |
"{7ED5B448-9ED6-42AA-A0FC-969B4665D0EF}" = protocol=6 | dir=in | app=c:\users\ojclaud\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{835EDE8E-08FB-4843-A195-7EF64ECD8431}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{8C67C50A-EEE7-40AE-98AC-B3C672975EA8}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{94D3A813-B829-45B2-BCEF-1B1C60947502}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{98196405-37EC-4DAB-94F6-D5BAD93EE90F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F777136-ACF6-40FF-9125-ED6C27DB5FDD}" = protocol=17 | dir=in | app=c:\users\ojclaud\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{A4C137B8-B900-4DE9-BF4F-1ED1A7BC8D73}" = protocol=17 | dir=in | app=c:\users\ojclaud\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A87B480C-8CF6-4B56-B86E-66125DB7FC9E}" = protocol=17 | dir=in | app=c:\program files\logitech\vid\vid.exe |
"{A9D344AD-781F-4D60-A14C-1CD24EF5873A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B0571F05-0F2E-4182-A133-0A1AABE3483D}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{B3770E90-36D4-42BF-BFC8-915E27272442}" = dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe |
"{B6A9C9A6-53D7-45F0-956F-81E4AB677E2A}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{BCDC9B0F-1995-47C9-9362-81CBA390B47B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{C660C406-7D4D-47C9-BFDD-6F46F7A5FA17}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C7BC5B04-7216-4450-9D39-B07973FAF457}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{C8F2992A-347F-4BF2-8778-3004DC0FDE90}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CF766B4D-255E-41E2-86CA-1AFAF7D68831}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D6D8A608-ADD7-4AE8-942A-FACF3F5588F8}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{DF9E48EE-4117-4444-A6A6-005C1771F2FF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E8081244-6F47-4191-80AF-F469A823B68F}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{FD614EDC-ED1E-421D-B267-DC8B4F1BFB9A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{FDF94DE9-A25F-4F12-9E51-854CABC214DD}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"TCP Query User{3918B8E4-616C-46BF-A4DC-16213305A5F4}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{3DCDAE9F-A00E-4FCF-87EB-6EAA0F00A410}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4A30D457-441F-472F-9534-BC66D994687D}C:\program files\windows media components\encoder\wmenc.exe" = protocol=6 | dir=in | app=c:\program files\windows media components\encoder\wmenc.exe |
"TCP Query User{66AD4633-AD9A-4D52-8D6A-4AFA900C40FA}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{85B4E14C-33E2-4907-9A00-EF59DA933068}J:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=j:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{AFFEC3F6-7130-45D4-9E11-DBFDB82EDD62}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E5D8CCC2-BC49-47F4-90F8-1D7A2E837F3F}J:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=j:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{817FB4CD-F539-44D4-935C-C2B1E53E8332}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B4B0669B-2B6B-419E-B130-F514DDCFAF68}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B94E3D61-CA6D-4337-944A-FD42472A9142}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{CC8E090C-4D06-4202-8020-7F7CD3610386}J:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=j:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{D31B275E-7859-4FDF-845D-E727EE59A180}J:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=j:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{D8DA8A27-ECBB-4253-B634-59A77630633D}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{DD97F223-740D-40C7-9497-1E45B23B352A}C:\program files\windows media components\encoder\wmenc.exe" = protocol=17 | dir=in | app=c:\program files\windows media components\encoder\wmenc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 22
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.0.52
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{81CB77FF-9789-4337-A46E-185F7876AC40}" = Adobe Photoshop Lightroom 2.6
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.3
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2EC3CA2-1136-45C1-B5AE-AB03DED6E98C}" = Logitech QuickCapture Gadget
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBB02B04-C034-4382-A3F6-57416E2752C4}" = Adobe Creative Suite 5 Master Collection
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"AlphaPlugins RedEyes for Adobe Photoshop_is1" = AlphaPlugins RedEyes
"ascii-art" = ascii-art photoshop plugin 0.0.1
"Audacity_is1" = Audacity 1.2.6
"AVI MPEG RM WMV Joiner_is1" = AVI/MPEG/RM/WMV Joiner 4.81
"AVI Splitter_is1" = AVI Splitter
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo II" = Diablo II
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Family Feud 2010" = Family Feud 2010 1.0.4
"Filter Forge 2_is1" = Filter Forge 2.008
"GoToAssist" = GoToAssist 8.0.0.514
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HDD Health_is1" = HDD Health v3.3 Beta
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.5.15)" = Mozilla Firefox (3.5.15)
"mpegable DS" = mpegable DS decoder
"Path Styler Pro PS" = Shinycore Path Styler Pro 1.5 for Photoshop
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"QBeez 2" = QBeez 2
"Registry Easy_is1" = Registry Easy v5.6
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"ST6UNST #1" = Hero Editor V0.95
"ST6UNST #2" = Hero Editor V0.95 (C:\Program Files\Hero Editor\)
"SwiftView" = SwiftView Viewer
"tintii" = indii.org/tintii
"TuneUp Utilities" = TuneUp Utilities
"UnHackMe_is1" = UnHackMe 5.99 release
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.9
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"Winamp" = Winamp
"WinAmpSideShowGadget" = WinAmp SideShow Gadget (Remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinFF_is1" = WinFF 1.0.4
"WinLiveSuite" = Windows Live Essentials
"WinRAR" = WinRAR
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Xenofex2" = Alien Skin Xenofex 2.0
"Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/4/2010 3:17:32 PM | Computer Name = OJCLAUD-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000374, fault offset 0x000afaf8, process id 0x1d54, application
start time 0x01cb93e7e5aff674.

Error - 12/4/2010 3:18:07 PM | Computer Name = OJCLAUD-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000374, fault offset 0x000afaf8, process id 0x1968, application
start time 0x01cb93e7fabcc1b4.

Error - 12/4/2010 3:18:42 PM | Computer Name = OJCLAUD-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000374, fault offset 0x000afaf8, process id 0x19d8, application
start time 0x01cb93e80fa6c2b4.

Error - 12/4/2010 3:28:45 PM | Computer Name = OJCLAUD-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000374, fault offset 0x000afaf8, process id 0x11f0, application
start time 0x01cb93e976f70374.

Error - 12/4/2010 3:48:35 PM | Computer Name = OJCLAUD-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000374, fault offset 0x000afaf8, process id 0x15b4, application
start time 0x01cb93ec3c185624.

Error - 12/4/2010 7:27:11 PM | Computer Name = OJCLAUD-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000374, fault offset 0x000afaf8, process id 0x1714, application
start time 0x01cb940ac5d917f4.

Error - 12/4/2010 7:37:38 PM | Computer Name = OJCLAUD-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000374, fault offset 0x000afaf8, process id 0x1ac8, application
start time 0x01cb940c3bcd0ec4.

Error - 12/4/2010 7:38:26 PM | Computer Name = OJCLAUD-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000374, fault offset 0x000afaf8, process id 0x894, application
start time 0x01cb940c5868d194.

Error - 12/4/2010 7:50:03 PM | Computer Name = OJCLAUD-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000374, fault offset 0x000afaf8, process id 0x1874, application
start time 0x01cb940df82c84a4.

Error - 12/4/2010 7:58:19 PM | Computer Name = OJCLAUD-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000374, fault offset 0x000afaf8, process id 0x18c4, application
start time 0x01cb940f1f84e2d4.

[ System Events ]
Error - 12/5/2010 9:07:58 PM | Computer Name = OJCLAUD-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/5/2010 9:07:58 PM | Computer Name = OJCLAUD-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/5/2010 9:07:58 PM | Computer Name = OJCLAUD-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/5/2010 9:07:58 PM | Computer Name = OJCLAUD-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/5/2010 9:21:06 PM | Computer Name = OJCLAUD-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 12/5/2010 9:21:06 PM | Computer Name = OJCLAUD-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 12/5/2010 10:42:11 PM | Computer Name = OJCLAUD-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 12/5/2010 10:42:11 PM | Computer Name = OJCLAUD-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 12/5/2010 10:45:11 PM | Computer Name = OJCLAUD-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 12/5/2010 10:45:17 PM | Computer Name = OJCLAUD-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.


< End of report >

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:07 PM

Posted 05 December 2010 - 11:38 PM

Hello,

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

2.
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :Otl
    O4 - HKLM..\Run: [LvOJfeefn20ALAUD\AppData\Local\Temp\2868445695.exe] C:\Users\OJCLAUD\AppData\Local\Temp\2868445695.exe ()
    O4 - HKLM..\Run: [LvOJfeefnb] C:\Users\OJCLAUD\AppData\Local\Temp\mdm.exe ()
    O4 - HKLM..\Run: [LvOJfeefneP] C:\Users\OJCLAUD\AppData\Local\Temp\avp32.exe ()
    O4 - HKLM..\Run: [LvOJfeefnePnfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
    /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
    AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
    MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
    ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
    mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
    zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
    /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
    AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
    M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
    ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
    mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
    zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
    AAj/AP8JHEjwH7WCCBMqXMiwYcJUBwv6SeWwIsFUGDFOzMixo0aPIDdmFAkyFcmRGC2qHBixYMuW
    KxV+nEjTpM2aNWfetPmx506cO30ShGkwpsOXRl0mXcq06cqPA/3QdErVKNGqRv08pEZxaFGBV78q
    BctSrMWWEL1y1VhUqlaIHjdSE+mHa8OwTfHexUpQq0JqXAHzxar3IsaIUwcPhquYqd+yZAXCtYsw
    LNHLMQ8WRkiR5z+3dc0utJzZ5eGuSTUzDTy5dWDArtMaPN149FLU/zjmnrj5b++/h2sPnniUtfHY
    x5MjX856rGiBj8G+1SgVt9fKBvFe1k0W6dLft52+/wZ/2zhs88lhF5xZXaXe5sIHmmwc0Tpk2zCN
    /x2dPyHp9Qe5ZRJo8+U2YIHPyQcgROQxtBlv9+3HmEX2uSeZdeNFZpZgTA0IWk0XAaaffDc1xGBK
    8SEklXMazkaZQY8VJluC+4GFoGmvQdafhgL2aN9cGa1FEWbeefgVbRjSWJFqqsk3RXQavpRjQlAC
    l9pDFbIEWF0mTSEZUG4tBBdKuWEF4nopRpVliBCJJGF3o62pVJNFqYYiZtBNoadU7wk2pnVa1XcQ
    akSW9SdLng1qW14r4oVSYuvdWCaFpTGEYmSI7WmjiAZyypAfXl40qXP1TWipm4tmtaJYIFmaUYSB
    3v8FW5UsXkVUkBqmoiduEQnZX5O0GqhWUYftyCJ0OVXF52c/vajQmd71dRGUsyp6VnG53bprcYFZ
    uBWhTQW1ZlglZejqnTN+Wudnbj35pF8civXgsRplioKtDrYpb6TXiecSYtVxRRyiYPrFYLz9crRW
    jr/xupu76WZ3lILyBTubrprGNN95SHWWJsXQiUscwNnF66hUeu4J6ncYAvYkuJKZ/G99kqUMc0Ep
    z4XwV3YhhhlGKIBar8zYtehfhD95yBN13ZLKLMrvTpTyFHSqlORcYXKmJM1tZbwQqBuBRXR2d/qH
    MQpToB00pnKqlGzVXy59KWdydRkxqFO0/SamTwb/WCW8VQvm6T9ql5QR2n6N3O9n2cIMEwqQ5y0i
    Y2lDjnbfe5E25FBtaiVg3BTlJCJXTw6Lt5Kk2jcgWjGOijDcuV0uZtqnsTYmbK3Vzlkqao8as0lq
    r4q6mPMdzK5EJe7WtNhow31Q6dcCOBTmfYUWcq+aWftS5Z5zti10xHZV4K0n1u6H5SStBRbktDF5
    NN2WU70uk4JmfaFJ1GgKN9BzazxtqHQTVVmcdZGU0ep00qqY9ZZGnJsEZiLBA9NaguYajh2nQDup
    XNqqcyDejC5pYNITeia0s5hER1fWo1JouoW9o+lpbSrSk4raYqDNLU5ipJOdDQciwnW1CCZjul/l
    /9jnq9WhqSvPYw3eppMko5lQgQ7ZmMNKaJCgyQ9nMkST8Likt+ydD3JwWp/eSja5AVJDbSJkEHQs
    1zzmTCZlkeqfU5CIwhplZ0WA09L80ga9Ou2pap5DywDn57sz0i42MsRTtn62Fi6xkUuIiR/a1Mip
    gYGFj5DEHa4GaZSu2M+O7DLe4iDCR15t6yoplMyRfoSzSTZOMyionWvA56gxxS+TvBtiFsOXt7nB
    MZTkw9sYsaPEKmUvWnLxTs8+kzMn3Stk0KOW4EgkNq98UX6dyV/eXimbD9oOOUO8l5/YaDnjAYac
    AytliPB2uR4O72vsolVvJCWfllyOjnuaD5Skif8lAsYubRKrYmtEE6gRHkeXBAln5cClweYZyID+
    cdf3nIIyh3mlbGUyYlSOmUsUMOuFyPJhlXZomM3Bkn2NE6GdPDKlRulIko18ZDnJEs5YsuR8idxX
    FfsYLvsVxnYEixWG8BYqsDHuWVp736sEwr1B8U6WmjkYoX4kIlAVLjtszF/kJnNN2U2PegrxGkW3
    qVOZ3K5Mn/QQHw9yueh4h1rv6xVccBpLUtYlqq8pXnMmM7jYzVSrhxwisXRJ1oSK1SUIfCdDXuY/
    RNmlg9FZojb1ZkxMiS1eXXIo7+46up4JrKDH3NkL0xag4O3UpgbhY+9cJDibZQlswywajEDjvtr/
    HnV+xdLoJTeIONEQJVaqzJ6pBjXBDWIMe3g9HpoEp0bCZfWLDh3ikKALOcFZt0ukFd5gxalYuoHN
    XZT6EpBwUlWeEHVXYHpUs2rympzgD7BPClp6u3eXbp4xfoYE42wsJxm1VbdWRDVVbnbVIBVVZ1kB
    NZvfIHRUt77qvFc0zDSB5KvOamkya0Rj/9rzEwIJDH+kZKNqJwk87lE3aFg7cIfR6C6ihome0VOl
    ljhUqrlZS8Z9aZPNRsesITVyS5el3/Iugt8aKhd2EeoLOSMnOaZCTmqqBWBUXPq/qcmyu8SMSoR4
    TKeosulgoEqxbugkNbldKkjuUwv6phw2O22t/yD+jXNagPbkmrYEuGVCSvYqVs8bFxhkIUuJhWfm
    rGzeNEbjkdKHgyTghoB0N7ixMXgAK8lIx0+XnoRrbCvEsaXQhE8cKxaH5NiWGYUpYD6WKtkuyEU5
    vmSzfURizIbyHqwuWbh+XXLUsnyzie2OWx+2lBmpeFRejVevaYGPRFatyaUWEEoVcvZPc3jVr6LR
    tK8EJVU28y7UWJRxSCmoSanMm0h3zi2YbamiACWk0wh6XTaEycBKCMhlNWnJYKTkqqfqPE7qaDPJ
    W/ZWBI5ccsWss357mna9+TSb5IqlUh1yHBP864Vcm30eswynerUas8FLTLhl721R0ygaF3Ga1f8j
    y6eFmmhkeahdoXR4sRWG24wL/DlWRefvfPfvZdY6Wn+2EZqmxRPEELqMDtGumrLmLJeqxkeii1I/
    CfY1B/O0ZF3E3Xxv0p5+/WeGgN6XBN13Inmua1VCZhfVKIK5zTCpXR9aeNyW93SXQv3AcX85Tjzs
    b22Hh+faFsqFCRneoVhsSTaaL4G2DqYYZ3vox4qPwf7DZUJ+mC4SnxOxlr74vO8d6jIni08es/IP
    KfJapQJiqhTz9GTvK1oP6ZGKGQ/CjYW9k4rlIE3U5/K4WxLxjsWx3yd2TMu/m3OlL5jcE7hICsuL
    405MkIyQzKNGcZ2yvlc6nOS6zCyf/jaydhC562tok6ArRvsEc7bb8N6jyhA7RaETf3dhzx+n4gTL
    snX7J/lTwwMPD/Yp9iG99FN8IT7AVymOF2jcMRxotxcBdSlhkxqX4Td6Jynmx3xmp0fR53b3AX1h
    xDk7YUeFInfUNz+/In/0dxWyhjvP83IX6Dux9TGdhHkymCYq6BsvSGucU4P0YRr3N3wSmGTfwXG9
    RiI5qDo8WINosUm18X7fIUAmcoGtoyg5mITb9z6vx3pO6IBlNS4FERAAOw] C:\Users\OJCLAUD\AppData\Local\Temp\avp32.exe ()
    O4 - HKLM..\Run: [LvOJfeefnf] C:\Users\OJCLAUD\AppData\Local\Temp\win.exe ()
    O4 - HKLM..\Run: [LvOJfeefnfQ] C:\Users\OJCLAUD\AppData\Local\Temp\win16.exe ()
    O4 - HKLM..\Run: [LvOJfeefngP] C:\Users\OJCLAUD\AppData\Local\Temp\win32.exe ()
    O4 - HKLM..\Run: [LvOJfeefnqe] C:\Users\OJCLAUD\AppData\Local\Temp\login.exe ()
    O4 - HKLM..\Run: [LvOJfeefnqg] C:\Users\OJCLAUD\AppData\Local\Temp\hexdump.exe ()
    O4 - HKLM..\Run: [LvOJfeefnsb] C:\Users\OJCLAUD\AppData\Local\Temp\drweb.exe ()
    O4 - HKLM..\Run: [LvOJfeefnsb (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] C:\Users\OJCLAUD\AppData\Local\Temp\drweb.exe ()
    O4 - HKLM..\Run: [LvOJfeefnsd] C:\Users\OJCLAUD\AppData\Local\Temp\taskmgr.exe ()
    O4 - HKLM..\Run: [LvOJfeefnsf] C:\Users\OJCLAUD\AppData\Local\Temp\lsass.exe ()
    O4 - HKLM..\Run: [LvOJfeefntg] C:\Users\OJCLAUD\AppData\Local\Temp\wininst.exe ()
    O4 - HKLM..\Run: [LvOJfeefnth] C:\Users\OJCLAUD\AppData\Local\Temp\svchost.exe ()
    O4 - HKLM..\Run: [LvOJfeefntpf] C:\Users\OJCLAUD\AppData\Local\Temp\iexplarer.exe ()
    O4 - HKLM..\Run: [LvOJfeefnuf] C:\Users\OJCLAUD\AppData\Local\Temp\csrss.exe ()
    O4 - HKLM..\Run: [LvOJfeefnusc] C:\Users\OJCLAUD\AppData\Local\Temp\winlogon.exe ()
    O4 - HKLM..\Run: [LvOJfeefnvZ] C:\Users\OJCLAUD\AppData\Local\Temp\install.exe ()
    O4 - HKLM..\Run: [LvOJfeefnwe] C:\Users\OJCLAUD\AppData\Local\Temp\setup.exe File not found
    O4 - HKLM..\Run: [LvOJfeefnwg] C:\Users\OJCLAUD\AppData\Local\Temp\spoolsv.exe ()
    O4 - HKLM..\Run: [LvOJfeefnwpc] C:\Users\OJCLAUD\AppData\Local\Temp\services.exe ()
    O4 - HKLM..\Run: [LvOJfeefnxb] C:\Users\OJCLAUD\AppData\Local\Temp\sysedit.exe ()
    O4 - HKLM..\Run: [LvOJfeefnxc] C:\Users\OJCLAUD\AppData\Local\Temp\smss.exe ()
    O4 - HKLM..\Run: [LvOJfeefnY] C:\Users\OJCLAUD\AppData\Local\Temp\cmd.exe ()
    O4 - HKLM..\Run: [LvOJfeefnz1BLAUD\AppData\Local\Temp\4261188399.exe] C:\Users\OJCLAUD\AppData\Local\Temp\4261188399.exe ()
    O4 - HKLM..\Run: [LvOJfeefnz9] C:\Users\OJCLAUD\AppData\Local\Temp\nvsvc32.exe ()
    O4 - HKLM..\Run: [LvOJfeefnZP] C:\Users\OJCLAUD\AppData\Local\Temp\gdi32.exe ()
    O4 - HKLM..\Run: [Mqpe] C:\Windows\avp.exe ()
    O4 - HKLM..\Run: [MqpSc] C:\Windows\avp32.exe ()
    O4 - HKLM..\Run: [Mqqoc] C:\Windows\debug.exe ()
    O4 - HKLM..\Run: [Mqqsc] C:\Windows\drweb.exe ()
    O4 - HKLM..\Run: [MqqZ] C:\Windows\cmd.exe ()
    O4 - HKLM..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Windows\cmd.exe ()
    O4 - HKLM..\Run: [MqqZndtop.info&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
    /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
    AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
    MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
    ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
    mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
    zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
    /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
    AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
    M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
    ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
    mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
    zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
    AAj/AP9R+0ewoMGDCBMqXMgQ4cCGCf0slAixosWLGDMmTAWR40ONGT9C/EhNJEGTCikWfKgSpMuX
    MBM+RHnSIM2YOA/erNjSIMecQINeNJnqp8CTOy0mPenxKMmjNlcWLIqx50CrMmVSS7VUqNeSBf1I
    pNkVKNeyG41WjTi0JFivcCty9KNWIVqlUmsOpApVIM2iYO+GdeiH7Fa3T+MqzlpUZWKdi/Myfbtx
    JszCCLn6dRu5s0XMDBMLdlmy6UCRW/n2xSiSIleuU5I+He25qth/dZX2XMxZskPSbsUazV0bJGWN
    qVqO3vtP7NihWRsefq36dF/DiJ07b05QM+iQQR+v/zRKNivdqDtlh72N8rj0hYC3TpVfU6/NrXS1
    76a8u3hF9xglpxBxdtGH20FT3OYQZeJJVlRdveEG2GYlOaeZfVclR1eFBk2xmnGSNWjdgulJZdJ5
    vh34kYLwWYbQdiRapFqBiFWYnIBt3chdd/4dRByAI3XX33245fdbVBIa+CKL913oo5MkuqVhfg8G
    udeJLA4JU4NI1RfYf1C9JheKpEFIjUpieUhUX3zNVGNz2jl5FlMjkXeQfj0ieZxJ1p34U1I6LlUe
    UmIKlCBCCT6HG2IeHQaWcDCG6FRXc+6EJpNgZgbYa9NtOp2BfTqlE47XrSeWi0iC51ekS57nKIVU
    Av8H5UpEfcppacFpiOtZUn7K6IF42dfdn1JtKKmRR5JG60nCoUdhY3GOZWunyU2xqaecZutranbW
    x52iBLGaaqjEpUmXZpz1SVViTG4Kp5bAAsXShow6aq+2YtZo4BT8RreakhlJNCSkMnrbHL8I8zvn
    sMRpuNGppT0YH1gEjrtZiI3FFnG1qjVlKp+4ljQFCrEtKNWFby5InXb8ivhuVodJlnDCJFvb5qgo
    6VqsHwn2zPPPiZZ1prW/iYzZaROm2iqJqfCLQoRQSWlXXWmOjAIKzpF8tZYrkjqVXfxuyPPMA+7m
    8IA+6wc0vHeeOpWFac5X72mIUUh3gnz6UTOvvaH/63FeDP5z9dN6De6hsyM2d/aQ1CB8VFFOH2od
    kxZGxDLPU55744wQwV3X5rOO955eX46N7qTq0l2aTm/pjQKEVx9qMEPNbjRycvINlPC5hT16I5XA
    t8SxXSD9DOHLxKcG5GzhHmp6jQtXWLO+9t599em6by00pGpDNba1cOutsJiRhjr7VgoXWDymRfbe
    0J8RUoowuvx5hLC+Jm9F8nOnuf665sD73U/KJZwEocAmrwlbY7wWMJ4RTyNXaZm3eMacAV0nd7RK
    l1OapkA34ed7CRJgqM6En60VqjmxC42ogCWSByGMXityWm6WE7a/pKgiidKJgnZCoEIJiG7AU2C0
    /3qXsMTxaYNbW1RpXCe7ruRsgI1TmNvo8sIPQbB8egKJhsjjMNx5jnu/g1R8osPBEOpHdyOzFv68
    NTntKS8Vg+MK23j0OAaWMUMF3F+8SpQSzFnQJRkTY+WElKzQhE4gHKQISapWMg1S7y3UiB2j4ti7
    uj3pQFWy3e4Y2a/ZZaRpa6PSg2jzNjL50SbtsmKpEDmfwtRMJmmUHYZONp00wsZqlYyN+/hGkfwE
    Bn8zG9nYaqa2aGVOP5nzWaK+N7YACiZu4SqM1/YikR6iiE/eAaUQf5ewYwoweGIznNZINqVvhnGL
    wtliGEEIwkR905gBBKBmqsW7ZDpwdGD7mbmKOf/E/HCPn9Ca0yv79D3UwfObZxpcfgy3TtydZZSv
    8eWZFCQWra0kbGwEFoxcNjQyRaVbqmSIrhq3m1hJKJ4PAmBqVFpGUQ7TnI152Z4Ed73uKFRAaEpS
    3R6ZrhoeZWxfmiV+iDU7aD4QJhpa5hfXyTv2Pe5Lb7qflOZ3xMSxSmRXG6rVDnemcM3oLP7s2qqk
    Who9GgxA2smgofAmKuuY5jL6JOrvMFm7a/qlUTd5HkdeWLHZ5VAgN0Vk5LxqFJUs8K1Qel4tW5ay
    kEZTOX/1V0yMlr5B1sQ061SipAzCs9fdkq1VhUxNTjW4CDF0Rz+tzlykeVesEg0pMsSZvoijVLf/
    +QZVSlMhbtyJlZk07Ex99QlQD6aw0WiuIKX1URy9aiSqkSpCPYtf0CxJR7ntNILfyYxQtmM+H+XM
    d/3ZFXGHRk46JcuyTmFiOs+itaA97lKD8Qn6SIYUt9gyaqdrK9r0ec+oPYaU8VUhJGniyxNOJWxV
    bJJPYnre60Grl1orjGGLlJsZ9iwiwrwJWujJ2efm6Wu4Ot9h0nqnNL6SdSc9mr8al9x3vWZwNQ3j
    b6yCOagJbmStHY5kmwc0pfZsVgAO0GQuIsYDJywibQISAmPXs06mREKcHdAMzSuQZrJudZ0LpX6U
    Gtwtsc5J6uGsNM9VM8JFE3dsBNjbfmIk3K7I/6MfauG4XlXR7N7nVWeV2IPX1j/H8GbKN8yMa9Ik
    wNzKd4BUudGGqylakfolNLuyFecg+cnI1CpeIG504pj7TcgYkU2r9bOJREVR1EJHlahBWVslxi1u
    rfC2n65gTijzo0wpDr3imp3EpNke/fYpO79Wna/bGlT3jFBFvv7lwgyNQBDN7a6ooxhPkdZmRlUy
    Ytf23ZSYE7LAFSkvhb2LoLSC5Ucvz7Hcho9jR5Iz3T7Jrn18kY7mCmmiNKxDp260Un4Z5HVXNyTG
    3uOoPTIlVFtROCTJXG4T553ecmdy/mbeUZ2FSOrhRdafxvS+3V0ZOAMSgMLtcriULHCN5yl+F//D
    p7rxaWN9MwVZ3vb3nRYoHh1Z8XT5CrB11KTfQua75SnPYFAN7iOliJw6IZa5plKq546Bq204Otul
    /31yoZG8u7Rj91GpPc1zUWtaoYPbeA4LOpSK8tH/OuTIAy1uE507oyg/q7C9C5RzsebQYJ9Wt7mO
    5LBAtOleb7rEPDnZl9Dt7iRpu7DTRT8NRsd86yVUq0GKn9T28elqMbDi+LJAibbFZT6X/KBSNMeN
    V9qIoxw2hlCCrEAP8ketCU+/FwJ0MoJp0yfruWP/Zixh0f7Op/ohsYONcKgiEqwcZznbdwwyVedW
    5MGCoISgXzzoD9DjouvusWc/a5JHf9xBWjA19bfEQGyOiGCZAdWHjeP99Q+rM0dUeVRaL1/3b6n9
    Sif8Z4AcaOmHf7P6tUP4ZX/+p1kGERAAOw] C:\Windows\cmd.exe ()
    O4 - HKLM..\Run: [MqrMc] C:\Windows\gdi32.exe ()
    O4 - HKLM..\Run: [Mqrta] C:\Windows\install.exe ()
    O4 - HKLM..\Run: [Mqrtc] C:\Windows\hexdump.exe ()
    O4 - HKLM..\Run: [Mqruqc] C:\Windows\iexplarer.exe ()
    O4 - HKLM..\Run: [Mqsrc] C:\Windows\login.exe ()
    O4 - HKLM..\Run: [Mqsuc] C:\Windows\lsass.exe ()
    O4 - HKLM..\Run: [MqsZ] C:\Windows\mdm.exe ()
    O4 - HKLM..\Run: [Mqtw+] C:\Windows\nvsvc32.exe ()
    O4 - HKLM..\Run: [Mque] C:\Windows\user.exe ()
    O4 - HKLM..\Run: [Mqug] C:\Windows\smss.exe ()
    O4 - HKLM..\Run: [Mqurb] C:\Windows\taskmgr.exe ()
    O4 - HKLM..\Run: [Mquse] C:\Windows\svchost.exe ()
    O4 - HKLM..\Run: [Mquta] C:\Windows\services.exe ()
    O4 - HKLM..\Run: [Mqutc] C:\Windows\sysedit.exe ()
    O4 - HKLM..\Run: [Mquuf] C:\Windows\spoolsv.exe ()
    O4 - HKLM..\Run: [Mquvc] C:\Windows\setup.exe ()
    O4 - HKLM..\Run: [Mquvcla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\setup.exe ()
    O4 - HKLM..\Run: [Mquxe] C:\Windows\system.exe ()
    O4 - HKLM..\Run: [MqvPc] C:\Windows\win32.exe ()
    O4 - HKLM..\Run: [Mqvpe] C:\Windows\winamp.exe ()
    O4 - HKLM..\Run: [Mqvpela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\winamp.exe ()
    O4 - HKLM..\Run: [Mqvpela/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\winamp.exe ()
    O4 - HKLM..\Run: [Mqvre] C:\Windows\wininst.exe ()
    O4 - HKLM..\Run: [Mqvrela/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\Windows\wininst.exe ()
    O4 - HKLM..\Run: [Mqvsc] C:\Windows\winlogon.exe ()
    O4 - HKLM..\Run: [uPc+kt0NXuTaXms] C:\Windows\System32\ar0jbtyy4t.DLL ()
    O4 - HKCU..\Run: [LvOJfeefn0Z] C:\Users\OJCLAUD\AppData\Local\Temp\system.exe ()
    O4 - HKCU..\Run: [LvOJfeefn20ALAUD\AppData\Local\Temp\2868445695.exe] C:\Users\OJCLAUD\AppData\Local\Temp\2868445695.exe ()
    O4 - HKCU..\Run: [LvOJfeefnb] C:\Users\OJCLAUD\AppData\Local\Temp\mdm.exe ()
    O4 - HKCU..\Run: [LvOJfeefneP] C:\Users\OJCLAUD\AppData\Local\Temp\avp32.exe ()
    O4 - HKCU..\Run: [LvOJfeefnePnfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
    /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
    AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
    MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
    ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
    mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
    zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
    /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
    AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
    M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
    ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
    mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
    zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
    AAj/AP8JHEjwH7WCCBMqXMiwYcJUBwv6SeWwIsFUGDFOzMixo0aPIDdmFAkyFcmRGC2qHBixYMuW
    KxV+nEjTpM2aNWfetPmx506cO30ShGkwpsOXRl0mXcq06cqPA/3QdErVKNGqRv08pEZxaFGBV78q
    BctSrMWWEL1y1VhUqlaIHjdSE+mHa8OwTfHexUpQq0JqXAHzxar3IsaIUwcPhquYqd+yZAXCtYsw
    LNHLMQ8WRkiR5z+3dc0utJzZ5eGuSTUzDTy5dWDArtMaPN149FLU/zjmnrj5b++/h2sPnniUtfHY
    x5MjX856rGiBj8G+1SgVt9fKBvFe1k0W6dLft52+/wZ/2zhs88lhF5xZXaXe5sIHmmwc0Tpk2zCN
    /x2dPyHp9Qe5ZRJo8+U2YIHPyQcgROQxtBlv9+3HmEX2uSeZdeNFZpZgTA0IWk0XAaaffDc1xGBK
    8SEklXMazkaZQY8VJluC+4GFoGmvQdafhgL2aN9cGa1FEWbeefgVbRjSWJFqqsk3RXQavpRjQlAC
    l9pDFbIEWF0mTSEZUG4tBBdKuWEF4nopRpVliBCJJGF3o62pVJNFqYYiZtBNoadU7wk2pnVa1XcQ
    akSW9SdLng1qW14r4oVSYuvdWCaFpTGEYmSI7WmjiAZyypAfXl40qXP1TWipm4tmtaJYIFmaUYSB
    3v8FW5UsXkVUkBqmoiduEQnZX5O0GqhWUYftyCJ0OVXF52c/vajQmd71dRGUsyp6VnG53bprcYFZ
    uBWhTQW1ZlglZejqnTN+Wudnbj35pF8civXgsRplioKtDrYpb6TXiecSYtVxRRyiYPrFYLz9crRW
    jr/xupu76WZ3lILyBTubrprGNN95SHWWJsXQiUscwNnF66hUeu4J6ncYAvYkuJKZ/G99kqUMc0Ep
    z4XwV3YhhhlGKIBar8zYtehfhD95yBN13ZLKLMrvTpTyFHSqlORcYXKmJM1tZbwQqBuBRXR2d/qH
    MQpToB00pnKqlGzVXy59KWdydRkxqFO0/SamTwb/WCW8VQvm6T9ql5QR2n6N3O9n2cIMEwqQ5y0i
    Y2lDjnbfe5E25FBtaiVg3BTlJCJXTw6Lt5Kk2jcgWjGOijDcuV0uZtqnsTYmbK3Vzlkqao8as0lq
    r4q6mPMdzK5EJe7WtNhow31Q6dcCOBTmfYUWcq+aWftS5Z5zti10xHZV4K0n1u6H5SStBRbktDF5
    NN2WU70uk4JmfaFJ1GgKN9BzazxtqHQTVVmcdZGU0ep00qqY9ZZGnJsEZiLBA9NaguYajh2nQDup
    XNqqcyDejC5pYNITeia0s5hER1fWo1JouoW9o+lpbSrSk4raYqDNLU5ipJOdDQciwnW1CCZjul/l
    /9jnq9WhqSvPYw3eppMko5lQgQ7ZmMNKaJCgyQ9nMkST8Likt+ydD3JwWp/eSja5AVJDbSJkEHQs
    1zzmTCZlkeqfU5CIwhplZ0WA09L80ga9Ou2pap5DywDn57sz0i42MsRTtn62Fi6xkUuIiR/a1Mip
    gYGFj5DEHa4GaZSu2M+O7DLe4iDCR15t6yoplMyRfoSzSTZOMyionWvA56gxxS+TvBtiFsOXt7nB
    MZTkw9sYsaPEKmUvWnLxTs8+kzMn3Stk0KOW4EgkNq98UX6dyV/eXimbD9oOOUO8l5/YaDnjAYac
    AytliPB2uR4O72vsolVvJCWfllyOjnuaD5Skif8lAsYubRKrYmtEE6gRHkeXBAln5cClweYZyID+
    cdf3nIIyh3mlbGUyYlSOmUsUMOuFyPJhlXZomM3Bkn2NE6GdPDKlRulIko18ZDnJEs5YsuR8idxX
    FfsYLvsVxnYEixWG8BYqsDHuWVp736sEwr1B8U6WmjkYoX4kIlAVLjtszF/kJnNN2U2PegrxGkW3
    qVOZ3K5Mn/QQHw9yueh4h1rv6xVccBpLUtYlqq8pXnMmM7jYzVSrhxwisXRJ1oSK1SUIfCdDXuY/
    RNmlg9FZojb1ZkxMiS1eXXIo7+46up4JrKDH3NkL0xag4O3UpgbhY+9cJDibZQlswywajEDjvtr/
    HnV+xdLoJTeIONEQJVaqzJ6pBjXBDWIMe3g9HpoEp0bCZfWLDh3ikKALOcFZt0ukFd5gxalYuoHN
    XZT6EpBwUlWeEHVXYHpUs2rympzgD7BPClp6u3eXbp4xfoYE42wsJxm1VbdWRDVVbnbVIBVVZ1kB
    NZvfIHRUt77qvFc0zDSB5KvOamkya0Rj/9rzEwIJDH+kZKNqJwk87lE3aFg7cIfR6C6ihome0VOl
    ljhUqrlZS8Z9aZPNRsesITVyS5el3/Iugt8aKhd2EeoLOSMnOaZCTmqqBWBUXPq/qcmyu8SMSoR4
    TKeosulgoEqxbugkNbldKkjuUwv6phw2O22t/yD+jXNagPbkmrYEuGVCSvYqVs8bFxhkIUuJhWfm
    rGzeNEbjkdKHgyTghoB0N7ixMXgAK8lIx0+XnoRrbCvEsaXQhE8cKxaH5NiWGYUpYD6WKtkuyEU5
    vmSzfURizIbyHqwuWbh+XXLUsnyzie2OWx+2lBmpeFRejVevaYGPRFatyaUWEEoVcvZPc3jVr6LR
    tK8EJVU28y7UWJRxSCmoSanMm0h3zi2YbamiACWk0wh6XTaEycBKCMhlNWnJYKTkqqfqPE7qaDPJ
    W/ZWBI5ccsWss357mna9+TSb5IqlUh1yHBP864Vcm30eswynerUas8FLTLhl721R0ygaF3Ga1f8j
    y6eFmmhkeahdoXR4sRWG24wL/DlWRefvfPfvZdY6Wn+2EZqmxRPEELqMDtGumrLmLJeqxkeii1I/
    CfY1B/O0ZF3E3Xxv0p5+/WeGgN6XBN13Inmua1VCZhfVKIK5zTCpXR9aeNyW93SXQv3AcX85Tjzs
    b22Hh+faFsqFCRneoVhsSTaaL4G2DqYYZ3vox4qPwf7DZUJ+mC4SnxOxlr74vO8d6jIni08es/IP
    KfJapQJiqhTz9GTvK1oP6ZGKGQ/CjYW9k4rlIE3U5/K4WxLxjsWx3yd2TMu/m3OlL5jcE7hICsuL
    405MkIyQzKNGcZ2yvlc6nOS6zCyf/jaydhC562tok6ArRvsEc7bb8N6jyhA7RaETf3dhzx+n4gTL
    snX7J/lTwwMPD/Yp9iG99FN8IT7AVymOF2jcMRxotxcBdSlhkxqX4Td6Jynmx3xmp0fR53b3AX1h
    xDk7YUeFInfUNz+/In/0dxWyhjvP83IX6Dux9TGdhHkymCYq6BsvSGucU4P0YRr3N3wSmGTfwXG9
    RiI5qDo8WINosUm18X7fIUAmcoGtoyg5mITb9z6vx3pO6IBlNS4FERAAOw] C:\Users\OJCLAUD\AppData\Local\Temp\avp32.exe ()
    O4 - HKCU..\Run: [LvOJfeefnf] C:\Users\OJCLAUD\AppData\Local\Temp\win.exe ()
    O4 - HKCU..\Run: [LvOJfeefnfQ] C:\Users\OJCLAUD\AppData\Local\Temp\win16.exe ()
    O4 - HKCU..\Run: [LvOJfeefngP] C:\Users\OJCLAUD\AppData\Local\Temp\win32.exe ()
    O4 - HKCU..\Run: [LvOJfeefnqe] C:\Users\OJCLAUD\AppData\Local\Temp\login.exe ()
    O4 - HKCU..\Run: [LvOJfeefnqg] C:\Users\OJCLAUD\AppData\Local\Temp\hexdump.exe ()
    O4 - HKCU..\Run: [LvOJfeefnsb] C:\Users\OJCLAUD\AppData\Local\Temp\drweb.exe ()
    O4 - HKCU..\Run: [LvOJfeefnsb (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] C:\Users\OJCLAUD\AppData\Local\Temp\drweb.exe ()
    O4 - HKCU..\Run: [LvOJfeefnsd] C:\Users\OJCLAUD\AppData\Local\Temp\taskmgr.exe ()
    O4 - HKCU..\Run: [LvOJfeefnsf] C:\Users\OJCLAUD\AppData\Local\Temp\lsass.exe ()
    O4 - HKCU..\Run: [LvOJfeefntg] C:\Users\OJCLAUD\AppData\Local\Temp\wininst.exe ()
    O4 - HKCU..\Run: [LvOJfeefnth] C:\Users\OJCLAUD\AppData\Local\Temp\svchost.exe ()
    O4 - HKCU..\Run: [LvOJfeefntpf] C:\Users\OJCLAUD\AppData\Local\Temp\iexplarer.exe ()
    O4 - HKCU..\Run: [LvOJfeefnuf] C:\Users\OJCLAUD\AppData\Local\Temp\csrss.exe ()
    O4 - HKCU..\Run: [LvOJfeefnusc] C:\Users\OJCLAUD\AppData\Local\Temp\winlogon.exe ()
    O4 - HKCU..\Run: [LvOJfeefnvZ] C:\Users\OJCLAUD\AppData\Local\Temp\install.exe ()
    O4 - HKCU..\Run: [LvOJfeefnwe] C:\Users\OJCLAUD\AppData\Local\Temp\setup.exe File not found
    O4 - HKCU..\Run: [LvOJfeefnwg] C:\Users\OJCLAUD\AppData\Local\Temp\spoolsv.exe ()
    O4 - HKCU..\Run: [LvOJfeefnwpc] C:\Users\OJCLAUD\AppData\Local\Temp\services.exe ()
    O4 - HKCU..\Run: [LvOJfeefnxb] C:\Users\OJCLAUD\AppData\Local\Temp\sysedit.exe ()
    O4 - HKCU..\Run: [LvOJfeefnxc] C:\Users\OJCLAUD\AppData\Local\Temp\smss.exe ()
    O4 - HKCU..\Run: [LvOJfeefnY] C:\Users\OJCLAUD\AppData\Local\Temp\cmd.exe ()
    O4 - HKCU..\Run: [LvOJfeefnz1BLAUD\AppData\Local\Temp\4261188399.exe] C:\Users\OJCLAUD\AppData\Local\Temp\4261188399.exe ()
    O4 - HKCU..\Run: [LvOJfeefnz9] C:\Users\OJCLAUD\AppData\Local\Temp\nvsvc32.exe ()
    O4 - HKCU..\Run: [LvOJfeefnZP] C:\Users\OJCLAUD\AppData\Local\Temp\gdi32.exe ()
    O4 - HKCU..\Run: [Mqpe] C:\Windows\avp.exe ()
    O4 - HKCU..\Run: [MqpSc] C:\Windows\avp32.exe ()
    O4 - HKCU..\Run: [Mqqoc] C:\Windows\debug.exe ()
    O4 - HKCU..\Run: [Mqqsc] C:\Windows\drweb.exe ()
    O4 - HKCU..\Run: [MqqZ] C:\Windows\cmd.exe ()
    O4 - HKCU..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Windows\cmd.exe ()
    O4 - HKCU..\Run: [MqqZndtop.info&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
    /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
    AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
    MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
    ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
    mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
    zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
    /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
    AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
    M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
    ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
    mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
    zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
    AAj/AP9R+0ewoMGDCBMqXMgQ4cCGCf0slAixosWLGDMmTAWR40ONGT9C/EhNJEGTCikWfKgSpMuX
    MBM+RHnSIM2YOA/erNjSIMecQINeNJnqp8CTOy0mPenxKMmjNlcWLIqx50CrMmVSS7VUqNeSBf1I
    pNkVKNeyG41WjTi0JFivcCty9KNWIVqlUmsOpApVIM2iYO+GdeiH7Fa3T+MqzlpUZWKdi/Myfbtx
    JszCCLn6dRu5s0XMDBMLdlmy6UCRW/n2xSiSIleuU5I+He25qth/dZX2XMxZskPSbsUazV0bJGWN
    qVqO3vtP7NihWRsefq36dF/DiJ07b05QM+iQQR+v/zRKNivdqDtlh72N8rj0hYC3TpVfU6/NrXS1
    76a8u3hF9xglpxBxdtGH20FT3OYQZeJJVlRdveEG2GYlOaeZfVclR1eFBk2xmnGSNWjdgulJZdJ5
    vh34kYLwWYbQdiRapFqBiFWYnIBt3chdd/4dRByAI3XX33245fdbVBIa+CKL913oo5MkuqVhfg8G
    udeJLA4JU4NI1RfYf1C9JheKpEFIjUpieUhUX3zNVGNz2jl5FlMjkXeQfj0ieZxJ1p34U1I6LlUe
    UmIKlCBCCT6HG2IeHQaWcDCG6FRXc+6EJpNgZgbYa9NtOp2BfTqlE47XrSeWi0iC51ekS57nKIVU
    Av8H5UpEfcppacFpiOtZUn7K6IF42dfdn1JtKKmRR5JG60nCoUdhY3GOZWunyU2xqaecZutranbW
    x52iBLGaaqjEpUmXZpz1SVViTG4Kp5bAAsXShow6aq+2YtZo4BT8RreakhlJNCSkMnrbHL8I8zvn
    sMRpuNGppT0YH1gEjrtZiI3FFnG1qjVlKp+4ljQFCrEtKNWFby5InXb8ivhuVodJlnDCJFvb5qgo
    6VqsHwn2zPPPiZZ1prW/iYzZaROm2iqJqfCLQoRQSWlXXWmOjAIKzpF8tZYrkjqVXfxuyPPMA+7m
    8IA+6wc0vHeeOpWFac5X72mIUUh3gnz6UTOvvaH/63FeDP5z9dN6De6hsyM2d/aQ1CB8VFFOH2od
    kxZGxDLPU55744wQwV3X5rOO955eX46N7qTq0l2aTm/pjQKEVx9qMEPNbjRycvINlPC5hT16I5XA
    t8SxXSD9DOHLxKcG5GzhHmp6jQtXWLO+9t599em6by00pGpDNba1cOutsJiRhjr7VgoXWDymRfbe
    0J8RUoowuvx5hLC+Jm9F8nOnuf665sD73U/KJZwEocAmrwlbY7wWMJ4RTyNXaZm3eMacAV0nd7RK
    l1OapkA34ed7CRJgqM6En60VqjmxC42ogCWSByGMXityWm6WE7a/pKgiidKJgnZCoEIJiG7AU2C0
    /3qXsMTxaYNbW1RpXCe7ruRsgI1TmNvo8sIPQbB8egKJhsjjMNx5jnu/g1R8osPBEOpHdyOzFv68
    NTntKS8Vg+MK23j0OAaWMUMF3F+8SpQSzFnQJRkTY+WElKzQhE4gHKQISapWMg1S7y3UiB2j4ti7
    uj3pQFWy3e4Y2a/ZZaRpa6PSg2jzNjL50SbtsmKpEDmfwtRMJmmUHYZONp00wsZqlYyN+/hGkfwE
    Bn8zG9nYaqa2aGVOP5nzWaK+N7YACiZu4SqM1/YikR6iiE/eAaUQf5ewYwoweGIznNZINqVvhnGL
    wtliGEEIwkR905gBBKBmqsW7ZDpwdGD7mbmKOf/E/HCPn9Ca0yv79D3UwfObZxpcfgy3TtydZZSv
    8eWZFCQWra0kbGwEFoxcNjQyRaVbqmSIrhq3m1hJKJ4PAmBqVFpGUQ7TnI152Z4Ed73uKFRAaEpS
    3R6ZrhoeZWxfmiV+iDU7aD4QJhpa5hfXyTv2Pe5Lb7qflOZ3xMSxSmRXG6rVDnemcM3oLP7s2qqk
    Who9GgxA2smgofAmKuuY5jL6JOrvMFm7a/qlUTd5HkdeWLHZ5VAgN0Vk5LxqFJUs8K1Qel4tW5ay
    kEZTOX/1V0yMlr5B1sQ061SipAzCs9fdkq1VhUxNTjW4CDF0Rz+tzlykeVesEg0pMsSZvoijVLf/
    +QZVSlMhbtyJlZk07Ex99QlQD6aw0WiuIKX1URy9aiSqkSpCPYtf0CxJR7ntNILfyYxQtmM+H+XM
    d/3ZFXGHRk46JcuyTmFiOs+itaA97lKD8Qn6SIYUt9gyaqdrK9r0ec+oPYaU8VUhJGniyxNOJWxV
    bJJPYnre60Grl1orjGGLlJsZ9iwiwrwJWujJ2efm6Wu4Ot9h0nqnNL6SdSc9mr8al9x3vWZwNQ3j
    b6yCOagJbmStHY5kmwc0pfZsVgAO0GQuIsYDJywibQISAmPXs06mREKcHdAMzSuQZrJudZ0LpX6U
    Gtwtsc5J6uGsNM9VM8JFE3dsBNjbfmIk3K7I/6MfauG4XlXR7N7nVWeV2IPX1j/H8GbKN8yMa9Ik
    wNzKd4BUudGGqylakfolNLuyFecg+cnI1CpeIG504pj7TcgYkU2r9bOJREVR1EJHlahBWVslxi1u
    rfC2n65gTijzo0wpDr3imp3EpNke/fYpO79Wna/bGlT3jFBFvv7lwgyNQBDN7a6ooxhPkdZmRlUy
    Ytf23ZSYE7LAFSkvhb2LoLSC5Ucvz7Hcho9jR5Iz3T7Jrn18kY7mCmmiNKxDp260Un4Z5HVXNyTG
    3uOoPTIlVFtROCTJXG4T553ecmdy/mbeUZ2FSOrhRdafxvS+3V0ZOAMSgMLtcriULHCN5yl+F//D
    p7rxaWN9MwVZ3vb3nRYoHh1Z8XT5CrB11KTfQua75SnPYFAN7iOliJw6IZa5plKq546Bq204Otul
    /31yoZG8u7Rj91GpPc1zUWtaoYPbeA4LOpSK8tH/OuTIAy1uE507oyg/q7C9C5RzsebQYJ9Wt7mO
    5LBAtOleb7rEPDnZl9Dt7iRpu7DTRT8NRsd86yVUq0GKn9T28elqMbDi+LJAibbFZT6X/KBSNMeN
    V9qIoxw2hlCCrEAP8ketCU+/FwJ0MoJp0yfruWP/Zixh0f7Op/ohsYONcKgiEqwcZznbdwwyVedW
    5MGCoISgXzzoD9DjouvusWc/a5JHf9xBWjA19bfEQGyOiGCZAdWHjeP99Q+rM0dUeVRaL1/3b6n9
    Sif8Z4AcaOmHf7P6tUP4ZX/+p1kGERAAOw] C:\Windows\cmd.exe ()
    O4 - HKCU..\Run: [MqrMc] C:\Windows\gdi32.exe ()
    O4 - HKCU..\Run: [Mqrta] C:\Windows\install.exe ()
    O4 - HKCU..\Run: [Mqrtc] C:\Windows\hexdump.exe ()
    O4 - HKCU..\Run: [Mqruqc] C:\Windows\iexplarer.exe ()
    O4 - HKCU..\Run: [Mqsrc] C:\Windows\login.exe ()
    O4 - HKCU..\Run: [Mqsuc] C:\Windows\lsass.exe ()
    O4 - HKCU..\Run: [MqsZ] C:\Windows\mdm.exe ()
    O4 - HKCU..\Run: [Mqtw+] C:\Windows\nvsvc32.exe ()
    O4 - HKCU..\Run: [Mque] C:\Windows\user.exe ()
    O4 - HKCU..\Run: [Mqug] C:\Windows\smss.exe ()
    O4 - HKCU..\Run: [Mqurb] C:\Windows\taskmgr.exe ()
    O4 - HKCU..\Run: [Mquse] C:\Windows\svchost.exe ()
    O4 - HKCU..\Run: [Mquta] C:\Windows\services.exe ()
    O4 - HKCU..\Run: [Mqutc] C:\Windows\sysedit.exe ()
    O4 - HKCU..\Run: [Mquuf] C:\Windows\spoolsv.exe ()
    O4 - HKCU..\Run: [Mquvc] C:\Windows\setup.exe ()
    O4 - HKCU..\Run: [Mquvcla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\setup.exe ()
    O4 - HKCU..\Run: [Mquxe] C:\Windows\system.exe ()
    O4 - HKCU..\Run: [MqvPc] C:\Windows\win32.exe ()
    O4 - HKCU..\Run: [Mqvpe] C:\Windows\winamp.exe ()
    O4 - HKCU..\Run: [Mqvpela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\winamp.exe ()
    O4 - HKCU..\Run: [Mqvpela/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\winamp.exe ()
    O4 - HKCU..\Run: [Mqvre] C:\Windows\wininst.exe ()
    O4 - HKCU..\Run: [Mqvrela/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\Windows\wininst.exe ()
    O4 - HKCU..\Run: [Mqvsc] C:\Windows\winlogon.exe ()
    
    O4 - HKCU..\Run: [uPc+kt0NXuTaXms] C:\Windows\System32\ar0jbtyy4t.DLL ()
    
    O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
    O4 - HKLM..\RunOnceEx: [Title] File not found
    6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O22 - SharedTaskScheduler: {B1B220C1-A503-59BD-F413-02B53A2C8954} - juaw98rajewifhausihuggdd - C:\Windows\System32\toxi5.dll ()
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8CE646EE
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:242231A9]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Now see if Combofix will run. If not then please post a new OTL log

Things to include in your next reply::
TdssKiller log
OTL fix log
Combofix log if it runs,
OTL log if COmbofix dont run.
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 frawgster

frawgster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 06 December 2010 - 12:16 AM

TDSSKiller Log is as follows:


2010/12/05 20:47:06.0854 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/05 20:47:06.0854 ================================================================================
2010/12/05 20:47:06.0854 SystemInfo:
2010/12/05 20:47:06.0854
2010/12/05 20:47:06.0854 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/05 20:47:06.0854 Product type: Workstation
2010/12/05 20:47:06.0854 ComputerName: OJCLAUD-PC
2010/12/05 20:47:06.0854 UserName: OJCLAUD
2010/12/05 20:47:06.0854 Windows directory: C:\Windows
2010/12/05 20:47:06.0854 System windows directory: C:\Windows
2010/12/05 20:47:06.0854 Processor architecture: Intel x86
2010/12/05 20:47:06.0854 Number of processors: 2
2010/12/05 20:47:06.0854 Page size: 0x1000
2010/12/05 20:47:06.0854 Boot type: Normal boot
2010/12/05 20:47:06.0854 ================================================================================
2010/12/05 20:47:12.0424 Initialize success
2010/12/05 20:47:22.0719 ================================================================================
2010/12/05 20:47:22.0719 Scan started
2010/12/05 20:47:22.0719 Mode: Manual;
2010/12/05 20:47:22.0719 ================================================================================
2010/12/05 20:47:23.0162 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/05 20:47:23.0230 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/12/05 20:47:23.0257 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/12/05 20:47:23.0283 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/12/05 20:47:23.0309 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/12/05 20:47:23.0368 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/05 20:47:23.0404 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/12/05 20:47:23.0451 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/05 20:47:23.0478 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/12/05 20:47:23.0506 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/12/05 20:47:23.0529 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/12/05 20:47:23.0558 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/12/05 20:47:23.0575 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/12/05 20:47:23.0644 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/12/05 20:47:23.0661 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/12/05 20:47:23.0733 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
2010/12/05 20:47:23.0787 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/05 20:47:23.0820 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/05 20:47:23.0867 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/05 20:47:23.0905 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/12/05 20:47:23.0936 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/05 20:47:23.0972 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/05 20:47:24.0002 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/05 20:47:24.0050 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\DRIVERS\BrSerId.sys
2010/12/05 20:47:24.0074 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/05 20:47:24.0109 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/05 20:47:24.0121 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys
2010/12/05 20:47:24.0170 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/12/05 20:47:24.0185 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/05 20:47:24.0231 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/12/05 20:47:24.0274 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/12/05 20:47:24.0296 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/12/05 20:47:24.0349 btwaudio (fc23e3a7ae18b02dcc1a34cbef3f80af) C:\Windows\system32\drivers\btwaudio.sys
2010/12/05 20:47:24.0392 btwavdt (5e14c92763e51130bfb9a670afd7eddf) C:\Windows\system32\drivers\btwavdt.sys
2010/12/05 20:47:24.0425 btwrchid (ac3fd5a3bbfa114098f75b80c4c1f3e7) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/12/05 20:47:24.0632 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/05 20:47:24.0673 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/05 20:47:24.0704 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/12/05 20:47:24.0743 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/05 20:47:24.0778 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/12/05 20:47:24.0803 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2010/12/05 20:47:24.0819 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/12/05 20:47:24.0867 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/12/05 20:47:24.0921 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/05 20:47:24.0954 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/05 20:47:25.0013 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/05 20:47:25.0055 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/05 20:47:25.0116 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/12/05 20:47:25.0140 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/05 20:47:25.0197 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/05 20:47:25.0245 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/12/05 20:47:25.0280 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/12/05 20:47:25.0333 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/05 20:47:25.0347 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/05 20:47:25.0369 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/05 20:47:25.0396 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/05 20:47:25.0422 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/05 20:47:25.0456 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/05 20:47:25.0481 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/05 20:47:25.0524 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
2010/12/05 20:47:25.0539 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/05 20:47:25.0563 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/05 20:47:25.0596 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/05 20:47:25.0657 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/05 20:47:25.0705 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/05 20:47:25.0728 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/05 20:47:25.0776 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/05 20:47:25.0800 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/12/05 20:47:25.0837 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/05 20:47:25.0862 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/12/05 20:47:25.0899 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/05 20:47:25.0939 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2010/12/05 20:47:25.0960 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/12/05 20:47:26.0040 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/05 20:47:26.0094 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/05 20:47:26.0179 IntcAzAudAddService (4eae74c8bcbca309a5d7cbad7e231427) C:\Windows\system32\drivers\RTKVHDA.sys
2010/12/05 20:47:26.0219 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/05 20:47:26.0237 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/05 20:47:26.0270 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/05 20:47:26.0312 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/05 20:47:26.0340 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/05 20:47:26.0370 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/05 20:47:26.0396 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/12/05 20:47:26.0424 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/05 20:47:26.0450 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/05 20:47:26.0481 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/05 20:47:26.0504 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/05 20:47:26.0528 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/05 20:47:26.0567 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/05 20:47:26.0649 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/12/05 20:47:26.0671 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/05 20:47:26.0757 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2010/12/05 20:47:26.0788 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
2010/12/05 20:47:26.0828 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
2010/12/05 20:47:26.0854 LMouFilt (8fe0008e183ff0293a925b78a5581c5f) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/12/05 20:47:26.0894 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/05 20:47:26.0912 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/05 20:47:26.0935 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/05 20:47:26.0947 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/05 20:47:26.0995 LUsbFilt (0dec219cb6efcbc872f88f9aec320ea6) C:\Windows\system32\Drivers\LUsbFilt.Sys
2010/12/05 20:47:27.0023 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys
2010/12/05 20:47:27.0072 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\Windows\system32\DRIVERS\lvrs.sys
2010/12/05 20:47:27.0215 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\Windows\system32\DRIVERS\lvuvc.sys
2010/12/05 20:47:27.0344 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/12/05 20:47:27.0383 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/12/05 20:47:27.0416 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/05 20:47:27.0453 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/05 20:47:27.0467 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/05 20:47:27.0485 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/05 20:47:27.0504 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/05 20:47:27.0535 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/12/05 20:47:27.0564 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/05 20:47:27.0587 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/05 20:47:27.0622 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/05 20:47:27.0652 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/05 20:47:27.0676 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/05 20:47:27.0690 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/05 20:47:27.0717 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2010/12/05 20:47:27.0741 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/12/05 20:47:27.0763 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/05 20:47:27.0789 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/05 20:47:27.0818 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/05 20:47:27.0838 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/05 20:47:27.0872 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/05 20:47:27.0922 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/05 20:47:27.0940 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/05 20:47:27.0962 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/05 20:47:27.0984 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/05 20:47:28.0034 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/05 20:47:28.0091 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/05 20:47:28.0111 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/05 20:47:28.0136 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/05 20:47:28.0173 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/05 20:47:28.0185 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/05 20:47:28.0202 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/05 20:47:28.0246 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/05 20:47:28.0294 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/05 20:47:28.0342 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/05 20:47:28.0369 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/05 20:47:28.0415 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/05 20:47:28.0450 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/05 20:47:28.0470 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/05 20:47:28.0496 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/12/05 20:47:28.0527 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/12/05 20:47:28.0552 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/12/05 20:47:28.0613 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/12/05 20:47:28.0664 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/05 20:47:28.0702 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\Windows\system32\drivers\Partizan.sys
2010/12/05 20:47:28.0721 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/05 20:47:28.0743 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/05 20:47:28.0759 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/05 20:47:28.0783 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/12/05 20:47:28.0808 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/05 20:47:28.0857 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/12/05 20:47:28.0896 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/05 20:47:29.0058 Point32 (858d5d8dbe432b358ca2f9d534169ca1) C:\Windows\system32\DRIVERS\point32k.sys
2010/12/05 20:47:29.0081 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/05 20:47:29.0099 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/12/05 20:47:29.0142 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/05 20:47:29.0215 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/05 20:47:29.0270 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/12/05 20:47:29.0313 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/05 20:47:29.0339 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/05 20:47:29.0428 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/05 20:47:29.0493 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/05 20:47:29.0521 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/05 20:47:29.0554 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/05 20:47:29.0580 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/05 20:47:29.0624 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/05 20:47:29.0650 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/05 20:47:29.0683 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/12/05 20:47:29.0697 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/05 20:47:29.0725 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/05 20:47:29.0756 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\Windows\system32\Drivers\regguard.sys
2010/12/05 20:47:29.0804 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/12/05 20:47:29.0835 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/05 20:47:29.0876 RT25USBAP (d3b4872de758efa9e0740694c4461421) C:\Windows\system32\DRIVERS\rt25usbap.sys
2010/12/05 20:47:29.0905 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/05 20:47:29.0958 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/05 20:47:30.0014 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/05 20:47:30.0061 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/05 20:47:30.0107 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/05 20:47:30.0148 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/12/05 20:47:30.0175 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/05 20:47:30.0195 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/05 20:47:30.0213 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/05 20:47:30.0238 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/12/05 20:47:30.0258 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/12/05 20:47:30.0284 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/12/05 20:47:30.0314 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/05 20:47:30.0348 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/05 20:47:30.0406 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2010/12/05 20:47:30.0406 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/12/05 20:47:30.0411 sptd - detected Locked file (1)
2010/12/05 20:47:30.0461 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/05 20:47:30.0493 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/05 20:47:30.0507 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/05 20:47:30.0536 ssfs0bbc (ef8481dffc7e88c3b080526becf18eef) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
2010/12/05 20:47:30.0576 sshrmd (402ee1bfa1893d5f41716388d14f340b) C:\Windows\system32\DRIVERS\sshrmd.sys
2010/12/05 20:47:30.0602 ssidrv (f14d17b9e2e2303c694f554d224cd294) C:\Windows\system32\DRIVERS\ssidrv.sys
2010/12/05 20:47:30.0643 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2010/12/05 20:47:30.0680 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/05 20:47:30.0725 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/05 20:47:30.0754 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/05 20:47:30.0772 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/05 20:47:30.0831 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/05 20:47:30.0865 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/05 20:47:30.0902 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/05 20:47:30.0922 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/05 20:47:30.0948 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/05 20:47:30.0977 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/05 20:47:31.0016 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/05 20:47:31.0069 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/05 20:47:31.0144 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
2010/12/05 20:47:31.0171 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/05 20:47:31.0201 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/05 20:47:31.0228 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/12/05 20:47:31.0259 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/05 20:47:31.0294 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/05 20:47:31.0316 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/12/05 20:47:31.0339 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/05 20:47:31.0364 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/05 20:47:31.0377 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/05 20:47:31.0432 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/05 20:47:31.0465 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/12/05 20:47:31.0506 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/05 20:47:31.0530 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/05 20:47:31.0561 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/05 20:47:31.0575 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/05 20:47:31.0605 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/05 20:47:31.0641 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/05 20:47:31.0681 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/05 20:47:31.0711 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/05 20:47:31.0741 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/05 20:47:31.0772 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/05 20:47:31.0827 VBoxNetAdp (87f80943992bda64bc2208f3ccd0d38a) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2010/12/05 20:47:31.0865 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/05 20:47:31.0886 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/05 20:47:31.0911 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/12/05 20:47:31.0931 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/12/05 20:47:31.0958 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/12/05 20:47:31.0985 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/05 20:47:32.0026 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/05 20:47:32.0042 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/05 20:47:32.0070 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/12/05 20:47:32.0102 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/05 20:47:32.0122 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/05 20:47:32.0136 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/05 20:47:32.0181 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/12/05 20:47:32.0210 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/05 20:47:32.0313 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/05 20:47:32.0354 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/05 20:47:32.0379 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/05 20:47:32.0414 WsAudioDevice_383 (85ece26f326c2d07ba77a60343468272) C:\Windows\system32\drivers\WsAudioDevice_383.sys
2010/12/05 20:47:32.0450 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/05 20:47:32.0600 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/05 20:47:32.0603 ================================================================================
2010/12/05 20:47:32.0603 Scan finished
2010/12/05 20:47:32.0603 ================================================================================
2010/12/05 20:47:32.0611 Detected object count: 2
2010/12/05 20:48:03.0555 Locked file(sptd) - User select action: Skip
2010/12/05 20:48:03.0584 \HardDisk1 - will be cured after reboot
2010/12/05 20:48:03.0585 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2010/12/05 20:48:17.0794 Deinitialize success

OTL fix log is as follows:


========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefn20ALAUD\AppData\Local\Temp\2868445695.exe deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\2868445695.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnb deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\mdm.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefneP deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\avp32.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File LvOJfeefnePnfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnf deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\win.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnfQ deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\win16.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefngP deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\win32.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnqe deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\login.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnqg deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\hexdump.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnsb deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\drweb.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnsb (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\drweb.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnsd deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\taskmgr.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnsf deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\lsass.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefntg deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\wininst.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnth deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\svchost.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefntpf deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\iexplarer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnuf deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\csrss.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnusc deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\winlogon.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnvZ deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\install.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnwe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnwg deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\spoolsv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnwpc deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\services.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnxb deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\sysedit.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnxc deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\smss.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnY deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\cmd.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnz1BLAUD\AppData\Local\Temp\4261188399.exe deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\4261188399.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnz9 deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\nvsvc32.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnZP deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\gdi32.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqpe deleted successfully.
C:\Windows\avp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MqpSc deleted successfully.
C:\Windows\avp32.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqqoc deleted successfully.
C:\Windows\debug.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqqsc deleted successfully.
C:\Windows\drweb.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MqqZ deleted successfully.
C:\Windows\cmd.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MqqZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 deleted successfully.
File C:\Windows\cmd.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File MqqZndtop.info&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MqrMc deleted successfully.
C:\Windows\gdi32.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqrta deleted successfully.
C:\Windows\install.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqrtc deleted successfully.
C:\Windows\hexdump.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqruqc deleted successfully.
C:\Windows\iexplarer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqsrc deleted successfully.
C:\Windows\login.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqsuc deleted successfully.
C:\Windows\lsass.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MqsZ deleted successfully.
C:\Windows\mdm.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqtw+ deleted successfully.
C:\Windows\nvsvc32.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mque deleted successfully.
C:\Windows\user.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqug deleted successfully.
C:\Windows\smss.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqurb deleted successfully.
C:\Windows\taskmgr.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mquse deleted successfully.
C:\Windows\svchost.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mquta deleted successfully.
C:\Windows\services.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqutc deleted successfully.
C:\Windows\sysedit.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mquuf deleted successfully.
C:\Windows\spoolsv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mquvc deleted successfully.
C:\Windows\setup.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mquvcla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 deleted successfully.
File C:\Windows\setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mquxe deleted successfully.
C:\Windows\system.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MqvPc deleted successfully.
C:\Windows\win32.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqvpe deleted successfully.
C:\Windows\winamp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqvpela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 deleted successfully.
File C:\Windows\winamp.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqvpela/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 deleted successfully.
File C:\Windows\winamp.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqvre deleted successfully.
C:\Windows\wininst.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqvrela/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5 deleted successfully.
File C:\Windows\wininst.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mqvsc deleted successfully.
C:\Windows\winlogon.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+kt0NXuTaXms deleted successfully.
C:\Windows\System32\ar0jbtyy4t.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefn0Z deleted successfully.
C:\Users\OJCLAUD\AppData\Local\Temp\system.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefn20ALAUD\AppData\Local\Temp\2868445695.exe deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\2868445695.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnb deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\mdm.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefneP deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\avp32.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File LvOJfeefnePnfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnf deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\win.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnfQ deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\win16.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefngP deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\win32.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnqe deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\login.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnqg deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\hexdump.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnsb deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\drweb.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnsb (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\drweb.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnsd deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\taskmgr.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnsf deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\lsass.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefntg deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\wininst.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnth deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\svchost.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefntpf deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\iexplarer.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnuf deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\csrss.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnusc deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\winlogon.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnvZ deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\install.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnwe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnwg deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\spoolsv.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnwpc deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\services.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnxb deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\sysedit.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnxc deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\smss.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnY deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\cmd.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnz1BLAUD\AppData\Local\Temp\4261188399.exe deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\4261188399.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnz9 deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\nvsvc32.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvOJfeefnZP deleted successfully.
File C:\Users\OJCLAUD\AppData\Local\Temp\gdi32.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqpe deleted successfully.
File C:\Windows\avp.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MqpSc deleted successfully.
File C:\Windows\avp32.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqqoc deleted successfully.
File C:\Windows\debug.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqqsc deleted successfully.
File C:\Windows\drweb.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MqqZ deleted successfully.
File C:\Windows\cmd.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MqqZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 deleted successfully.
File C:\Windows\cmd.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File MqqZndtop.info&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MqrMc deleted successfully.
File C:\Windows\gdi32.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqrta deleted successfully.
File C:\Windows\install.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqrtc deleted successfully.
File C:\Windows\hexdump.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqruqc deleted successfully.
File C:\Windows\iexplarer.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqsrc deleted successfully.
File C:\Windows\login.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqsuc deleted successfully.
File C:\Windows\lsass.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MqsZ deleted successfully.
File C:\Windows\mdm.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqtw+ deleted successfully.
File C:\Windows\nvsvc32.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mque deleted successfully.
File C:\Windows\user.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqug deleted successfully.
File C:\Windows\smss.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqurb deleted successfully.
File C:\Windows\taskmgr.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mquse deleted successfully.
File C:\Windows\svchost.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mquta deleted successfully.
File C:\Windows\services.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqutc deleted successfully.
File C:\Windows\sysedit.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mquuf deleted successfully.
File C:\Windows\spoolsv.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mquvc deleted successfully.
File C:\Windows\setup.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mquvcla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 deleted successfully.
File C:\Windows\setup.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mquxe deleted successfully.
File C:\Windows\system.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MqvPc deleted successfully.
File C:\Windows\win32.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqvpe deleted successfully.
File C:\Windows\winamp.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqvpela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 deleted successfully.
File C:\Windows\winamp.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqvpela/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 deleted successfully.
File C:\Windows\winamp.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqvre deleted successfully.
File C:\Windows\wininst.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqvrela/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5 deleted successfully.
File C:\Windows\wininst.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mqvsc deleted successfully.
File C:\Windows\winlogon.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+kt0NXuTaXms deleted successfully.
File C:\Windows\System32\ar0jbtyy4t.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\BindDirectlyToPropertySetStorage deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCMD deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCMD deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{B1B220C1-A503-59BD-F413-02B53A2C8954} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1B220C1-A503-59BD-F413-02B53A2C8954}\ deleted successfully.
C:\Windows\System32\toxi5.dll moved successfully.
ADS C:\ProgramData\TEMP:8CE646EE deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:242231A9] .

OTL by OldTimer - Version 3.2.17.3 log created on 12052010_205526

ComboFix log is as follows:


ComboFix 10-12-04.03 - OJCLAUD 12/05/2010 20:58:33.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3316.1944 [GMT -8:00]
Running from: c:\users\OJCLAUD\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\OJCLAUD\AppData\Roaming\86967.exe
c:\users\OJCLAUD\AppData\Roaming\keygen..exe
c:\users\OJCLAUD\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\windows\Cdykea.exe
c:\windows\system32\choionUI.dll
c:\windows\win16.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-06 to 2010-12-06 )))))))))))))))))))))))))))))))
.

2010-12-06 05:04 . 2010-12-06 05:04 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-12-06 05:04 . 2010-12-06 05:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-06 04:55 . 2010-12-06 04:55 -------- d-----w- C:\_OTL
2010-12-04 03:50 . 2010-12-04 03:50 388096 ----a-r- c:\users\OJCLAUD\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-04 03:50 . 2010-12-04 03:50 -------- d-----w- c:\program files\Trend Micro
2010-12-04 02:55 . 2010-12-04 02:55 -------- d-----w- c:\windows\system32\Profiles
2010-12-04 02:34 . 2010-12-04 02:37 -------- d-----w- c:\program files\Registry Easy
2010-12-04 01:58 . 2010-12-04 03:32 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-12-04 01:52 . 2010-12-04 01:52 2 --shatr- c:\windows\winstart.bat
2010-12-04 01:52 . 2010-12-04 01:52 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-12-04 01:52 . 2010-12-04 01:52 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-12-04 01:52 . 2010-11-11 20:44 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-12-04 01:52 . 2010-12-06 01:10 -------- d-----w- c:\program files\UnHackMe
2010-12-03 09:12 . 2010-12-04 01:47 -------- d-----w- c:\users\OJCLAUD\AppData\Roaming\WhiteSmokeTranslator
2010-12-03 09:04 . 2010-12-03 09:04 -------- d-----w- C:\_OTM
2010-11-23 23:50 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-15 06:19 . 2010-11-15 06:23 -------- d-----w- C:\23f60b7af022c5d44c0adb10
2010-11-10 14:35 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 18:16 . 2009-01-10 17:05 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-10-05 18:16 . 2009-01-10 17:05 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-10-05 18:16 . 2009-01-10 17:05 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-10-05 18:16 . 2009-01-10 17:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-23 07:32 . 2010-09-23 07:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-15 11:50 . 2010-09-09 17:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56 . 2010-10-13 08:45 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-13 08:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-13 08:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-13 08:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-13 08:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-13 08:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-13 08:45 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-13 08:45 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-13 08:45 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HDDHealth"="c:\program files\HDD Health\hddhealth.exe" [2008-06-15 1692672]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-05 95576]
"Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2007-05-11 4452352]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
Run Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2009-1-9 1175552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-03 19:38 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 04:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 08:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-03-08 20:00 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-29 02:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 23:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-19 01:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\OJCLAUD\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" /R
"Metropolis"="c:\windows\system32\rundll32.exe" c:\windows\system32\sshnas21.dll,GetHandle

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1144636083-63767480-2131124494-1000]
"EnableNotificationsRef"=dword:00000001

R0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-12-04 35816]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9bf1ba937d17d;Google Update Service (gupdate1c9bf1ba937d17d);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 133104]
R2 HDD & SSD access service;HDD & SSD access service;c:\program files\Common Files\BinarySense\disksvc.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-18 84832]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2010-12-04 24416]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-12-17 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-18 717296]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-08-09 29808]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2008-05-19 57344]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-05 238952]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-27 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-25 12856]
S2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe [2007-03-16 537520]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 05:16]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 05:16]

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1144636083-63767480-2131124494-1000Core.job
- c:\users\OJCLAUD\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 20:20]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1144636083-63767480-2131124494-1000UA.job
- c:\users\OJCLAUD\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 20:20]

2010-12-06 c:\windows\Tasks\User_Feed_Synchronization-{90EDD0BD-BEA6-4592-B879-8C78B7A581E8}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {4B29407B-0B42-4E86-A0D3-DCBDCADDE62B} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsview.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\OJCLAUD\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\OJCLAUD\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\OJCLAUD\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - c:\users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
FF - Extension: Better Gmail 2: bettergmail2@ginatrapani.org - c:\users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\bettergmail2@ginatrapani.org
FF - Extension: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - c:\users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - c:\users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Extension: Text-to-Image: {f701c26a-479a-4724-b4f1-870db12f063c} - c:\users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Linky: linky@gemal.dk - c:\users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\linky@gemal.dk
FF - Extension: Multi Links: multilinks@plugin - c:\users\OJCLAUD\AppData\Roaming\Mozilla\Firefox\Profiles\zui06fad.OJ\extensions\multilinks@plugin
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

BHO-{B1B220C1-A503-59BD-F413-02B53A2C8954} - c:\windows\system32\toxi5.dll
HKCU-Run-RiI5qDo8WINosUm18X7fIUAmcoGtoyg5mITb9z6vx3pO6IBlNS4FERAAOw - c:\users\OJCLAUD\AppData\Local\Temp\avp32.exe
HKCU-Run-uPc+kt0NXuTaXms - c:\windows\system32\ar0jbtyy4t.dll
HKCU-Run-MqpSc - c:\windows\avp32.exe
HKCU-Run-Mqutc - c:\windows\sysedit.exe
HKCU-Run-MqqZ - c:\windows\cmd.exe
HKCU-Run-Mqvre - c:\windows\wininst.exe
HKCU-Run-Mquta - c:\windows\services.exe
HKCU-Run-Mqvpe - c:\windows\winamp.exe
HKCU-Run-Mqvsc - c:\windows\winlogon.exe
HKCU-Run-Mqsuc - c:\windows\lsass.exe
HKCU-Run-Mquse - c:\windows\svchost.exe
HKCU-Run-Mqrta - c:\windows\install.exe
HKCU-Run-MqvPc - c:\windows\win16.exe
HKCU-Run-Mqsrc - c:\windows\login.exe
HKCU-Run-Mqqsc - c:\windows\drweb.exe
HKCU-Run-Mquuf - c:\windows\spoolsv.exe
HKCU-Run-Mqtw+ - c:\windows\nvsvc32.exe
HKCU-Run-MqsZ - c:\windows\mdm.exe
HKCU-Run-Mqug - c:\windows\smss.exe
HKCU-Run-MqrMc - c:\windows\gdi32.exe
HKCU-Run-Mquxe - c:\windows\system.exe
HKCU-Run-Mqpe - c:\windows\avp.exe
HKCU-Run-Mqrtc - c:\windows\hexdump.exe
HKCU-Run-Mquvc - c:\windows\setup.exe
HKCU-Run-Mqurb - c:\windows\taskmgr.exe
HKCU-Run-Mqruqc - c:\windows\iexplarer.exe
HKCU-Run-Mqqoc - c:\windows\debug.exe
HKCU-Run-Mque - c:\windows\user.exe
HKCU-Run-LvOJfeefnz1BLAUD\AppData\Local\Temp\4261188399.exe - c:\users\OJCLAUD\AppData\Local\Temp\4261188399.exe
HKCU-Run-LvOJfeefn20ALAUD\AppData\Local\Temp\2868445695.exe - c:\users\OJCLAUD\AppData\Local\Temp\2868445695.exe
HKLM-Run-RiI5qDo8WINosUm18X7fIUAmcoGtoyg5mITb9z6vx3pO6IBlNS4FERAAOw - c:\users\OJCLAUD\AppData\Local\Temp\avp32.exe
HKLM-Run-uPc+kt0NXuTaXms - c:\windows\system32\ar0jbtyy4t.dll
HKLM-Run-MqpSc - c:\windows\avp32.exe
HKLM-Run-Mqutc - c:\windows\sysedit.exe
HKLM-Run-MqqZ - c:\windows\cmd.exe
HKLM-Run-Mqvre - c:\windows\wininst.exe
HKLM-Run-Mquta - c:\windows\services.exe
HKLM-Run-Mqvpe - c:\windows\winamp.exe
HKLM-Run-Mqvsc - c:\windows\winlogon.exe
HKLM-Run-Mqsuc - c:\windows\lsass.exe
HKLM-Run-Mquse - c:\windows\svchost.exe
HKLM-Run-Mqrta - c:\windows\install.exe
HKLM-Run-MqvPc - c:\windows\win16.exe
HKLM-Run-Mqsrc - c:\windows\login.exe
HKLM-Run-Mqqsc - c:\windows\drweb.exe
HKLM-Run-Mquuf - c:\windows\spoolsv.exe
HKLM-Run-Mqtw+ - c:\windows\nvsvc32.exe
HKLM-Run-MqsZ - c:\windows\mdm.exe
HKLM-Run-Mqug - c:\windows\smss.exe
HKLM-Run-MqrMc - c:\windows\gdi32.exe
HKLM-Run-Mquxe - c:\windows\system.exe
HKLM-Run-Mqpe - c:\windows\avp.exe
HKLM-Run-Mqrtc - c:\windows\hexdump.exe
HKLM-Run-Mquvc - c:\windows\setup.exe
HKLM-Run-Mqurb - c:\windows\taskmgr.exe
HKLM-Run-Mqruqc - c:\windows\iexplarer.exe
HKLM-Run-Mqqoc - c:\windows\debug.exe
HKLM-Run-Mque - c:\windows\user.exe
HKLM-Run-LvOJfeefnz1BLAUD\AppData\Local\Temp\4261188399.exe - c:\users\OJCLAUD\AppData\Local\Temp\4261188399.exe
HKLM-Run-LvOJfeefn20ALAUD\AppData\Local\Temp\2868445695.exe - c:\users\OJCLAUD\AppData\Local\Temp\2868445695.exe
HKU-Default-Run-uPc+kt0NXuTaXms - c:\windows\system32\ar0jbtyy4t.dll
HKU-Default-Run-Mqqsc - c:\windows\drweb.exe
HKU-Default-Run-Mqruqc - c:\windows\iexplarer.exe
HKU-Default-Run-MqvPc - c:\windows\win16.exe
HKU-Default-Run-Mqvpe - c:\windows\winamp.exe
SharedTaskScheduler-{B1B220C1-A503-59BD-F413-02B53A2C8954} - c:\windows\system32\toxi5.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 21:05
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MqqZndtop.info&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP9R+0ewoMGDCBMqXMgQ4cCGCf0slAixosWLGDMmTAWR40ONGT9C/EhNJEGTCikWfKgSpMuX MBM+RHnSIM2YOA/erNjSIMecQINeNJnqp8CTOy0mPenxKMmjNlcWLIqx50CrMmVSS7VUqNeSBf1I pNkVKNeyG41WjTi0JFivcCty9KNWIVqlUmsOpApVIM2iYO+GdeiH7Fa3T+MqzlpUZWKdi/Myfbtx JszCCLn6dRu5s0XMDBMLdlmy6UCRW/n2xSiSIleuU5I+He25qth/dZX2XMxZskPSbsUazV0bJGWN qVqO3vtP7NihWRsefq36dF/DiJ07b05QM+iQQR+v/zRKNivdqDtlh72N8rj0hYC3TpVfU6/NrXS1 76a8u3hF9xglpxBxdtGH20FT3OYQZeJJVlRdveEG2GYlOaeZfVclR1eFBk2xmnGSNWjdgulJZdJ5 vh34kYLwWYbQdiRapFqBiFWYnIBt3chdd/4dRByAI3XX33245fdbVBIa+CKL913oo5MkuqVhfg8G udeJLA4JU4NI1RfYf1C9JheKpEFIjUpieUhUX3zNVGNz2jl5FlMjkXeQfj0ieZxJ1p34U1I6LlUe UmIKlCBCCT6HG2IeHQaWcDCG6FRXc+6EJpNgZgbYa9NtOp2BfTqlE47XrSeWi0iC51ekS57nKIVU Av8H5UpEfcppacFpiOtZUn7K6IF42dfdn1JtKKmRR5JG60nCoUdhY3GOZWunyU2xqaecZutranbW x52iBLGaaqjEpUmXZpz1SVViTG4Kp5bAAsXShow6aq+2YtZo4BT8RreakhlJNCSkMnrbHL8I8zvn sMRpuNGppT0YH1gEjrtZiI3FFnG1qjVlKp+4ljQFCrEtKNWFby5InXb8ivhuVodJlnDCJFvb5qgo 6VqsHwn2zPPPiZZ1prW/iYzZaROm2iqJqfCLQoRQSWlXXWmOjAIKzpF8tZYrkjqVXfxuyPPMA+7m 8IA+6wc0vHeeOpWFac5X72mIUUh3gnz6UTOvvaH/63FeDP5z9dN6De6hsyM2d/aQ1CB8VFFOH2od kxZGxDLPU55744wQwV3X5rOO955eX46N7qTq0l2aTm/pjQKEVx9qMEPNbjRycvINlPC5hT16I5XA t8SxXSD9DOHLxKcG5GzhHmp6jQtXWLO+9t599em6by00pGpDNba1cOutsJiRhjr7VgoXWDymRfbe 0J8RUoowuvx5hLC+Jm9F8nOnuf665sD73U/KJZwEocAmrwlbY7wWMJ4RTyNXaZm3eMacAV0nd7RK l1OapkA34ed7CRJgqM6En60VqjmxC42ogCWSByGMXityWm6WE7a/pKgiidKJgnZCoEIJiG7AU2C0 /3qXsMTxaYNbW1RpXCe7ruRsgI1TmNvo8sIPQbB8egKJhsjjMNx5jnu/g1R8osPBEOpHdyOzFv68 NTntKS8Vg+MK23j0OAaWMUMF3F+8SpQSzFnQJRkTY+WElKzQhE4gHKQISapWMg1S7y3UiB2j4ti7 uj3pQFWy3e4Y2a/ZZaRpa6PSg2jzNjL50SbtsmKpEDmfwtRMJmmUHYZONp00wsZqlYyN+/hGkfwE Bn8zG9nYaqa2aGVOP5nzWaK+N7YACiZu4SqM1/YikR6iiE/eAaUQf5ewYwoweGIznNZINqVvhnGL wtliGEEIwkR905gBBKBmqsW7ZDpwdGD7mbmKOf/E/HCPn9Ca0yv79D3UwfObZxpcfgy3TtydZZSv 8eWZFCQWra0kbGwEFoxcNjQyRaVbqmSIrhq3m1hJKJ4PAmBqVFpGUQ7TnI152Z4Ed73uKFRAaEpS 3R6ZrhoeZWxfmiV+iDU7aD4QJhpa5hfXyTv2Pe5Lb7qflOZ3xMSxSmRXG6rVDnemcM3oLP7s2qqk Who9GgxA2smgofAmKuuY5jL6JOrvMFm7a/qlUTd5HkdeWLHZ5VAgN0Vk5LxqFJUs8K1Qel4tW5ay kEZTOX/1V0yMlr5B1sQ061SipAzCs9fdkq1VhUxNTjW4CDF0Rz+tzlykeVesEg0pMsSZvoijVLf/ +QZVSlMhbtyJlZk07Ex99QlQD6aw0WiuIKX1URy9aiSqkSpCPYtf0CxJR7ntNILfyYxQtmM+H+XM d/3ZFXGHRk46JcuyTmFiOs+itaA97lKD8Qn6SIYUt9gyaqdrK9r0ec+oPYaU8VUhJGniyxNOJWxV bJJPYnre60Grl1orjGGLlJsZ9iwiwrwJWujJ2efm6Wu4Ot9h0nqnNL6SdSc9mr8al9x3vWZwNQ3j b6yCOagJbmStHY5kmwc0pfZsVgAO0GQuIsYDJywibQISAmPXs06mREKcHdAMzSuQZrJudZ0LpX6U Gtwtsc5J6uGsNM9VM8JFE3dsBNjbfmIk3K7I/6MfauG4XlXR7N7nVWeV2IPX1j/H8GbKN8yMa9Ik wNzKd4BUudGGqylakfolNLuyFecg+cnI1CpeIG504pj7TcgYkU2r9bOJREVR1EJHlahBWVslxi1u rfC2n65gTijzo0wpDr3imp3EpNke/fYpO79Wna/bGlT3jFBFvv7lwgyNQBDN7a6ooxhPkdZmRlUy Ytf23ZSYE7LAFSkvhb2LoLSC5Ucvz7Hcho9jR5Iz3T7Jrn18kY7mCmmiNKxDp260Un4Z5HVXNyTG 3uOoPTIlVFtROCTJXG4T553ecmdy/mbeUZ2FSOrhRdafxvS+3V0ZOAMSgMLtcriULHCN5yl+F//D p7rxaWN9MwVZ3vb3nRYoHh1Z8XT5CrB11KTfQua75SnPYFAN7iOliJw6IZa5plKq546Bq204Otul /31yoZG8u7Rj91GpPc1zUWtaoYPbeA4LOpSK8tH/OuTIAy1uE507oyg/q7C9C5RzsebQYJ9Wt7mO 5LBAtOleb7rEPDnZl9Dt7iRpu7DTRT8NRsd86yVUq0GKn9T28elqMbDi+LJAibbFZT6X/KBSNMeN V9qIoxw2hlCCrEAP8ketCU+/FwJ0MoJp0yfruWP/Zixh0f7Op/ohsYONcKgiEqwcZznbdwwyVedW 5MGCoISgXzzoD9DjouvusWc/a5JHf9xBWjA19bfEQGyOiGCZAdWHjeP99Q+rM0dUeVRaL1/3b6n9 Sif8Z4AcaOmHf7P6tUP4ZX/+p1kGERAAOw = "c:\windows\cmd.exe"
LvOJfeefnePnfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEjwH7WCCBMqXMiwYcJUBwv6SeWwIsFUGDFOzMixo0aPIDdmFAkyFcmRGC2qHBixYMuW KxV+nEjTpM2aNWfetPmx506cO30ShGkwpsOXRl0mXcq06cqPA/3QdErVKNGqRv08pEZxaFGBV78q BctSrMWWEL1y1VhUqlaIHjdSE+mHa8OwTfHexUpQq0JqXAHzxar3IsaIUwcPhquYqd+yZAXCtYsw LNHLMQ8WRkiR5z+3dc0utJzZ5eGuSTUzDTy5dWDArtMaPN149FLU/zjmnrj5b++/h2sPnniUtfHY x5MjX856rGiBj8G+1SgVt9fKBvFe1k0W6dLft52+/wZ/2zhs88lhF5xZXaXe5sIHmmwc0Tpk2zCN /x2dPyHp9Qe5ZRJo8+U2YIHPyQcgROQxtBlv9+3HmEX2uSeZdeNFZpZgTA0IWk0XAaaffDc1xGBK 8SEklXMazkaZQY8VJluC+4GFoGmvQdafhgL2aN9cGa1FEWbeefgVbRjSWJFqqsk3RXQavpRjQlAC l9pDFbIEWF0mTSEZUG4tBBdKuWEF4nopRpVliBCJJGF3o62pVJNFqYYiZtBNoadU7wk2pnVa1XcQ akSW9SdLng1qW14r4oVSYuvdWCaFpTGEYmSI7WmjiAZyypAfXl40qXP1TWipm4tmtaJYIFmaUYSB 3v8FW5UsXkVUkBqmoiduEQnZX5O0GqhWUYftyCJ0OVXF52c/vajQmd71dRGUsyp6VnG53bprcYFZ uBWhTQW1ZlglZejqnTN+Wudnbj35pF8civXgsRplioKtDrYpb6TXiecSYtVxRRyiYPrFYLz9crRW jr/xupu76WZ3lILyBTubrprGNN95SHWWJsXQiUscwNnF66hUeu4J6ncYAvYkuJKZ/G99kqUMc0Ep z4XwV3YhhhlGKIBar8zYtehfhD95yBN13ZLKLMrvTpTyFHSqlORcYXKmJM1tZbwQqBuBRXR2d/qH MQpToB00pnKqlGzVXy59KWdydRkxqFO0/SamTwb/WCW8VQvm6T9ql5QR2n6N3O9n2cIMEwqQ5y0i Y2lDjnbfe5E25FBtaiVg3BTlJCJXTw6Lt5Kk2jcgWjGOijDcuV0uZtqnsTYmbK3Vzlkqao8as0lq r4q6mPMdzK5EJe7WtNhow31Q6dcCOBTmfYUWcq+aWftS5Z5zti10xHZV4K0n1u6H5SStBRbktDF5 NN2WU70uk4JmfaFJ1GgKN9BzazxtqHQTVVmcdZGU0ep00qqY9ZZGnJsEZiLBA9NaguYajh2nQDup XNqqcyDejC5pYNITeia0s5hER1fWo1JouoW9o+lpbSrSk4raYqDNLU5ipJOdDQciwnW1CCZjul/l /9jnq9WhqSvPYw3eppMko5lQgQ7ZmMNKaJCgyQ9nMkST8Likt+ydD3JwWp/eSja5AVJDbSJkEHQs 1zzmTCZlkeqfU5CIwhplZ0WA09L80ga9Ou2pap5DywDn57sz0i42MsRTtn62Fi6xkUuIiR/a1Mip gYGFj5DEHa4GaZSu2M+O7DLe4iDCR15t6yoplMyRfoSzSTZOMyionWvA56gxxS+TvBtiFsOXt7nB MZTkw9sYsaPEKmUvWnLxTs8+kzMn3Stk0KOW4EgkNq98UX6dyV/eXimbD9oOOUO8l5/YaDnjAYac AytliPB2uR4O72vsolVvJCWfllyOjnuaD5Skif8lAsYubRKrYmtEE6gRHkeXBAln5cClweYZyID+ cdf3nIIyh3mlbGUyYlSOmUsUMOuFyPJhlXZomM3Bkn2NE6GdPDKlRulIko18ZDnJEs5YsuR8idxX FfsYLvsVxnYEixWG8BYqsDHuWVp736sEwr1B8U6WmjkYoX4kIlAVLjtszF/kJnNN2U2PegrxGkW3 qVOZ3K5Mn/QQHw9yueh4h1rv6xVccBpLUtYlqq8pXnMmM7jYzVSrhxwisXRJ1oSK1SUIfCdDXuY/ RNmlg9FZojb1ZkxMiS1eXXIo7+46up4JrKDH3NkL0xag4O3UpgbhY+9cJDibZQlswywajEDjvtr/ HnV+xdLoJTeIONEQJVaqzJ6pBjXBDWIMe3g9HpoEp0bCZfWLDh3ikKALOcFZt0ukFd5gxalYuoHN XZT6EpBwUlWeEHVXYHpUs2rympzgD7BPClp6u3eXbp4xfoYE42wsJxm1VbdWRDVVbnbVIBVVZ1kB NZvfIHRUt77qvFc0zDSB5KvOamkya0Rj/9rzEwIJDH+kZKNqJwk87lE3aFg7cIfR6C6ihome0VOl ljhUqrlZS8Z9aZPNRsesITVyS5el3/Iugt8aKhd2EeoLOSMnOaZCTmqqBWBUXPq/qcmyu8SMSoR4 TKeosulgoEqxbugkNbldKkjuUwv6phw2O22t/yD+jXNagPbkmrYEuGVCSvYqVs8bFxhkIUuJhWfm rGzeNEbjkdKHgyTghoB0N7ixMXgAK8lIx0+XnoRrbCvEsaXQhE8cKxaH5NiWGYUpYD6WKtkuyEU5 vmSzfURizIbyHqwuWbh+XXLUsnyzie2OWx+2lBmpeFRejVevaYGPRFatyaUWEEoVcvZPc3jVr6LR tK8EJVU28y7UWJRxSCmoSanMm0h3zi2YbamiACWk0wh6XTaEycBKCMhlNWnJYKTkqqfqPE7qaDPJ W/ZWBI5ccsWss357mna9+TSb5IqlUh1yHBP864Vcm30eswynerUas8FLTLhl721R0ygaF3Ga1f8j y6eFmmhkeahdoXR4sRWG24wL/DlWRefvfPfvZdY6Wn+2EZqmxRPEELqMDtGumrLmLJeqxkeii1I/ CfY1B/O0ZF3E3Xxv0p5+/WeGgN6XBN13Inmua1VCZhfVKIK5zTCpXR9aeNyW93SXQv3AcX85Tjzs b22Hh+faFsqFCRneoVhsSTaaL4G2DqYYZ3vox4qPwf7DZUJ+mC4SnxOxlr74vO8d6jIni08es/IP KfJapQJiqhTz9GTvK1oP6ZGKGQ/CjYW9k4rlIE3U5/K4WxLxjsWx3yd2TMu/m3OlL5jcE7hICsuL 405MkIyQzKNGcZ2yvlc6nOS6zCyf/jaydhC562tok6ArRvsEc7bb8N6jyhA7RaETf3dhzx+n4gTL snX7J/lTwwMPD/Yp9iG99FN8IT7AVymOF2jcMRxotxcBdSlhkxqX4Td6Jynmx3xmp0fR53b3AX1h xDk7YUeFInfUNz+/In/0dxWyhjvP83IX6Dux9TGdhHkymCYq6BsvSGucU4P0YRr3N3wSmGTfwXG9 RiI5qDo8WINosUm18X7fIUAmcoGtoyg5mITb9z6vx3pO6IBlNS4FERAAOw = c:\users\OJCLAUD\AppData\Local\Temp\avp32.exe
LvOJfeefnzy/LAUD\AppData\Local\Temp\2272202783.exe = c:\users\OJCLAUD\AppData\Local\Temp\2272202783.exe
uPc+kt0NXuTaXms = rundll32.exe c:\windows\system32\ar0jbtyy4t.dll, SystemServer
MqpSc = c:\windows\avp32.exe
Mqutc = c:\windows\sysedit.exe
MqqZ = c:\windows\cmd.exe
Mqvre = c:\windows\wininst.exe
Mquta = c:\windows\services.exe
Mqvpe = c:\windows\winamp.exe
Mqvsc = c:\windows\winlogon.exe
Mqsuc = c:\windows\lsass.exe
Mquse = c:\windows\svchost.exe
Mqrta = c:\windows\install.exe
MqvPc = c:\windows\win16.exe
Mqsrc = c:\windows\login.exe
Mqqsc = c:\windows\drweb.exe
Mquuf = c:\windows\spoolsv.exe
Mqtw+ = c:\windows\nvsvc32.exe
MqsZ = c:\windows\mdm.exe
Mqug = c:\windows\smss.exe
MqrMc = c:\windows\gdi32.exe
Mquxe = c:\windows\system.exe
Mqpe = c:\windows\avp.exe
Mqrtc = c:\windows\hexdump.exe
Mquvc = c:\windows\setup.exe
Mqurb = c:\windows\taskmgr.exe
Mqruqc = c:\windows\iexplarer.exe
Mqqoc = c:\windows\debug.exe
Mque = c:\windows\user.exe
LvOJfeefnz1BLAUD\AppData\Local\Temp\4261188399.exe = c:\users\OJCLAUD\AppData\Local\Temp\4261188399.exe
LvOJfeefn20ALAUD\AppData\Local\Temp\2868445695.exe = c:\users\OJCLAUD\AppData\Local\Temp\2868445695.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MqqZndtop.info&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP9R+0ewoMGDCBMqXMgQ4cCGCf0slAixosWLGDMmTAWR40ONGT9C/EhNJEGTCikWfKgSpMuX MBM+RHnSIM2YOA/erNjSIMecQINeNJnqp8CTOy0mPenxKMmjNlcWLIqx50CrMmVSS7VUqNeSBf1I pNkVKNeyG41WjTi0JFivcCty9KNWIVqlUmsOpApVIM2iYO+GdeiH7Fa3T+MqzlpUZWKdi/Myfbtx JszCCLn6dRu5s0XMDBMLdlmy6UCRW/n2xSiSIleuU5I+He25qth/dZX2XMxZskPSbsUazV0bJGWN qVqO3vtP7NihWRsefq36dF/DiJ07b05QM+iQQR+v/zRKNivdqDtlh72N8rj0hYC3TpVfU6/NrXS1 76a8u3hF9xglpxBxdtGH20FT3OYQZeJJVlRdveEG2GYlOaeZfVclR1eFBk2xmnGSNWjdgulJZdJ5 vh34kYLwWYbQdiRapFqBiFWYnIBt3chdd/4dRByAI3XX33245fdbVBIa+CKL913oo5MkuqVhfg8G udeJLA4JU4NI1RfYf1C9JheKpEFIjUpieUhUX3zNVGNz2jl5FlMjkXeQfj0ieZxJ1p34U1I6LlUe UmIKlCBCCT6HG2IeHQaWcDCG6FRXc+6EJpNgZgbYa9NtOp2BfTqlE47XrSeWi0iC51ekS57nKIVU Av8H5UpEfcppacFpiOtZUn7K6IF42dfdn1JtKKmRR5JG60nCoUdhY3GOZWunyU2xqaecZutranbW x52iBLGaaqjEpUmXZpz1SVViTG4Kp5bAAsXShow6aq+2YtZo4BT8RreakhlJNCSkMnrbHL8I8zvn sMRpuNGppT0YH1gEjrtZiI3FFnG1qjVlKp+4ljQFCrEtKNWFby5InXb8ivhuVodJlnDCJFvb5qgo 6VqsHwn2zPPPiZZ1prW/iYzZaROm2iqJqfCLQoRQSWlXXWmOjAIKzpF8tZYrkjqVXfxuyPPMA+7m 8IA+6wc0vHeeOpWFac5X72mIUUh3gnz6UTOvvaH/63FeDP5z9dN6De6hsyM2d/aQ1CB8VFFOH2od kxZGxDLPU55744wQwV3X5rOO955eX46N7qTq0l2aTm/pjQKEVx9qMEPNbjRycvINlPC5hT16I5XA t8SxXSD9DOHLxKcG5GzhHmp6jQtXWLO+9t599em6by00pGpDNba1cOutsJiRhjr7VgoXWDymRfbe 0J8RUoowuvx5hLC+Jm9F8nOnuf665sD73U/KJZwEocAmrwlbY7wWMJ4RTyNXaZm3eMacAV0nd7RK l1OapkA34ed7CRJgqM6En60VqjmxC42ogCWSByGMXityWm6WE7a/pKgiidKJgnZCoEIJiG7AU2C0 /3qXsMTxaYNbW1RpXCe7ruRsgI1TmNvo8sIPQbB8egKJhsjjMNx5jnu/g1R8osPBEOpHdyOzFv68 NTntKS8Vg+MK23j0OAaWMUMF3F+8SpQSzFnQJRkTY+WElKzQhE4gHKQISapWMg1S7y3UiB2j4ti7 uj3pQFWy3e4Y2a/ZZaRpa6PSg2jzNjL50SbtsmKpEDmfwtRMJmmUHYZONp00wsZqlYyN+/hGkfwE Bn8zG9nYaqa2aGVOP5nzWaK+N7YACiZu4SqM1/YikR6iiE/eAaUQf5ewYwoweGIznNZINqVvhnGL wtliGEEIwkR905gBBKBmqsW7ZDpwdGD7mbmKOf/E/HCPn9Ca0yv79D3UwfObZxpcfgy3TtydZZSv 8eWZFCQWra0kbGwEFoxcNjQyRaVbqmSIrhq3m1hJKJ4PAmBqVFpGUQ7TnI152Z4Ed73uKFRAaEpS 3R6ZrhoeZWxfmiV+iDU7aD4QJhpa5hfXyTv2Pe5Lb7qflOZ3xMSxSmRXG6rVDnemcM3oLP7s2qqk Who9GgxA2smgofAmKuuY5jL6JOrvMFm7a/qlUTd5HkdeWLHZ5VAgN0Vk5LxqFJUs8K1Qel4tW5ay kEZTOX/1V0yMlr5B1sQ061SipAzCs9fdkq1VhUxNTjW4CDF0Rz+tzlykeVesEg0pMsSZvoijVLf/ +QZVSlMhbtyJlZk07Ex99QlQD6aw0WiuIKX1URy9aiSqkSpCPYtf0CxJR7ntNILfyYxQtmM+H+XM d/3ZFXGHRk46JcuyTmFiOs+itaA97lKD8Qn6SIYUt9gyaqdrK9r0ec+oPYaU8VUhJGniyxNOJWxV bJJPYnre60Grl1orjGGLlJsZ9iwiwrwJWujJ2efm6Wu4Ot9h0nqnNL6SdSc9mr8al9x3vWZwNQ3j b6yCOagJbmStHY5kmwc0pfZsVgAO0GQuIsYDJywibQISAmPXs06mREKcHdAMzSuQZrJudZ0LpX6U Gtwtsc5J6uGsNM9VM8JFE3dsBNjbfmIk3K7I/6MfauG4XlXR7N7nVWeV2IPX1j/H8GbKN8yMa9Ik wNzKd4BUudGGqylakfolNLuyFecg+cnI1CpeIG504pj7TcgYkU2r9bOJREVR1EJHlahBWVslxi1u rfC2n65gTijzo0wpDr3imp3EpNke/fYpO79Wna/bGlT3jFBFvv7lwgyNQBDN7a6ooxhPkdZmRlUy Ytf23ZSYE7LAFSkvhb2LoLSC5Ucvz7Hcho9jR5Iz3T7Jrn18kY7mCmmiNKxDp260Un4Z5HVXNyTG 3uOoPTIlVFtROCTJXG4T553ecmdy/mbeUZ2FSOrhRdafxvS+3V0ZOAMSgMLtcriULHCN5yl+F//D p7rxaWN9MwVZ3vb3nRYoHh1Z8XT5CrB11KTfQua75SnPYFAN7iOliJw6IZa5plKq546Bq204Otul /31yoZG8u7Rj91GpPc1zUWtaoYPbeA4LOpSK8tH/OuTIAy1uE507oyg/q7C9C5RzsebQYJ9Wt7mO 5LBAtOleb7rEPDnZl9Dt7iRpu7DTRT8NRsd86yVUq0GKn9T28elqMbDi+LJAibbFZT6X/KBSNMeN V9qIoxw2hlCCrEAP8ketCU+/FwJ0MoJp0yfruWP/Zixh0f7Op/ohsYONcKgiEqwcZznbdwwyVedW 5MGCoISgXzzoD9DjouvusWc/a5JHf9xBWjA19bfEQGyOiGCZAdWHjeP99Q+rM0dUeVRaL1/3b6n9 Sif8Z4AcaOmHf7P6tUP4ZX/+p1kGERAAOw = "c:\windows\cmd.exe"
LvOJfeefnePnfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEjwH7WCCBMqXMiwYcJUBwv6SeWwIsFUGDFOzMixo0aPIDdmFAkyFcmRGC2qHBixYMuW KxV+nEjTpM2aNWfetPmx506cO30ShGkwpsOXRl0mXcq06cqPA/3QdErVKNGqRv08pEZxaFGBV78q BctSrMWWEL1y1VhUqlaIHjdSE+mHa8OwTfHexUpQq0JqXAHzxar3IsaIUwcPhquYqd+yZAXCtYsw LNHLMQ8WRkiR5z+3dc0utJzZ5eGuSTUzDTy5dWDArtMaPN149FLU/zjmnrj5b++/h2sPnniUtfHY x5MjX856rGiBj8G+1SgVt9fKBvFe1k0W6dLft52+/wZ/2zhs88lhF5xZXaXe5sIHmmwc0Tpk2zCN /x2dPyHp9Qe5ZRJo8+U2YIHPyQcgROQxtBlv9+3HmEX2uSeZdeNFZpZgTA0IWk0XAaaffDc1xGBK 8SEklXMazkaZQY8VJluC+4GFoGmvQdafhgL2aN9cGa1FEWbeefgVbRjSWJFqqsk3RXQavpRjQlAC l9pDFbIEWF0mTSEZUG4tBBdKuWEF4nopRpVliBCJJGF3o62pVJNFqYYiZtBNoadU7wk2pnVa1XcQ akSW9SdLng1qW14r4oVSYuvdWCaFpTGEYmSI7WmjiAZyypAfXl40qXP1TWipm4tmtaJYIFmaUYSB 3v8FW5UsXkVUkBqmoiduEQnZX5O0GqhWUYftyCJ0OVXF52c/vajQmd71dRGUsyp6VnG53bprcYFZ uBWhTQW1ZlglZejqnTN+Wudnbj35pF8civXgsRplioKtDrYpb6TXiecSYtVxRRyiYPrFYLz9crRW jr/xupu76WZ3lILyBTubrprGNN95SHWWJsXQiUscwNnF66hUeu4J6ncYAvYkuJKZ/G99kqUMc0Ep z4XwV3YhhhlGKIBar8zYtehfhD95yBN13ZLKLMrvTpTyFHSqlORcYXKmJM1tZbwQqBuBRXR2d/qH MQpToB00pnKqlGzVXy59KWdydRkxqFO0/SamTwb/WCW8VQvm6T9ql5QR2n6N3O9n2cIMEwqQ5y0i Y2lDjnbfe5E25FBtaiVg3BTlJCJXTw6Lt5Kk2jcgWjGOijDcuV0uZtqnsTYmbK3Vzlkqao8as0lq r4q6mPMdzK5EJe7WtNhow31Q6dcCOBTmfYUWcq+aWftS5Z5zti10xHZV4K0n1u6H5SStBRbktDF5 NN2WU70uk4JmfaFJ1GgKN9BzazxtqHQTVVmcdZGU0ep00qqY9ZZGnJsEZiLBA9NaguYajh2nQDup XNqqcyDejC5pYNITeia0s5hER1fWo1JouoW9o+lpbSrSk4raYqDNLU5ipJOdDQciwnW1CCZjul/l /9jnq9WhqSvPYw3eppMko5lQgQ7ZmMNKaJCgyQ9nMkST8Likt+ydD3JwWp/eSja5AVJDbSJkEHQs 1zzmTCZlkeqfU5CIwhplZ0WA09L80ga9Ou2pap5DywDn57sz0i42MsRTtn62Fi6xkUuIiR/a1Mip gYGFj5DEHa4GaZSu2M+O7DLe4iDCR15t6yoplMyRfoSzSTZOMyionWvA56gxxS+TvBtiFsOXt7nB MZTkw9sYsaPEKmUvWnLxTs8+kzMn3Stk0KOW4EgkNq98UX6dyV/eXimbD9oOOUO8l5/YaDnjAYac AytliPB2uR4O72vsolVvJCWfllyOjnuaD5Skif8lAsYubRKrYmtEE6gRHkeXBAln5cClweYZyID+ cdf3nIIyh3mlbGUyYlSOmUsUMOuFyPJhlXZomM3Bkn2NE6GdPDKlRulIko18ZDnJEs5YsuR8idxX FfsYLvsVxnYEixWG8BYqsDHuWVp736sEwr1B8U6WmjkYoX4kIlAVLjtszF/kJnNN2U2PegrxGkW3 qVOZ3K5Mn/QQHw9yueh4h1rv6xVccBpLUtYlqq8pXnMmM7jYzVSrhxwisXRJ1oSK1SUIfCdDXuY/ RNmlg9FZojb1ZkxMiS1eXXIo7+46up4JrKDH3NkL0xag4O3UpgbhY+9cJDibZQlswywajEDjvtr/ HnV+xdLoJTeIONEQJVaqzJ6pBjXBDWIMe3g9HpoEp0bCZfWLDh3ikKALOcFZt0ukFd5gxalYuoHN XZT6EpBwUlWeEHVXYHpUs2rympzgD7BPClp6u3eXbp4xfoYE42wsJxm1VbdWRDVVbnbVIBVVZ1kB NZvfIHRUt77qvFc0zDSB5KvOamkya0Rj/9rzEwIJDH+kZKNqJwk87lE3aFg7cIfR6C6ihome0VOl ljhUqrlZS8Z9aZPNRsesITVyS5el3/Iugt8aKhd2EeoLOSMnOaZCTmqqBWBUXPq/qcmyu8SMSoR4 TKeosulgoEqxbugkNbldKkjuUwv6phw2O22t/yD+jXNagPbkmrYEuGVCSvYqVs8bFxhkIUuJhWfm rGzeNEbjkdKHgyTghoB0N7ixMXgAK8lIx0+XnoRrbCvEsaXQhE8cKxaH5NiWGYUpYD6WKtkuyEU5 vmSzfURizIbyHqwuWbh+XXLUsnyzie2OWx+2lBmpeFRejVevaYGPRFatyaUWEEoVcvZPc3jVr6LR tK8EJVU28y7UWJRxSCmoSanMm0h3zi2YbamiACWk0wh6XTaEycBKCMhlNWnJYKTkqqfqPE7qaDPJ W/ZWBI5ccsWss357mna9+TSb5IqlUh1yHBP864Vcm30eswynerUas8FLTLhl721R0ygaF3Ga1f8j y6eFmmhkeahdoXR4sRWG24wL/DlWRefvfPfvZdY6Wn+2EZqmxRPEELqMDtGumrLmLJeqxkeii1I/ CfY1B/O0ZF3E3Xxv0p5+/WeGgN6XBN13Inmua1VCZhfVKIK5zTCpXR9aeNyW93SXQv3AcX85Tjzs b22Hh+faFsqFCRneoVhsSTaaL4G2DqYYZ3vox4qPwf7DZUJ+mC4SnxOxlr74vO8d6jIni08es/IP KfJapQJiqhTz9GTvK1oP6ZGKGQ/CjYW9k4rlIE3U5/K4WxLxjsWx3yd2TMu/m3OlL5jcE7hICsuL 405MkIyQzKNGcZ2yvlc6nOS6zCyf/jaydhC562tok6ArRvsEc7bb8N6jyhA7RaETf3dhzx+n4gTL snX7J/lTwwMPD/Yp9iG99FN8IT7AVymOF2jcMRxotxcBdSlhkxqX4Td6Jynmx3xmp0fR53b3AX1h xDk7YUeFInfUNz+/In/0dxWyhjvP83IX6Dux9TGdhHkymCYq6BsvSGucU4P0YRr3N3wSmGTfwXG9 RiI5qDo8WINosUm18X7fIUAmcoGtoyg5mITb9z6vx3pO6IBlNS4FERAAOw = c:\users\OJCLAUD\AppData\Local\Temp\avp32.exe
LvOJfeefnzy/LAUD\AppData\Local\Temp\2272202783.exe = c:\users\OJCLAUD\AppData\Local\Temp\2272202783.exe
uPc+kt0NXuTaXms = rundll32.exe c:\windows\system32\ar0jbtyy4t.dll, SystemServer
MqpSc = c:\windows\avp32.exe
Mqutc = c:\windows\sysedit.exe
MqqZ = c:\windows\cmd.exe
Mqvre = c:\windows\wininst.exe
Mquta = c:\windows\services.exe
Mqvpe = c:\windows\winamp.exe
Mqvsc = c:\windows\winlogon.exe
Mqsuc = c:\windows\lsass.exe
Mquse = c:\windows\svchost.exe
Mqrta = c:\windows\install.exe
MqvPc = c:\windows\win16.exe
Mqsrc = c:\windows\login.exe
Mqqsc = c:\windows\drweb.exe
Mquuf = c:\windows\spoolsv.exe
Mqtw+ = c:\windows\nvsvc32.exe
MqsZ = c:\windows\mdm.exe
Mqug = c:\windows\smss.exe
MqrMc = c:\windows\gdi32.exe
Mquxe = c:\windows\system.exe
Mqpe = c:\windows\avp.exe
Mqrtc = c:\windows\hexdump.exe
Mquvc = c:\windows\setup.exe
Mqurb = c:\windows\taskmgr.exe
Mqruqc = c:\windows\iexplarer.exe
Mqqoc = c:\windows\debug.exe
Mque = c:\windows\user.exe
LvOJfeefnz1BLAUD\AppData\Local\Temp\4261188399.exe = c:\users\OJCLAUD\AppData\Local\Temp\4261188399.exe
LvOJfeefn20ALAUD\AppData\Local\Temp\2868445695.exe = c:\users\OJCLAUD\AppData\Local\Temp\2868445695.exe

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85EDD1F8]<<
_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x85edd008; MOV EAX, 0x806a44a0; CALL EAX; }
1 ntkrnlpa!IofCallDriver[0x8285C962] -> \Device\Harddisk0\DR0[0x86199968]
3 CLASSPNP[0x8B5A78B3] -> ntkrnlpa!IofCallDriver[0x8285C962] -> [0x85154850]
5 acpi[0x80C0E6BC] -> ntkrnlpa!IofCallDriver[0x8285C962] -> \Device\Ide\IdeDeviceP0T0L0-0[0x85F66B98]
\Driver\atapi[0x85F31A48] -> IRP_MJ_CREATE -> 0x85EDD1F8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
detected hooks:
\Driver\atapi -> 0x85edd1f8
user != kernel MBR !!!
Warning: possible MBR rootkit infection !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,52,95,ff,06,0a,49,4c,9e,5a,7d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,52,95,ff,06,0a,49,4c,9e,5a,7d,\

[HKEY_USERS\S-1-5-21-1144636083-63767480-2131124494-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8D80FF4C-AFD3-C0B3-8027-E870A6CB0C5B}*]
"haamibemkdkgbnkl"=hex:69,61,66,64,67,68,68,62,68,61,66,65,66,6c,6b,67,6e,61,
00,80
"iagmgeblpknjpjnedo"=hex:69,61,66,64,67,68,68,62,68,61,66,65,66,6c,6b,67,6e,61,
00,80

[HKEY_USERS\S-1-5-21-1144636083-63767480-2131124494-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E5674FBB-67B7-8D94-F1A3-C17F96A09113}*]
"iaghflfciggdainogn"=hex:69,61,68,63,66,6d,6f,6d,64,6f,70,68,61,63,65,6a,63,65,
00,80
"hamghkkdabgplfha"=hex:69,61,68,63,66,6d,6f,6d,64,6f,70,68,61,63,65,6a,63,65,
00,00
"hadbjfpgjpnokcid"=hex:61,63,6d,63,70,6e,62,67,70,63,6e,66,70,66,63,6f,6d,66,
65,6e,6c,62,6b,69,64,6f,6c,70,65,6c,6c,64,6e,62,6c,6b,6f,61,6f,6a,68,65,70,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8D80FF4C-AFD3-C0B3-8027-E870A6CB0C5B}\InProcServer32*]
"jaemdmfeicgehppaihoo"=hex:69,61,66,64,67,68,68,62,68,61,66,65,66,6c,6b,67,6e,
61,00,00
"iaemjllohfplpmaadp"=hex:69,61,66,64,67,68,68,62,68,61,66,65,66,6c,6b,67,6e,61,
00,80

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E5674FBB-67B7-8D94-F1A3-C17F96A09113}\InProcServer32*]
"jaigaagcdelhkfbbfade"=hex:69,61,68,63,66,6d,6f,6d,64,6f,70,68,61,63,65,6a,63,
65,00,00
"iaiggohilcbkglbfef"=hex:69,61,68,63,66,6d,6f,6d,64,6f,70,68,61,63,65,6a,63,65,
00,00

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2544)
c:\windows\system32\btmmhook.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-12-05 21:06:53
ComboFix-quarantined-files.txt 2010-12-06 05:06

Pre-Run: 66,427,887,616 bytes free
Post-Run: 66,407,137,280 bytes free

- - End Of File - - AEAB7ECD25BA2F0D227BA5EAD7D3384F




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users