Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Still having problems after trying to remove Virtumonde Trojan...

Started by mrjones0515 , Apr 04 2009 10:31 AM

  • Please log in to reply

#1
mrjones0515
Posted 04 April 2009 - 10:31 AM

mrjones0515

    New Member

  • Member
  • Pip
  • 7 posts
I am having a problem with trying to open IE 7 or update programs (i.e. malwarebytes)The odd thing is my Firefox works fine. It all started when I had some how obtained the Virtumonde trojan/viruses that screwed up my taskbar and my IE would constantly have pop-ups every hour while I was using Firefox. I used Spybot, Malwarebytes and VundoFix to get rid of the problems but they appear to have not gone away. It appears my iexplorer.exe is corrupt or something because it says the following when I open up IE:

Internet Explorer cannot display the webpage

Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.

What you can try:
Diagnose Connection Problems

More information

I did the diagnostic tool fix and it said :

Last diagnostic run time: 04/03/09 09:09:54 HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

info FTP (Passive): Successfully connected to ftp.microsoft.com.
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
info Redirecting user to support call

DNS Client Diagnostic
DNS - Not a home user scenario

info Using Web Proxy: yes
No DNS servers

DNS failure

Gateway Diagnostic
Gateway

info The following proxy configuration is being used by IE: Automatically Detect Settings:Disabled Automatic Configuration Script: Proxy Server:localhost:2323 Proxy Bypass list:local
info This computer has the following default gateway entry(ies): 67.121.147.3
info This computer has the following IP address(es): 67.121.147.2
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
info Skipped gateway connectivity check because of IE proxy configuration

IP Layer Diagnostic
Corrupted IP routing table

info The default route is valid
info The loopback route is valid
info The local host route is valid
info The local subnet route is valid
Invalid ARP cache entries

action The ARP cache has been flushed

IP Configuration Diagnostic
Invalid IP address

info Valid IP address detected: 67.121.147.2

Wireless Diagnostic
Wireless - Service disabled
Wireless - User SSID
Wireless - First time setup
Wireless - Radio off
Wireless - Out of range
Wireless - Hardware issue
Wireless - Novice user
Wireless - Ad-hoc network
Wireless - Less preferred
Wireless - 802.1x enabled
Wireless - Configuration mismatch
Wireless - Low SNR

WinSock Diagnostic
WinSock status

info All base service provider entries are present in the Winsock catalog.
info The Winsock Service provider chains are valid.
info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
info Provider entry CA ISafe LSP over [MSAFD Tcpip [TCP/IP]] -> MSAFD Tcpip [TCP/IP] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
info Provider entry CA ISafe LSP over [MSAFD Tcpip [UDP/IP]] -> MSAFD Tcpip [UDP/IP] passed the loopback communication test.
info Provider entry RSVP UDP Service Provider passed the loopback communication test.
info Provider entry RSVP TCP Service Provider passed the loopback communication test.
info Connectivity is valid for all Winsock service providers.

Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=Intel® PRO/100 VE Network Connection, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=Pittsburg--V.92 gct, Device=Conexant D850 56K V.9x DFVc Modem, MediaType=PHONE, SubMediaType=NONE
info Network connection: Name=1.ConnectTo.net, Device=Conexant D850 56K V.9x DFVc Modem, MediaType=PHONE, SubMediaType=NONE
info Network connection: Name=Incoming Connections, Device=(null), MediaType=NONE, SubMediaType=NONE
info Ethernet connection selected
Network adapter status

info Network connection status: Connected

HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

info FTP (Passive): Successfully connected to ftp.microsoft.com.
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
error Could not make an HTTP connection.
error Could not make an HTTPS connection.

I am in the process of following the malware removal steps in this forum. More to come...

Edited by mrjones0515, 04 April 2009 - 10:32 AM.

  • 0

Advertisements

#2
mrjones0515
Posted 04 April 2009 - 07:15 PM

mrjones0515

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Well after my unsuccessful attempt of completing the entire malware removal guide I thought I would post what I was able to complete.

I completed the ATF and Erunt.

Step 1: I scanned with Malewarebytes and deleted the virtumundo trojan..etc. (however I was unable to update my definitions due to denied access error)

Step 2 : I didn't complete this although I could but I wondered which of these was the best to keep: Spybot, Malwarebytes, SuperAntiSpy Freeware and for some reason I can't uninstall CA (Computer Assoc.)

Step 3: I'm not sure if its a good or bad thing but I could not upload XP Service Pack 3 ( denied access error again) I hope I don't have this conficker worm as this sevice pack is suppose to help in that respect.

Step 4 :I completed the Rooter.exe. See log :

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:29290 Mo/Free:3765 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sat 04/04/2009| 7:21

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\System32\drivers\CDAC11BA.EXE
---------- C:\Program Files\Yahoo!\Antivirus\ISafe.exe
---------- C:\WINDOWS\system32\cisvc.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\umonit.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
---------- C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
---------- C:\PROGRA~1\Yahoo!\YOP\yop.exe
---------- C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
---------- C:\WINDOWS\System32\DSentry.exe
---------- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
---------- C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
---------- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
--Locked-- zlclient.exe
---------- C:\WINDOWS\system32\ctfmon.exe
--Locked-- vsmon.exe
---------- C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
---------- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\PROGRA~1\Yahoo!\browser\ycommon.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\PROGRA~1\MI3AA1~1\rapimgr.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\Walter\Desktop\zonealarm\Zonelabs_Keygen.exe


1 - "C:\Rooter$\Rooter_1.txt" - Sat 04/04/2009| 7:23

----------------------\\ Scan completed at 7:23

Step 6 OT list Lt2 Log

OTListIt logfile created on: 4/4/2009 5:48:16 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.9.2 Folder = C:\Documents and Settings\Walter\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 69.23 Mb Available Physical Memory | 13.55% Memory free
1.22 Gb Paging File | 0.78 Gb Available in Paging File | 64.46% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.60 Gb Total Space | 5.07 Gb Free Space | 17.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WALT
Current User Name: Walter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe (Visual Networks)
PRC - C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe (Visual Networks)
PRC - C:\Program Files\Yahoo!\YOP\yop.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
PRC - C:\WINDOWS\System32\umonit.exe (General)
PRC - C:\Program Files\Yahoo!\browser\ycommon.exe (Yahoo!, Inc.)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Tall Emu\Online Armor\oahlp.exe (Tall Emu)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Walter\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Autodesk Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (C-DillaCdaC11BA [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE (Macrovision)
SRV - (CAISafe [Auto | Stopped]) -- C:\Program Files\Yahoo!\Antivirus\ISafe.exe (Computer Associates International, Inc.)
SRV - (CA_LIC_CLNT [Auto | Stopped]) -- File not found
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LogWatch [Auto | Stopped]) -- File not found
SRV - (mcupdmgr.exe [On_Demand | Stopped]) -- File not found
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NVSvc [Auto | Stopped]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (OAcat [Auto | Stopped]) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe (Tall Emu)
SRV - (PestPatrol Remote [Auto | Stopped]) -- File not found
SRV - (SvcOnlineArmor [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
SRV - (SymWSC [Auto | Stopped]) -- File not found
SRV - (uploadmgr [Auto | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (VETMSGNT [Auto | Stopped]) -- C:\Program Files\Yahoo!\Antivirus\VetMsg.exe (Computer Associates International, Inc.)
SRV - (VideoAcceleratorService [Auto | Stopped]) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YPCService [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\YPcservice.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (bvrp_pci [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (CdaC15BA [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS (Macrovision Europe Ltd)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DIGIRPS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\digirlpt.sys (Digi International, Inc.)
DRV - (dvd_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (fixustor [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\fixustor.sys (Genesys Logic)
DRV - (GearAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hardlock [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\hardlock.sys (Aladdin Knowledge Systems)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys (Intel® Corporation)
DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys (Intel® Corporation)
DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys (Intel® Corporation)
DRV - (ICAM3NT5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Icam3.sys (Microsoft Corporation)
DRV - (mdmxsdk [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mmc_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mr7910 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mr7910.sys (Mars Semiconductor Corp.)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (MxlW2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (OADevice [System | Running]) -- C:\WINDOWS\system32\drivers\OADriver.sys (Tall Emu Pty Ltd)
DRV - (OAmon [System | Running]) -- C:\WINDOWS\system32\drivers\OAmon.sys (Tall Emu Pty Ltd)
DRV - (OAnet [System | Running]) -- C:\WINDOWS\system32\drivers\OAnet.sys (Tall Emu Pty Ltd)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sbbotdi [Auto | Running]) -- C:\Program Files\SpeedBit Video Accelerator\sbbotdi.sys (SpeedBit Ltd.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SymEvent [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (UdfReadr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (VET-FILT [System | Running]) -- C:\WINDOWS\System32\drivers\Vet-Filt.sys (Computer Associates International, Inc.)
DRV - (VET-REC [System | Running]) -- C:\WINDOWS\System32\drivers\Vet-Rec.sys (Computer Associates International, Inc.)
DRV - (VETEBOOT [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\VetEBoot.sys (Computer Associates International, Inc.)
DRV - (VETEFILE [System | Running]) -- C:\WINDOWS\System32\drivers\VetEFile.sys (Computer Associates International, Inc.)
DRV - (VETFDDNT [System | Running]) -- C:\WINDOWS\System32\drivers\VetFDDNT.sys (Computer Associates International, Inc.)
DRV - (VETMONNT [System | Running]) -- C:\WINDOWS\System32\drivers\vetmonnt.sys (Computer Associates International, Inc.)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - (Wdm1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbbc.sys ()
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com.../?p=1147827942"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.0.4.1
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}:1.300.198
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.6
FF - prefs.js..extensions.enabledItems: {3205B348-523A-4fac-9BC4-9939CBF583B0}:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {0F8F2952-08E7-4C1F-9B22-29085C3FEE8F}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..keyword.URL: "http://search.freeca...h.yahoo.com&p="

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/26 14:07:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{0F8F2952-08E7-4C1F-9B22-29085C3FEE8F}: C:\DOCUMENTS AND SETTINGS\WALTER\LOCAL SETTINGS\APPLICATION DATA\{0F8F2952-08E7-4C1F-9B22-29085C3FEE8F} [2009/03/29 15:39:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/27 22:22:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/27 22:22:00 | 00,000,000 | ---D | M]

[2008/08/25 19:52:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Extensions
[2008/08/25 19:52:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/04 12:35:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Firefox\Profiles\341l9nur.default\extensions
[2009/02/17 13:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Firefox\Profiles\341l9nur.default\extensions\{18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}
[2008/08/31 14:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Firefox\Profiles\341l9nur.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2008/09/06 06:58:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Firefox\Profiles\341l9nur.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/01/14 20:14:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Firefox\Profiles\341l9nur.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2005/12/15 18:08:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Firefox\Profiles\341l9nur.default\extensions\{69087485-8EDE-4a6c-91BE-6B882EB268A5}
[2009/04/02 06:22:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Firefox\Profiles\341l9nur.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/04/04 09:47:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Firefox\Profiles\341l9nur.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2005/12/15 15:16:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Firefox\Profiles\341l9nur.default\extensions\{7C06F9C2-B0D0-47b4-93B8-116C919084BA}
[2008/04/02 19:40:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Firefox\Profiles\341l9nur.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
[2006/05/20 10:27:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Firefox\Profiles\341l9nur.default\extensions\{C1CCF2A6-D735-4817-866A-993A66CF9A3D}
[2009/01/14 20:14:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Firefox\Profiles\341l9nur.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2007/06/21 18:20:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Firefox\Profiles\341l9nur.default\extensions\{DD99D76F-5129-4fd3-A2DC-AB41D6FBCF98}
[2009/04/02 06:22:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Firefox\Profiles\341l9nur.default\extensions\[email protected]
[2009/04/02 21:18:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Firefox\Profiles\341l9nur.default\extensions\[email protected]
[2005/12/15 19:40:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Walter\Application Data\mozilla\Firefox\Profiles\341l9nur.default\extensions\[email protected]
[2009/02/17 13:12:03 | 00,000,655 | ---- | M] () -- C:\Documents and Settings\Walter\Application Data\Mozilla\FireFox\Profiles\341l9nur.default\searchplugins\yahoo-search.xml
[2009/04/03 21:48:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/08/25 19:34:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2008/09/08 21:17:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/27 22:22:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/30 19:19:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/10/20 10:42:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/05/18 20:02:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/06/14 07:30:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2008/08/10 11:15:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/26 14:08:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/27 22:21:45 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/27 22:21:45 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/02 09:31:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/02 09:31:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/02 09:31:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/15 04:31:09 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/07/02 09:31:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/02 09:31:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/07/02 09:31:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (303844 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10468 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McBrwHelper Class) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - File not found
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8988-34A187E2698B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" (Tall Emu)
O4 - HKLM..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" (Visual Networks)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe (General)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKLM..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)
O4 - HKLM..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart (Yahoo! Inc.)
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Systweak Memory Optimizer] memtuneup.exe File not found
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Walter\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yaho...alls/yinstc.cab (YInstStarter Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://images.autode...es/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1093826619421 (WUWebControl Class)
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} http://pointa.autode...l/SysVerChk.ocx (SysVerChk Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www3.ca.com/s...nfo/webscan.cab (WScanCtl Class)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} http://download.zone...canner37380.cab (ICSScanner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} http://download.yaho...rod/yregcfg.cab (RegConfig Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7796.7425925926 (Reg Error: Key error.)
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} http://www.microsoft...DI/0/GDIChk.CAB (GDIChk Object)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} http://pointa.autode...nu/InstBanr.Ocx (NOXLATE-BANR)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.co...,15/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} http://pointa.autode...nu/InstFred.Ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo....plorer1_9us.cab (PhotosCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macrom...abs/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} http://chat.yahoo.com/cab/yvwrctl.cab (Yahoo! Webcam Viewer Wrapper)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD 2002\AcPreview.ocx (AcPreview Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\88be193c565: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[280 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/04/04 13:54:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Walter\Application Data\OnlineArmor
[2009/04/04 13:54:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/04/04 13:53:39 | 00,030,920 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2009/04/04 13:53:38 | 00,178,376 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2009/04/04 13:53:38 | 00,028,872 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2009/04/04 13:53:37 | 00,000,000 | ---D | C] -- C:\Program Files\Tall Emu
[2009/04/04 13:53:33 | 00,000,000 | ---D | C] -- C:\OnlineArmor
[2009/04/04 13:52:39 | 13,229,544 | ---- | C] (Tall Emu Pty Ltd ) -- C:\DOCUME~1\Walter\Desktop\OA190Free.exe
[2009/04/04 13:51:50 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/04/04 12:26:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/04/04 10:22:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/04/04 10:22:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/04/04 10:22:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/04/04 09:57:06 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2009/04/04 09:57:05 | 00,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009/04/04 09:57:05 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2009/04/04 09:57:05 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2009/04/04 09:57:05 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/04/04 09:57:05 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk7.sys
[2009/04/04 09:57:05 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2009/04/04 09:57:04 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sdbus.sys
[2009/04/04 09:57:04 | 00,059,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/04/04 09:57:04 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009/04/04 09:57:04 | 00,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys
[2009/04/04 09:57:04 | 00,035,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/04/04 09:57:04 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ip6fw.sys
[2009/04/04 09:57:04 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009/04/04 09:57:04 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2009/04/04 09:57:04 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mssmbios.sys
[2009/04/04 09:57:04 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2009/04/04 09:57:04 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/04/04 09:57:03 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2009/04/04 09:57:03 | 00,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/04/04 09:57:03 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2009/04/04 09:57:03 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2009/04/04 09:57:03 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2009/04/04 09:57:03 | 00,013,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009/04/04 09:57:03 | 00,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tunmp.sys
[2009/04/04 09:57:03 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffdisk.sys
[2009/04/04 09:57:03 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_sd.sys
[2009/04/04 09:57:03 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/04/04 09:57:00 | 00,262,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\http.sys
[2009/04/04 09:57:00 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/04/04 09:57:00 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/04/04 09:57:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res2.dll
[2009/04/04 09:56:59 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msftedit.dll
[2009/04/04 09:56:59 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/04/04 09:56:59 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2009/04/04 09:56:58 | 04,256,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2009/04/04 09:56:58 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
[2009/04/04 09:56:58 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2009/04/04 09:56:58 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll
[2009/04/04 09:56:57 | 00,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2009/04/04 09:56:57 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys
[2009/04/04 09:56:57 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/04/04 09:56:57 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2009/04/04 09:56:57 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2009/04/04 09:56:57 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll
[2009/04/04 09:56:52 | 02,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2009/04/04 09:56:34 | 00,256,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentsvr.exe
[2009/04/04 09:56:34 | 00,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2009/04/04 09:56:34 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdpv.dll
[2009/04/04 09:56:34 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdp2.dll
[2009/04/04 09:56:34 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2009/04/04 09:56:34 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2009/04/04 09:56:34 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2009/04/04 09:56:34 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2009/04/04 09:56:34 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2009/04/04 09:56:34 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2009/04/04 09:56:34 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2009/04/04 09:56:33 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2009/04/04 09:56:33 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2009/04/04 09:56:33 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2009/04/04 09:56:33 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll
[2009/04/04 09:56:33 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2009/04/04 09:56:32 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2009/04/04 09:56:32 | 00,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll
[2009/04/04 09:56:32 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/04/04 09:56:32 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2009/04/04 09:56:32 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2009/04/04 09:56:32 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/04/04 09:56:32 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/04/04 09:56:32 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2009/04/04 09:56:32 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2009/04/04 09:56:32 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2009/04/04 09:56:32 | 00,015,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2009/04/04 09:56:31 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/04/04 09:56:31 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2009/04/04 09:56:31 | 00,109,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2009/04/04 09:56:31 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009/04/04 09:56:31 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll
[2009/04/04 09:56:31 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/04/04 09:56:31 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2009/04/04 09:56:25 | 00,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2009/04/04 09:56:25 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msader15.dll
[2009/04/04 09:56:24 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/04/04 09:56:24 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2009/04/04 09:56:24 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2009/04/04 09:56:24 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2009/04/04 09:56:23 | 02,479,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll
[2009/04/04 09:56:23 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2009/04/04 09:56:22 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2009/04/04 09:56:22 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2009/04/04 09:56:22 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2009/04/04 09:56:22 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2009/04/04 09:56:22 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll
[2009/04/04 09:56:22 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll
[2009/04/04 09:56:22 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll
[2009/04/04 09:56:22 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll
[2009/04/04 09:56:21 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/04/04 09:56:21 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll
[2009/04/04 09:56:20 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/04/04 09:56:20 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2009/04/04 09:56:20 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2009/04/04 09:56:20 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2009/04/04 09:56:20 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2009/04/04 09:56:19 | 01,197,294 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/04 09:56:19 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2009/04/04 09:56:19 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2009/04/04 09:56:18 | 00,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2009/04/04 09:56:18 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll
[2009/04/04 09:56:18 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2009/04/04 09:56:18 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2009/04/04 09:56:11 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaorar.dll
[2009/04/04 09:56:11 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll
[2009/04/04 09:56:11 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll
[2009/04/04 09:56:11 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll
[2009/04/04 09:56:11 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll
[2009/04/04 09:56:10 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll
[2009/04/04 09:56:10 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll
[2009/04/04 09:56:10 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasqlr.dll
[2009/04/04 09:56:03 | 01,033,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2009/04/04 09:55:59 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2009/04/04 09:55:55 | 01,022,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2009/04/04 09:55:55 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2009/04/04 09:55:54 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdfview.dll
[2009/04/04 09:55:51 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ciodm.dll
[2009/04/04 09:55:44 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/04/04 09:55:42 | 01,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\danim.dll
[2009/04/04 09:55:37 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2009/04/04 09:55:37 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsrslvr.dll
[2009/04/04 09:55:33 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2009/04/04 09:55:31 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2009/04/04 09:55:28 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2009/04/04 09:55:27 | 00,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hhctrl.ocx
[2009/04/04 09:55:27 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hlink.dll
[2009/04/04 09:55:22 | 00,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/04/04 09:55:20 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iphlpapi.dll
[2009/04/04 09:55:18 | 00,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/04/04 09:55:18 | 00,163,840 | ---- | C] (America Online) -- C:\WINDOWS\System32\dllcache\jgdw400.dll
[2009/04/04 09:55:18 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2009/04/04 09:55:18 | 00,027,648 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\dllcache\jgpl400.dll
[2009/04/04 09:55:18 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec.dll
[2009/04/04 09:55:18 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2009/04/04 09:55:18 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2009/04/04 09:55:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2009/04/04 09:55:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2009/04/04 09:55:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2009/04/04 09:55:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2009/04/04 09:55:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2009/04/04 09:55:17 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2009/04/04 09:55:17 | 00,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2009/04/04 09:55:17 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2009/04/04 09:55:17 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2009/04/04 09:55:17 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2009/04/04 09:55:14 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2009/04/04 09:55:14 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mf3216.dll
[2009/04/04 09:55:09 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2009/04/04 09:55:09 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2009/04/04 09:55:05 | 00,151,583 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjint40.dll
[2009/04/04 09:55:00 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2009/04/04 09:54:58 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/04/04 09:54:52 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledlg.dll
[2009/04/04 09:54:46 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/04/04 09:54:45 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2009/04/04 09:54:45 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasmans.dll
[2009/04/04 09:54:45 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasadhlp.dll
[2009/04/04 09:54:42 | 00,433,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\riched20.dll
[2009/04/04 09:54:41 | 00,582,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2009/04/04 09:54:38 | 01,497,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2009/04/04 09:54:35 | 08,460,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2009/04/04 09:54:34 | 00,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009/04/04 09:54:33 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2009/04/04 09:54:28 | 00,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sxs.dll
[2009/04/04 09:54:23 | 00,577,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/04/04 09:54:23 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\upnphost.dll
[2009/04/04 09:54:21 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2009/04/04 09:54:20 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2009/04/04 09:54:19 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiaservc.dll
[2009/04/04 09:54:18 | 00,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2009/04/04 09:54:14 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll
[2009/04/04 09:54:14 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcer.dll
[2009/04/04 09:54:14 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcor.dll
[2009/04/04 09:54:14 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcfr.dll
[2009/04/04 09:54:13 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaddsr.dll
[2009/04/04 09:54:13 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaremr.dll
[2009/04/04 09:54:13 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprsr.dll
[2009/04/04 09:54:12 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\advapi32.dll
[2009/04/04 09:54:12 | 00,588,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autochk.exe
[2009/04/04 09:54:11 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2009/04/04 09:54:11 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2009/04/04 09:54:10 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2009/04/04 09:54:10 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.dll
[2009/04/04 09:54:10 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2009/04/04 09:54:10 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.dll
[2009/04/04 09:54:10 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imagehlp.dll
[2009/04/04 09:54:10 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2009/04/04 09:54:10 | 00,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhcpcsvc.dll
[2009/04/04 09:54:10 | 00,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpcsvc.dll
[2009/04/04 09:54:10 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2009/04/04 09:54:10 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2009/04/04 09:54:10 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2009/04/04 09:54:09 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2009/04/04 09:54:09 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009/04/04 09:54:09 | 00,341,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2009/04/04 09:54:09 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe
[2009/04/04 09:54:09 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmhsvc.dll
[2009/04/04 09:54:08 | 00,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2009/04/04 09:54:08 | 00,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/04 09:54:08 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msv1_0.dll
[2009/04/04 09:54:08 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2009/04/04 09:54:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msgsvc.dll
[2009/04/04 09:54:08 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2009/04/04 09:54:07 | 00,708,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdll.dll
[2009/04/04 09:54:07 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2009/04/04 09:54:07 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll
[2009/04/04 09:54:06 | 00,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32.dll
[2009/04/04 09:54:06 | 00,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2009/04/04 09:54:06 | 00,419,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2009/04/04 09:54:06 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2009/04/04 09:54:06 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwprovau.dll
[2009/04/04 09:54:05 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\printui.dll
[2009/04/04 09:54:05 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2009/04/04 09:54:05 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2009/04/04 09:54:04 | 00,657,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll
[2009/04/04 09:54:04 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2009/04/04 09:54:04 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasauto.dll
[2009/04/04 09:54:04 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2009/04/04 09:54:04 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll
[2009/04/04 09:54:04 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rshx32.dll
[2009/04/04 09:54:03 | 00,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll
[2009/04/04 09:54:03 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schannel.dll
[2009/04/04 09:54:03 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2009/04/04 09:54:03 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scardsvr.exe
[2009/04/04 09:54:03 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samlib.dll
[2009/04/04 09:54:03 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2009/04/04 09:54:02 | 00,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupapi.dll
[2009/04/04 09:54:02 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2009/04/04 09:54:02 | 00,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe
[2009/04/04 09:54:01 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2009/04/04 09:54:01 | 00,298,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysdm.cpl
[2009/04/04 09:54:01 | 00,275,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2009/04/04 09:54:01 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srvsvc.dll
[2009/04/04 09:54:01 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
[2009/04/04 09:54:01 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2009/04/04 09:54:00 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2009/04/04 09:54:00 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2009/04/04 09:53:59 | 01,846,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2009/04/04 09:53:59 | 01,846,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2009/04/04 09:53:59 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll
[2009/04/04 09:53:58 | 00,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\acpi.sys
[2009/04/04 09:53:58 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv
[2009/04/04 09:53:58 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2009/04/04 09:53:58 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wkssvc.dll
[2009/04/04 09:53:58 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2009/04/04 09:53:57 | 00,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sys
[2009/04/04 09:53:57 | 00,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2009/04/04 09:53:57 | 00,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys
[2009/04/04 09:53:57 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\arp1394.sys
[2009/04/04 09:53:57 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmarpc.sys
[2009/04/04 09:53:57 | 00,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2009/04/04 09:53:57 | 00,036,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2009/04/04 09:53:57 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\asyncmac.sys
[2009/04/04 09:53:57 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2009/04/04 09:53:56 | 00,071,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bridge.sys
[2009/04/04 09:53:56 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys
[2009/04/04 09:53:56 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2009/04/04 09:53:56 | 00,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdrom.sys
[2009/04/04 09:53:56 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crusoe.sys
[2009/04/04 09:53:56 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\disk.sys
[2009/04/04 09:53:56 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2009/04/04 09:53:56 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2009/04/04 09:53:55 | 00,799,744 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmboot.sys
[2009/04/04 09:53:55 | 00,153,344 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmio.sys
[2009/04/04 09:53:55 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
[2009/04/04 09:53:54 | 00,207,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dot4.sys
[2009/04/04 09:53:54 | 00,207,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2009/04/04 09:53:54 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys
[2009/04/04 09:53:54 | 00,071,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2009/04/04 09:53:54 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009/04/04 09:53:54 | 00,034,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys
[2009/04/04 09:53:54 | 00,027,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdc.sys
[2009/04/04 09:53:54 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\flpydisk.sys
[2009/04/04 09:53:54 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2009/04/04 09:53:53 | 00,134,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipnat.sys
[2009/04/04 09:53:53 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipsec.sys
[2009/04/04 09:53:53 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2009/04/04 09:53:53 | 00,041,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\imapi.sys
[2009/04/04 09:53:53 | 00,036,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2009/04/04 09:53:53 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2009/04/04 09:53:53 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipinip.sys
[2009/04/04 09:53:53 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omp.sys
[2009/04/04 09:53:53 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2009/04/04 09:53:53 | 00,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gameenum.sys
[2009/04/04 09:53:53 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/04/04 09:53:53 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009/04/04 09:53:53 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omgmt.sys
[2009/04/04 09:53:53 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelide.sys
[2009/04/04 09:53:52 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2009/04/04 09:53:52 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2009/04/04 09:53:52 | 00,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2009/04/04 09:53:52 | 00,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ks.sys
[2009/04/04 09:53:52 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys
[2009/04/04 09:53:52 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2009/04/04 09:53:52 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys
[2009/04/04 09:53:52 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\isapnp.sys
[2009/04/04 09:53:52 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys
[2009/04/04 09:53:52 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdclass.sys
[2009/04/04 09:53:52 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouclass.sys
[2009/04/04 09:53:52 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2009/04/04 09:53:52 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/04/04 09:53:51 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2009/04/04 09:53:51 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/04/04 09:53:51 | 00,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxdav.sys
[2009/04/04 09:53:51 | 00,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxdav.sys
[2009/04/04 09:53:51 | 00,107,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys
[2009/04/04 09:53:51 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2009/04/04 09:53:51 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2009/04/04 09:53:51 | 00,035,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msgpc.sys
[2009/04/04 09:53:51 | 00,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys
[2009/04/04 09:53:51 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2009/04/04 09:53:51 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2009/04/04 09:53:51 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2009/04/04 09:53:51 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2009/04/04 09:53:51 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2009/04/04 09:53:50 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys
[2009/04/04 09:53:50 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2009/04/04 09:53:50 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/04/04 09:53:50 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbt.sys
[2009/04/04 09:53:50 | 00,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2009/04/04 09:53:50 | 00,119,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pcmcia.sys
[2009/04/04 09:53:50 | 00,091,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndiswan.sys
[2009/04/04 09:53:50 | 00,088,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2009/04/04 09:53:50 | 00,080,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parport.sys
[2009/04/04 09:53:50 | 00,068,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pci.sys
[2009/04/04 09:53:50 | 00,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nic1394.sys
[2009/04/04 09:53:50 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\p3.sys
[2009/04/04 09:53:50 | 00,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2009/04/04 09:53:50 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys
[2009/04/04 09:53:50 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\processr.sys
[2009/04/04 09:53:50 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbios.sys
[2009/04/04 09:53:50 | 00,030,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys
[2009/04/04 09:53:50 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2009/04/04 09:53:50 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys
[2009/04/04 09:53:50 | 00,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisuio.sys
[2009/04/04 09:53:50 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys
[2009/04/04 09:53:50 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndistapi.sys
[2009/04/04 09:53:49 | 00,196,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2009/04/04 09:53:49 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdbss.sys
[2009/04/04 09:53:49 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdbss.sys
[2009/04/04 09:53:49 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\psched.sys
[2009/04/04 09:53:49 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasl2tp.sys
[2009/04/04 09:53:49 | 00,048,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspptp.sys
[2009/04/04 09:53:49 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspppoe.sys
[2009/04/04 09:53:48 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2009/04/04 09:53:48 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/04/04 09:53:48 | 00,139,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2009/04/04 09:53:48 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2009/04/04 09:53:48 | 00,064,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serial.sys
[2009/04/04 09:53:48 | 00,057,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2009/04/04 09:53:48 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2009/04/04 09:53:48 | 00,025,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2009/04/04 09:53:48 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serenum.sys
[2009/04/04 09:53:48 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys
[2009/04/04 09:53:48 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys
[2009/04/04 09:53:48 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiscan.sys
[2009/04/04 09:53:48 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2009/04/04 09:53:47 | 00,360,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys
[2009/04/04 09:53:47 | 00,360,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2009/04/04 09:53:47 | 00,333,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2009/04/04 09:53:47 | 00,333,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/04/04 09:53:47 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2009/04/04 09:53:47 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2009/04/04 09:53:47 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2009/04/04 09:53:47 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2009/04/04 09:53:47 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2009/04/04 09:53:47 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stream.sys
[2009/04/04 09:53:47 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys
[2009/04/04 09:53:47 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2009/04/04 09:53:47 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2009/04/04 09:53:47 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2009/04/04 09:53:47 | 00,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swenum.sys
[2009/04/04 09:53:46 | 00,225,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2009/04/04 09:53:46 | 00,225,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2009/04/04 09:53:45 | 00,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\update.sys
[2009/04/04 09:53:45 | 00,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\update.sys
[2009/04/04 09:53:45 | 00,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udfs.sys
[2009/04/04 09:53:45 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2009/04/04 09:53:45 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2009/04/04 09:53:45 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2009/04/04 09:53:45 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2009/04/04 09:53:44 | 00,142,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2009/04/04 09:53:44 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2009/04/04 09:53:44 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2009/04/04 09:53:44 | 00,079,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2009/04/04 09:53:44 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys
[2009/04/04 09:53:44 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbhub.sys
[2009/04/04 09:53:44 | 00,052,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volsnap.sys
[2009/04/04 09:53:44 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wanarp.sys
[2009/04/04 09:53:44 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/04/04 09:53:44 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/04/04 09:53:44 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbstor.sys
[2009/04/04 09:53:44 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009/04/04 09:53:44 | 00,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2009/04/04 09:53:44 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2009/04/04 09:53:44 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vga.sys
[2009/04/04 09:53:44 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbuhci.sys
[2009/04/04 09:53:44 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2009/04/04 09:53:44 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2009/04/04 09:53:44 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys
[2009/04/04 09:53:44 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaide.sys
[2009/04/04 09:53:43 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2009/04/04 09:53:43 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/04/04 09:53:43 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2009/04/04 09:53:43 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/04/04 09:53:43 | 00,131,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2009/04/04 08:01:11 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2009/04/04 08:01:10 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2009/04/04 08:01:05 | 00,008,261 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneoc.dll
[2009/04/04 07:19:25 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/04 06:59:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/04 06:58:45 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Walter\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/04 06:58:41 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\Walter\Desktop\NTREGOPT.lnk
[2009/04/04 06:58:41 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\Walter\Desktop\ERUNT.lnk
[2009/04/04 06:58:39 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/04 06:57:15 | 01,304,752 | ---- | C] () -- C:\Documents and Settings\Walter\My Documents\cc_20090403_141931.reg
[2009/04/04 06:53:07 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\Walter\Desktop\erunt_setup.exe
[2009/04/04 06:40:13 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Walter\Desktop\Rooter.exe
[2009/04/03 23:00:18 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Documents\microsoft
[2009/04/03 22:52:32 | 00,001,891 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/04/03 15:15:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/03 15:14:50 | 00,000,780 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/03 15:14:40 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/03 15:14:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Walter\Application Data\SUPERAntiSpyware.com
[2009/04/03 15:13:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/03 14:49:16 | 53,589,1968 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/03 14:46:04 | 01,340,394 | ---- | C] () -- C:\MGtools.exe
[2009/04/03 14:45:26 | 03,067,000 | ---- | C] () -- C:\DOCUME~1\Walter\Desktop\ComboFix.exe
[2009/04/03 14:43:14 | 06,237,728 | ---- | C] () -- C:\DOCUME~1\Walter\Desktop\SUPERAntiSpyware.exe
[2009/04/03 14:19:35 | 01,304,752 | ---- | C] () -- C:\cc_20090403_141931.reg
[2009/04/03 14:08:48 | 00,001,548 | ---- | C] () -- C:\DOCUME~1\Walter\Desktop\CCleaner.lnk
[2009/04/03 14:08:47 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/03 12:32:47 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\DOCUME~1\Walter\Desktop\VirtumundoBeGone.exe
[2009/04/03 11:06:33 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Walter\Desktop\OTListIt2.exe
[2009/04/03 09:54:03 | 00,001,734 | ---- | C] () -- C:\DOCUME~1\Walter\Desktop\HijackThis.lnk
[2009/04/03 09:54:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/03 09:53:21 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\DOCUME~1\Walter\Desktop\HJTInstall.exe
[2009/04/03 08:55:10 | 00,000,000 | ---D | C] -- C:\Program Files\PageFix 2.0
[2009/04/03 08:51:55 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2009/04/03 08:51:51 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2009/03/29 21:58:48 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/03/29 21:10:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Walter\Application Data\Malwarebytes
[2009/03/29 21:10:15 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/29 21:10:15 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/29 21:10:11 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/29 21:10:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/29 21:10:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/29 15:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Walter\Local Settings\Application Data\{0F8F2952-08E7-4C1F-9B22-29085C3FEE8F}
[2009/03/27 23:45:52 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/03/27 23:44:01 | 00,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/03/27 22:49:42 | 00,000,057 | ---- | C] () -- C:\xcrashdump.dat
[2009/03/26 19:12:15 | 00,013,423 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2009/03/26 19:04:31 | 00,001,294 | -HS- | C] () -- C:\WINDOWS\System32\GroupPolicy000.dat
[2009/03/26 19:04:31 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\NetworkService32
[2009/03/26 19:04:24 | 00,005,737 | -HS- | C] () -- C:\Documents and Settings\Walter\Application Data\02000000f255db1d565C.manifest
[2009/03/26 19:04:24 | 00,001,811 | -HS- | C] () -- C:\Documents and Settings\Walter\Application Data\02000000f255db1d565P.manifest
[2009/03/26 19:04:24 | 00,000,475 | -HS- | C] () -- C:\Documents and Settings\Walter\Application Data\02000000f255db1d565O.manifest
[2009/03/26 19:04:24 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\Walter\Application Data\02000000f255db1d565S.manifest
[2009/03/25 20:58:37 | 00,028,160 | ---- | C] () -- C:\DOCUME~1\Walter\Desktop\Letter to Ms. Page.doc
[2009/03/23 17:46:14 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/16 20:25:13 | 00,140,251 | ---- | C] () -- C:\DOCUME~1\Walter\Desktop\shazam.jpg

========== Files - Modified Within 30 Days ==========

[280 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/04/04 17:56:00 | 00,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/04/04 17:04:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/04/04 14:45:20 | 00,017,145 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/04 14:41:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/04 14:41:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/04/04 14:41:18 | 53,589,1968 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/04 14:19:21 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/04 13:54:15 | 00,083,228 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.idx
[2009/04/04 13:53:02 | 13,229,544 | ---- | M] (Tall Emu Pty Ltd ) -- C:\DOCUME~1\Walter\Desktop\OA190Free.exe
[2009/04/04 12:29:44 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/04/04 12:29:44 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/04/04 11:30:35 | 00,250,032 | RHS- | M] () -- C:\NTLDR
[2009/04/04 08:02:53 | 00,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/04 06:58:45 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Walter\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/04 06:58:41 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\Walter\Desktop\NTREGOPT.lnk
[2009/04/04 06:58:41 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\Walter\Desktop\ERUNT.lnk
[2009/04/04 06:53:07 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\Walter\Desktop\erunt_setup.exe
[2009/04/04 06:40:15 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Walter\Desktop\Rooter.exe
[2009/04/04 06:27:56 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/04/04 06:27:48 | 00,530,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/03 15:14:50 | 00,000,780 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/03 14:46:04 | 01,340,394 | ---- | M] () -- C:\MGtools.exe
[2009/04/03 14:45:29 | 03,067,000 | ---- | M] () -- C:\DOCUME~1\Walter\Desktop\ComboFix.exe
[2009/04/03 14:43:21 | 06,237,728 | ---- | M] () -- C:\DOCUME~1\Walter\Desktop\SUPERAntiSpyware.exe
[2009/04/03 14:19:57 | 01,304,752 | ---- | M] () -- C:\Documents and Settings\Walter\My Documents\cc_20090403_141931.reg
[2009/04/03 14:19:57 | 01,304,752 | ---- | M] () -- C:\cc_20090403_141931.reg
[2009/04/03 14:08:48 | 00,001,548 | ---- | M] () -- C:\DOCUME~1\Walter\Desktop\CCleaner.lnk
[2009/04/03 12:32:50 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\DOCUME~1\Walter\Desktop\VirtumundoBeGone.exe
[2009/04/03 11:06:37 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Walter\Desktop\OTListIt2.exe
[2009/04/03 09:54:04 | 00,001,734 | ---- | M] () -- C:\DOCUME~1\Walter\Desktop\HijackThis.lnk
[2009/04/03 09:53:26 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\DOCUME~1\Walter\Desktop\HJTInstall.exe
[2009/04/03 08:56:29 | 00,002,177 | ---- | M] () -- C:\WINDOWS\winzip32.ini
[2009/04/03 08:56:29 | 00,000,815 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/04/03 08:51:55 | 00,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2009/04/03 08:51:51 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2009/03/31 20:10:01 | 00,002,137 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/03/31 20:04:43 | 00,003,576 | ---- | M] () -- C:\WINDOWS\cdPlayer.ini
[2009/03/31 16:58:55 | 00,223,744 | ---- | M] () -- C:\Documents and Settings\Walter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/29 21:10:15 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/29 20:58:36 | 00,000,475 | -HS- | M] () -- C:\Documents and Settings\Walter\Application Data\02000000f255db1d565O.manifest
[2009/03/29 20:58:36 | 00,000,011 | -HS- | M] () -- C:\Documents and Settings\Walter\Application Data\02000000f255db1d565S.manifest
[2009/03/29 20:58:35 | 00,005,737 | -HS- | M] () -- C:\Documents and Settings\Walter\Application Data\02000000f255db1d565C.manifest
[2009/03/29 20:58:35 | 00,001,811 | -HS- | M] () -- C:\Documents and Settings\Walter\Application Data\02000000f255db1d565P.manifest
[2009/03/29 16:56:06 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BE27D980-2F98-43C6-844C-BEA5104306DE}.job
[2009/03/29 15:20:41 | 06,029,312 | ---- | M] () -- C:\WINDOWS\System32\RO57D8.bac
[2009/03/29 15:19:36 | 45,613,056 | ---- | M] () -- C:\WINDOWS\System32\RO57D3.bac
[2009/03/29 15:19:36 | 03,407,872 | ---- | M] () -- C:\WINDOWS\System32\RO57DB.bac
[2009/03/29 15:19:36 | 00,253,952 | ---- | M] () -- C:\WINDOWS\System32\RO57E3.bac
[2009/03/29 15:19:36 | 00,118,784 | ---- | M] () -- C:\WINDOWS\System32\RO57D0.bac
[2009/03/29 15:19:36 | 00,024,576 | ---- | M] () -- C:\WINDOWS\System32\RO57E0.bac
[2009/03/28 06:38:17 | 00,000,103 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/28 01:21:06 | 00,303,844 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/03/28 00:14:00 | 00,000,933 | ---- | M] () -- C:\DOCUME~1\Walter\Desktop\Spybot - Search & Destroy.lnk
[2009/03/28 00:10:11 | 00,303,844 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20090328-012106.backup
[2009/03/27 23:44:03 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2009/03/27 22:49:42 | 00,000,057 | ---- | M] () -- C:\xcrashdump.dat
[2009/03/27 17:41:26 | 42,205,184 | ---- | M] () -- C:\WINDOWS\System32\RO1A88.bac
[2009/03/27 17:41:26 | 06,029,312 | ---- | M] () -- C:\WINDOWS\System32\RO1A8B.bac
[2009/03/27 17:41:26 | 00,278,528 | ---- | M] () -- C:\WINDOWS\System32\RO1A90.bac
[2009/03/27 17:41:26 | 00,253,952 | ---- | M] () -- C:\WINDOWS\System32\RO1A98.bac
[2009/03/27 17:41:26 | 00,233,472 | ---- | M] () -- C:\WINDOWS\System32\RO1AA0.bac
[2009/03/27 17:41:26 | 00,118,784 | ---- | M] () -- C:\WINDOWS\System32\RO1A83.bac
[2009/03/27 17:41:26 | 00,024,576 | ---- | M] () -- C:\WINDOWS\System32\RO1A93.bac
[2009/03/27 17:40:56 | 10,223,616 | ---- | M] () -- C:\WINDOWS\System32\RO1AA8.bac
[2009/03/27 17:40:56 | 00,335,872 | ---- | M] () -- C:\WINDOWS\System32\RO1AAB.bac
[2009/03/27 07:36:37 | 00,008,192 | ---- | M] () -- C:\WINDOWS\System32\RO57E8.bac
[2009/03/26 19:12:15 | 00,013,423 | ---- | M] () -- C:\WINDOWS\GnuHashes.ini
[2009/03/26 19:04:31 | 00,001,294 | -HS- | M] () -- C:\WINDOWS\System32\GroupPolicy000.dat
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 21:08:45 | 00,028,160 | ---- | M] () -- C:\DOCUME~1\Walter\Desktop\Letter to Ms. Page.doc
[2009/03/25 09:02:14 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/24 15:39:11 | 00,001,178 | -H-- | M] () -- C:\Documents and Settings\Walter\My Documents\Default.rdp
[2009/03/17 06:12:06 | 41,680,896 | ---- | M] () -- C:\WINDOWS\System32\ROE754.bac
[2009/03/17 06:12:06 | 06,029,312 | ---- | M] () -- C:\WINDOWS\System32\ROE757.bac
[2009/03/17 06:12:06 | 00,524,288 | ---- | M] () -- C:\WINDOWS\System32\ROE75C.bac
[2009/03/17 06:12:06 | 00,253,952 | ---- | M] () -- C:\WINDOWS\System32\ROE764.bac
[2009/03/17 06:12:06 | 00,233,472 | ---- | M] () -- C:\WINDOWS\System32\ROE76C.bac
[2009/03/17 06:12:06 | 00,118,784 | ---- | M] () -- C:\WINDOWS\System32\ROE74F.bac
[2009/03/17 06:12:06 | 00,024,576 | ---- | M] () -- C:\WINDOWS\System32\ROE75F.bac
[2009/03/17 06:12:05 | 10,223,616 | ---- | M] () -- C:\WINDOWS\System32\ROE774.bac
[2009/03/16 22:48:37 | 00,008,192 | ---- | M] () -- C:\WINDOWS\System32\RO1AA3.bac
[2009/03/16 22:48:36 | 00,008,192 | ---- | M] () -- C:\WINDOWS\System32\RO1A9B.bac
[2009/03/16 20:25:19 | 00,140,251 | ---- | M] () -- C:\DOCUME~1\Walter\Desktop\shazam.jpg
[2009/03/08 22:35:12 | 00,524,288 | ---- | M] () -- C:\WINDOWS\System32\ROE777.bac
[2009/03/08 11:17:56 | 00,407,670 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/03/08 11:17:56 | 00,064,200 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/03/08 11:17:55 | 00,479,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
< End of report >

OTListIt Extras logfile created on: 4/4/2009 5:48:16 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.9.2 Folder = C:\Documents and Settings\Walter\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 69.23 Mb Available Physical Memory | 13.55% Memory free
1.22 Gb Paging File | 0.78 Gb Available in Paging File | 64.46% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.60 Gb Total Space | 5.07 Gb Free Space | 17.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WALT
Current User Name: Walter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = YBrowser.HTML] -- C:\Program Files\Yahoo!\browser\ybrowser.exe (Yahoo!, Inc.)
.scr [@ = AutoCADScriptFile] -- C:\WINDOWS\NOTEPAD.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = AutoCADScriptFile] -- C:\WINDOWS\notepad.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\WINDOWS\SYSTEM32\muzapp.exe:*:Enabled:MUZ AOD APP player File not found
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0354C0B5-AA35-49D8-B7B7-1CF3412465DD}" = DataCastComponent
"{097346E0-6A51-11D1-AD16-00A0C95E0503}(SBC)" = Visual IP InSight(SBC)
"{0B4A82D9-D7F1-4645-812D-4E02A59DFEEE}" = CA eTrust PestPatrol Anti-Spyware Corporate Edition
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2642BE09-1F9F-4E18-AAD4-0258B9BCE611}" = hp officejet g series
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2739EB96-BE17-4ABE-9002-F447DFB63467}" = Mechanical and Electrical Systems
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4177E337-830E-4097-BB4A-52D6464F2272}" = Construction Documents and Services
"{4A4AB90A-FB23-412C-9D01-BF1C8561AA16}" = General Structures Test Bank
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5783F2D7-0304-0409-0002-0060B0CE6BBA}" = Autodesk Architectural Desktop 2005
"{5783F2D7-0311-0409-0000-0060B0CE6BBA}" = AutoCAD 2005 Express Tools Volumes 1-9
"{5849EAC5-0372-4CA9-8E0C-419522E8804A}" = Pre-Design Test Bank
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5FF4A578-4588-4ACF-8317-7191FC45F3E1}" = TaxCut California 2007
"{634F6989-4BB5-4EF2-AF6F-C15700F81494}}_is1" = Advanced System Optimizer 2
"{6549AA0C-6D93-4E76-9A13-6A6A0AA4FD6D}" = TaxCut California 2008
"{67183F00-3DDC-497B-A090-4E2B79EAF1CD}" = Photo Viewer
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1" = Moyea FLV Player version 1.5.2.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AF90EF6-F7F9-466C-99F4-1774826FBB40}" = Symantec Network Driver Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CEA5EF64-B694-4B79-9A2C-0FF738906A1D}" = DriverGuide Toolkit
"{CF9A795B-2E4A-42D3-A4C4-333D5BF39350}" = TaxCut Premium + State + Efile 2007
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F8EFF5E4-9B76-417B-A0BC-325659CFDA82}" = ImageMate 8 in 1 Read/Writer (SDDR-88)
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"693218053459EBF14C6505EA1172F17672B50DD1" = Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
"Abacast Client" = Abacast Client
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"CCleaner" = CCleaner (remove only)
"Citrix ICA Web Client" = Citrix ICA Web Client
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"DivX Codec" = DivX Codec
"DivX Player" = DivX Player
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"ERUNT_is1" = ERUNT 1.1j
"FixUstor" = Generic USB Mass Storage Patch Driver
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"hp instant support" = hp instant support
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OnlineArmor_is1" = Online Armor 3.0
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"RealPlayer 6.0" = RealPlayer
"SBC Yahoo! Applications" = SBC Yahoo! Applications
"Shockwave" = Shockwave
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"ST6UNST #1" = PageFix 2.0
"TaxCut 2004" = TaxCut 2004
"TaxCut Deluxe 2005" = TaxCut Deluxe 2005
"TaxCut Premium 2006" = TaxCut Premium 2006
"TVUPlayer" = TVUPlayer 2.4.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6b
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.2 final uninstall
"Yahoo! Search Defender" = Yahoo! Search Protection
"ZSoft Uninstaller" = ZSoft Uninstaller 2.3.4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ESPN Java Check" = ESPN Java Check
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/3/2009 1:37:39 PM | Computer Name = WALT | Source = nview_info | ID = 11141121
Description =

Error - 4/3/2009 1:37:39 PM | Computer Name = WALT | Source = nview_info | ID = 11141121
Description =

Error - 4/3/2009 1:37:39 PM | Computer Name = WALT | Source = nview_info | ID = 11141121
Description =

Error - 4/4/2009 1:59:54 AM | Computer Name = WALT | Source = MsiInstaller | ID = 11316
Description = Product: Windows Live Sign-in Assistant -- Error 1316. A network error
occurred while attempting to read from the file: C:\WINDOWS\TEMP\IXP000.TMP\Install_{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}.msi

Error - 4/4/2009 2:00:18 AM | Computer Name = WALT | Source = MsiInstaller | ID = 11722
Description = Product: Windows Live Sign-in Assistant -- Error 1722. There is a
problem with this Windows Installer package. A program run as part of the setup
did not finish as expected. Contact your support personnel or package vendor. Action
RegisterWLLoginProxy, location: C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe, command: -regserver

Error - 4/4/2009 9:34:22 AM | Computer Name = WALT | Source = Application Error | ID = 1000
Description = Faulting application wuauclt.exe, version 7.2.6001.788, faulting module
unknown, version 0.0.0.0, fault address 0x74e8b253.

Error - 4/4/2009 10:04:35 AM | Computer Name = WALT | Source = nview_info | ID = 11141121
Description =

Error - 4/4/2009 10:04:57 AM | Computer Name = WALT | Source = nview_info | ID = 11141121
Description =

Error - 4/4/2009 12:30:42 PM | Computer Name = WALT | Source = MsiInstaller | ID = 11316
Description = Product: Windows Live Sign-in Assistant -- Error 1316. A network error
occurred while attempting to read from the file: C:\DOCUME~1\Walter\LOCALS~1\Temp\IXP000.TMP\Install_{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}.msi

Error - 4/4/2009 8:37:56 PM | Computer Name = WALT | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.9.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/4/2009 5:44:29 PM | Computer Name = WALT | Source = Service Control Manager | ID = 7000
Description = The VideoAcceleratorService service failed to start due to the following
error: %%5

Error - 4/4/2009 5:44:29 PM | Computer Name = WALT | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%5

Error - 4/4/2009 5:44:29 PM | Computer Name = WALT | Source = Service Control Manager | ID = 7000
Description = The Fax service failed to start due to the following error: %%5

Error - 4/4/2009 5:44:31 PM | Computer Name = WALT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 4/4/2009 5:44:31 PM | Computer Name = WALT | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%5

Error - 4/4/2009 5:44:34 PM | Computer Name = WALT | Source = IPXRouterManager | ID = 20133
Description = IPX Routing failed to start because IPX forwarder driver could not
be loaded.

Error - 4/4/2009 5:44:34 PM | Computer Name = WALT | Source = Service Control Manager | ID = 7000
Description = The IPX Traffic Forwarder Driver service failed to start due to the
following error: %%5

Error - 4/4/2009 5:44:34 PM | Computer Name = WALT | Source = RemoteAccess | ID = 20103
Description = Unable to load C:\WINDOWS\System32\ipxrtmgr.dll.

Error - 4/4/2009 5:44:37 PM | Computer Name = WALT | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 1003 (0x3EB).

Error - 4/4/2009 8:08:20 PM | Computer Name = WALT | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 0007E9784A17 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

I would like to mention I recently uninstalled ZoneAlarm and the dreaded Limewire ( I know Karma is a B#@$*).

Also I did not run Combofix even I downloaded it.

Thanks for your help. Beer time !!! this has been ongoing for a few days!!!
  • 0

#3
mrjones0515
Posted 06 April 2009 - 08:49 PM

mrjones0515

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I haven't received any feedback yet, any help is appreciated. Thanks!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP