Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Combofix not working [Solved]

Started by aznboi2o9 , Sep 19 2009 03:46 PM

  • This topic is locked This topic is locked

#1
aznboi2o9
Posted 19 September 2009 - 03:46 PM

aznboi2o9

    Member

  • Member
  • PipPip
  • 64 posts
I have been infected recently on my Dell laptop, but I managed to stop them using my antivirus, Comodo, and my on-demand scanners, Malwarebytes and Superantispyware. The case is that I cannot run combofix on normal mode. I've recently saw a C:\32788R22FWJFW folder and it has something to do with combofix. Whenever I try to go on combofix it will say that it cannot find 32788R22FWJFW. I cannot go into safe mode because it will automatically shut down by itself within a few seconds. I wanted to reformat my computer but again, when I am trying to reformat it, the stupid laptop just shuts down by itself. Whenever I'm in normal mode of the laptop, it rarely shuts down by itself. So, I really do not know what is the problem. Either I still have rootkits that I cannot find, or hardware problems. I'm at a loss.
Here is my MBAM log.

Malwarebytes' Anti-Malware 1.41
Database version: 2831
Windows 5.1.2600 Service Pack 2

1/20/2009 12:27:43 PM
mbam-log-2009-01-20 (12-27-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 246807
Time elapsed: 1 hour(s), 9 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\UACkxmubiqrlp.dll (Trojan.Agent) -> Delete on reboot.


ROOTREAPL LOG.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/01/20 12:42
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\windows\System32\Drivers\dump_atapi.sys
Address: 0xEDF24000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\windows\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AA0000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP2658
Image Path: \Driver\PCI_PNP2658
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\windows\system32\drivers\rootrepeal.sys
Address: 0xEB442000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spgx.sys
Image Path: spgx.sys
Address: 0xF7343000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11dd46

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11d250

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11d8ea

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11e2c2

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11d132

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11f254

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11f52c

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11ccf8

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11df2c

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11e0dc

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11ca5a

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spgx.sys" at address 0xf7362ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spgx.sys" at address 0xf7363030

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11eed6

#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11d4d4

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11db2e

#: 119 Function Name: NtOpenKey
Status: Hooked by "spgx.sys" at address 0xf73440c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11c78a

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11d764

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11c902

#: 160 Function Name: NtQueryKey
Status: Hooked by "spgx.sys" at address 0xf7363108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spgx.sys" at address 0xf7362f88

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11e688

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11e9f0

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11ec72

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11f084

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11e488

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11d46e

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11d658

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11cffc

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee11ceca

==EOF==

Edited by aznboi2o9, 20 September 2009 - 01:43 PM.

  • 0

Advertisements

#2
aznboi2o9
Posted 20 September 2009 - 01:53 PM

aznboi2o9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
OTL log

OTL logfile created on: 1/20/2009 12:43:29 PM - Run 3
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.98 Mb Total Physical Memory | 463.13 Mb Available Physical Memory | 51.81% Memory free
2.12 Gb Paging File | 1.73 Gb Available in Paging File | 81.74% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 25.10 Gb Free Space | 44.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL-B3446AB14D
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2006/10/11 21:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\windows\System32\Ati2evxx.exe
PRC - [2009/01/18 20:50:24 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2007/09/11 11:26:10 | 00,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2006/10/11 21:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\windows\System32\Ati2evxx.exe
PRC - [2007/03/16 18:10:46 | 00,020,480 | ---- | M] () -- C:\windows\System32\WLTRYSVC.EXE
PRC - [2007/03/16 18:10:42 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\windows\System32\bcmwltry.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/21 10:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/07/26 07:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/07/26 07:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\windows\System32\HPZipm12.exe
PRC - [2007/10/09 18:56:30 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2004/08/04 02:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wbem\wmiprvse.exe
PRC - [2007/06/13 02:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\windows\Explorer.EXE
PRC - [2008/07/26 07:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2006/03/08 12:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/05/14 14:23:32 | 01,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/10/09 18:56:24 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/21 10:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/01/18 20:51:25 | 01,799,952 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2009/09/11 18:34:44 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/01/20 12:42:58 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/10/11 21:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\windows\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2007/09/11 11:26:10 | 00,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/01/18 20:50:24 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2007/03/19 12:44:44 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/10/22 15:06:36 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2004/08/04 02:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/05/21 10:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/26 07:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
SRV - [2008/07/26 07:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2004/08/04 02:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ipxsap.dll -- (NwSapAgent [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\windows\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\windows\System32\PSIService.exe -- (ProtexisLicensing [Disabled | Stopped])
SRV - File not found -- -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2007/12/10 13:59:04 | 00,353,280 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2007/10/09 18:56:30 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2007/03/16 18:10:46 | 00,020,480 | ---- | M] () -- C:\windows\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn, = http://search.nation...s...=web&qkw=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,: = %3A
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,= = %3D
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/27 01:51:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/12 22:29:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/12 22:29:46 | 00,000,000 | ---D | M]

[2008/07/20 18:20:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Extensions
[2008/07/20 18:20:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/13 21:40:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Firefox\Profiles\9rjibm24.default\extensions
[2009/07/13 21:51:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Firefox\Profiles\9rjibm24.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2008/09/09 01:36:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Firefox\Profiles\9rjibm24.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009/07/13 21:51:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Firefox\Profiles\9rjibm24.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/13 21:51:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Firefox\Profiles\9rjibm24.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/10/15 01:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Firefox\Profiles\9rjibm24.default\extensions\[email protected]
[2009/09/13 21:40:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Firefox\Profiles\9rjibm24.default\extensions\[email protected]
[2008/07/17 21:53:44 | 00,001,010 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Mozilla\FireFox\Profiles\9rjibm24.default\searchplugins\aimsearch.gif
[2008/07/17 21:53:44 | 00,000,301 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Mozilla\FireFox\Profiles\9rjibm24.default\searchplugins\aimsearch.src
[2008/05/14 13:05:41 | 00,001,901 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Mozilla\FireFox\Profiles\9rjibm24.default\searchplugins\aimsearch.xml
[2009/09/13 21:40:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 12:37:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/27 01:51:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/27 20:34:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/05/09 16:35:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/14 11:43:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2008/09/09 04:57:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/09/11 18:34:43 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/11 18:34:43 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/03 17:19:06 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/05/21 10:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/11 18:34:46 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/09/17 17:25:40 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2004/12/14 01:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/01/18 11:50:00 | 00,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2009/08/18 23:45:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/18 23:45:07 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/18 23:45:07 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/18 23:45:07 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/18 23:45:07 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/18 23:45:07 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/18 23:45:07 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (789 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0122CC7-9671-4BD2-AC81-AEAE8001E2F2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F6B40D73-1671-4A2F-BD6F-B1DD69E0F9A0} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\windows\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\windows\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zon...ss.cab57176.cab (ZoneChess Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - http://gfx2.hotmail....r/i_onecare.gif
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b8df7904-97d2-11dd-8875-001a925e497b}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\{b8df7904-97d2-11dd-8875-001a925e497b}\Shell\open\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe) - C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe File not found
O34 - HKLM BootExecute: ("\??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat) - C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - C:\windows\System32\ipxsap.dll (Microsoft Corporation)
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2 C:\Documents and Settings\Home\Desktop\*.tmp files]
[2009/09/17 21:03:45 | 00,341,007 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\07170909.jpg
[2009/09/17 21:01:01 | 00,405,331 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\071709.jpg
[2009/09/13 19:08:43 | 00,000,045 | ---- | C] () -- C:\windows\System32\initdebug.nfo
[2009/09/13 15:04:43 | 00,230,912 | ---- | C] () -- C:\windows\PEV.exe
[2009/09/13 15:01:43 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/13 10:11:22 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/09/12 19:11:33 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/09/12 19:10:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/09/12 19:06:07 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/12 19:06:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/09/12 19:06:01 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2009/09/12 19:06:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/12 17:36:07 | 00,061,440 | ---- | C] () -- C:\windows\System32\drivers\pjwd.sys
[2009/09/12 17:15:06 | 00,000,000 | ---- | C] () -- C:\backup.reg
[2009/09/12 17:15:01 | 00,000,574 | ---- | C] () -- C:\cleanup.bat
[2009/09/10 21:35:16 | 00,000,153 | ---- | C] () -- C:\windows\cavscan.INI
[2009/09/10 21:33:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\COMODO
[2009/09/10 19:12:32 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/09/09 21:59:53 | 00,000,272 | ---- | C] () -- C:\windows\System32\drivers\sfi.dat
[2009/09/09 21:58:05 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/09/09 21:56:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2009/09/09 21:56:25 | 00,179,792 | ---- | C] (COMODO) -- C:\windows\System32\guard32.dll
[2009/09/09 21:56:25 | 00,132,296 | ---- | C] (COMODO) -- C:\windows\System32\drivers\cmdguard.sys
[2009/09/09 21:56:25 | 00,087,104 | ---- | C] (COMODO) -- C:\windows\System32\drivers\inspect.sys
[2009/09/09 21:56:25 | 00,025,160 | ---- | C] (COMODO) -- C:\windows\System32\drivers\cmdhlp.sys
[2009/09/09 21:56:22 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/09/08 15:33:09 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/09/07 21:37:58 | 00,011,131 | ---- | C] () -- C:\windows\edupix.reg
[2009/08/14 02:30:37 | 00,018,985 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\ibyqofosik.bin
[2009/08/14 02:30:37 | 00,018,454 | ---- | C] () -- C:\windows\dubezu.ban
[2009/08/14 02:30:37 | 00,018,307 | ---- | C] () -- C:\Program Files\Common Files\tetaqis.bin
[2009/08/14 02:30:37 | 00,017,871 | ---- | C] () -- C:\Program Files\Common Files\mysozimeje.scr
[2009/08/14 02:30:37 | 00,017,851 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\uhyke.com
[2009/08/14 02:30:37 | 00,017,182 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\osysi.vbs
[2009/08/14 02:30:37 | 00,016,852 | ---- | C] () -- C:\Program Files\Common Files\zigon.bin
[2009/08/14 02:30:37 | 00,016,469 | ---- | C] () -- C:\windows\cowolocyh.reg
[2009/08/14 02:30:37 | 00,016,385 | ---- | C] () -- C:\windows\qyhawuwy.bin
[2009/08/14 02:30:37 | 00,015,962 | ---- | C] () -- C:\windows\oturi.pif
[2009/08/14 02:30:37 | 00,015,827 | ---- | C] () -- C:\windows\System32\tojel.bin
[2009/08/14 02:30:37 | 00,015,577 | ---- | C] () -- C:\windows\System32\ovuvahor.scr
[2009/08/14 02:30:37 | 00,014,399 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\ubobima._dl
[2009/08/14 02:30:37 | 00,014,204 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\irojowiqu.inf
[2009/08/14 02:30:37 | 00,013,443 | ---- | C] () -- C:\windows\System32\pezy.pif
[2009/08/14 02:30:37 | 00,013,269 | ---- | C] () -- C:\windows\ibiv.ban
[2009/08/14 02:30:37 | 00,013,176 | ---- | C] () -- C:\windows\cegosoty.pif
[2009/08/14 02:30:37 | 00,012,925 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\jelic.pif
[2009/08/14 02:30:37 | 00,012,132 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\lyha.lib
[2009/08/14 02:30:37 | 00,010,068 | ---- | C] () -- C:\windows\System32\oveh.scr
[2009/08/14 02:30:16 | 00,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2009/08/14 00:33:20 | 00,019,920 | ---- | C] () -- C:\windows\ysitu.inf
[2009/08/14 00:33:20 | 00,018,283 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\dynotajyb.scr
[2009/08/14 00:33:20 | 00,017,661 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\vowytux.bat
[2009/08/14 00:33:20 | 00,016,015 | ---- | C] () -- C:\Program Files\Common Files\ekusebuxi.com
[2009/08/14 00:33:20 | 00,015,907 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\laciki.dl
[2009/08/14 00:33:20 | 00,015,641 | ---- | C] () -- C:\Program Files\Common Files\pynynyha.vbs
[2009/08/14 00:33:20 | 00,015,632 | ---- | C] () -- C:\windows\otofomot.inf
[2009/08/14 00:33:20 | 00,015,631 | ---- | C] () -- C:\windows\qezy.dl
[2009/08/14 00:33:20 | 00,015,533 | ---- | C] () -- C:\windows\System32\fucaxudyke.lib
[2009/08/14 00:33:20 | 00,015,261 | ---- | C] () -- C:\Program Files\Common Files\posa.pif
[2009/08/14 00:33:20 | 00,015,113 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\vewojohihu.inf
[2009/08/14 00:33:20 | 00,014,967 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\obyk._sy
[2009/08/14 00:33:20 | 00,014,527 | ---- | C] () -- C:\Program Files\Common Files\otyxexe.exe
[2009/08/14 00:33:20 | 00,013,899 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jysogon.vbs
[2009/08/14 00:33:20 | 00,013,798 | ---- | C] () -- C:\windows\depuraje.db
[2009/08/14 00:33:20 | 00,013,720 | ---- | C] () -- C:\windows\ozylub.db
[2009/08/14 00:33:20 | 00,012,464 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ycuj._sy
[2009/08/14 00:33:20 | 00,011,617 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\owymi.ban
[2009/08/14 00:33:20 | 00,011,565 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\osopericyl.dll
[2009/08/14 00:33:20 | 00,011,010 | ---- | C] () -- C:\windows\ipubofanem.dl
[2009/08/10 22:46:06 | 00,011,075 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\pig2.gif
[2009/08/10 22:45:55 | 00,007,522 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\pig1.gif
[2009/08/08 21:51:34 | 00,043,668 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Picture345copy.jpg
[2009/08/04 13:30:06 | 00,000,000 | ---D | C] -- C:\windows\System32\images
[2009/08/02 14:49:33 | 00,000,110 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Ntev tseem nco… translation… By The sounders « …mozemoua….URL
[2009/07/31 18:59:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\New Folder (4)
[2009/07/31 17:35:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\My Documents\iMesh
[2009/07/31 17:34:28 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\windows\System32\actskn45.ocx
[2009/07/23 11:08:27 | 00,000,000 | ---D | C] -- C:\Program Files\MSNContacts
[2009/07/23 10:58:55 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/07/23 10:58:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/07/23 10:58:28 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/07/23 10:51:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/07/23 10:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\.purple
[2009/07/23 10:31:53 | 00,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2009/07/23 10:31:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\GTK
[2009/07/21 11:05:14 | 00,000,069 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\httpcommunity.livejournal.comoneegya….URL
[2009/07/21 01:08:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\New Folder (3)
[2009/07/18 12:47:51 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Home\Desktop\~$eng Lo.docx
[2009/07/16 21:46:12 | 00,153,198 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Golden_Feather_by_PattyMcK.jpg
[2009/07/16 21:19:02 | 01,052,598 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\paon_by_ShadyMedusa_stock.zip
[2009/07/16 14:35:53 | 00,117,822 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Feather_of_jealousy_by_Nigrita.jpg
[2009/07/13 20:11:04 | 00,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/07/10 16:44:54 | 00,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2009/07/10 16:44:54 | 00,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2009/07/10 16:44:54 | 00,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2009/07/10 16:44:54 | 00,098,816 | ---- | C] () -- C:\windows\sed.exe
[2009/07/10 16:44:54 | 00,080,412 | ---- | C] () -- C:\windows\grep.exe
[2009/07/10 16:44:54 | 00,068,096 | ---- | C] () -- C:\windows\zip.exe
[2009/07/10 16:44:18 | 00,000,000 | ---D | C] -- C:\windows\ERDNT
[2009/07/10 14:36:57 | 00,671,283 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\writing.pdf
[2009/07/10 14:36:48 | 00,626,322 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\reading.pdf
[2009/07/09 11:26:35 | 00,082,432 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Scrap.shs
[2009/07/08 23:17:38 | 00,001,419 | ---- | C] () -- C:\windows\wininit.ini
[2009/07/07 13:59:52 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Home\Desktop\~$essay.docx
[2009/07/07 13:56:34 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Home\Desktop\~$ng work cited.docx
[2009/07/06 17:34:11 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Home\Desktop\~$ng essay.docx
[2009/07/06 02:31:47 | 00,000,230 | ---- | C] () -- C:\windows\System32\spupdsvc.inf
[2009/07/02 00:05:27 | 00,221,328 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Untitled-1.jpg
[2009/06/28 21:38:00 | 00,001,482 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\rundll32.exe.lnk
[2009/06/24 12:17:40 | 00,000,000 | ---D | C] -- C:\.jagex_cache_32
[2009/06/22 22:06:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2009/06/22 19:35:50 | 00,127,034 | R--- | C] (BackWeb Technologies Inc. ) -- C:\windows\bwUnin-8.1.1.50-8876480SL.exe
[2009/06/22 19:35:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Leadertech
[2009/06/22 19:34:53 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/06/19 23:28:47 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009/06/19 23:28:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\SystemRequirementsLab
[2009/06/17 18:20:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\New Folder (2)
[2009/06/14 10:40:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Ventrilo
[2009/06/13 09:40:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/12 19:00:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\New Folder
[2009/06/06 16:26:53 | 00,011,555 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Resume.docx
[2009/06/03 21:53:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\esars.asp_files
[2009/05/27 17:17:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\Yahoo
[2009/05/27 17:15:23 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/05/25 10:03:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/05/25 10:03:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2009/05/25 10:03:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2009/05/25 09:30:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\BEE'S WORK
[2009/05/23 11:59:17 | 00,230,454 | ---- | C] () -- C:\cam0002.bmp
[2009/05/23 11:59:16 | 00,230,454 | ---- | C] () -- C:\cam0001.bmp
[2009/05/23 11:59:16 | 00,230,454 | ---- | C] () -- C:\cam0000.bmp
[2009/05/23 11:19:34 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Mobile Developer Power Toys
[2009/05/22 22:05:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Move Networks
[2009/05/22 21:22:36 | 00,000,000 | ---D | C] -- C:\Program Files\Willing Webcam
[2009/05/22 21:13:50 | 00,000,000 | ---D | C] -- C:\Kodak
[2009/05/22 20:46:06 | 00,000,000 | ---D | C] -- C:\Program Files\WebCam Viewer 2
[2009/05/22 20:39:24 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/22 20:28:42 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2009/05/22 20:19:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\KodakCredentialStore
[2009/05/22 20:11:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\My Documents\My Print Creations
[2009/05/22 20:11:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\ArcSoft
[2009/05/22 20:11:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/05/22 20:10:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2009/05/22 20:10:07 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2009/05/22 19:57:03 | 00,001,355 | ---- | C] () -- C:\windows\imsins.BAK
[2009/05/19 05:33:13 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Home\Desktop\~$e summer is deep and down.doc
[2009/05/11 01:12:54 | 00,000,000 | ---D | C] -- C:\Program Files\Nitto 1320 Legends
[2009/05/10 16:20:07 | 00,013,738 | ---- | C] () -- C:\Documents and Settings\Home\My Documents\John Steinbeckl.docx
[2009/05/10 10:21:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\CCCApply_appsubmittal2.asp_files
[2009/05/10 10:20:59 | 00,012,203 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\CCCApply_appsubmittal2.asp.htm
[2009/05/03 00:15:40 | 00,011,168 | -H-- | C] () -- C:\windows\System32\lufejiro
[2009/05/01 21:25:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\My Documents\Limewire songs
[2009/04/20 11:46:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\WMTools Downloaded Files
[2009/04/04 00:16:36 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2009/03/24 13:39:43 | 00,000,000 | ---D | C] -- C:\Nexon
[2009/03/24 11:06:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\PMB Files
[2009/03/24 11:05:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/03/24 11:04:36 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2009/02/14 15:28:37 | 00,000,000 | ---D | C] -- C:\found.000
[2009/01/29 13:25:35 | 00,969,833 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\MOV01249.3GP
[2009/01/23 18:29:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\DivX
[2009/01/22 14:54:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\patterns
[2009/01/22 14:21:41 | 00,092,453 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Pattern_8_by_Ransie3.zip
[2009/01/21 16:25:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\gimpBrush
[2009/01/21 15:47:16 | 00,000,000 | ---D | C] -- C:\Program Files\GimPhoto 1.4.3
[2009/01/20 12:42:57 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2009/01/20 09:23:56 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/01/20 08:54:58 | 00,027,140 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\New Microsoft Office PowerPoint Presentation.pptx
[2009/01/18 21:17:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\maplestory
[2009/01/18 18:57:55 | 00,258,070 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Untitled-10000.jpg
[2009/01/16 23:18:11 | 00,000,000 | ---D | C] -- C:\Program Files\TypingMaster
[2009/01/16 23:10:59 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2009/01/16 23:10:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\Conduit
[2009/01/14 17:22:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Auslogics
[2009/01/11 13:29:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\My Documents\My Downloads
[2009/01/11 13:29:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\MiniDm
[2009/01/11 13:27:22 | 00,000,000 | ---D | C] -- C:\Program Files\IEPro
[2009/01/11 13:27:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\IEPro
[2009/01/08 04:08:41 | 00,000,000 | ---D | C] -- C:\Program Files\DivX

========== Files - Modified Within 14 Days ==========

[2 C:\Documents and Settings\Home\Desktop\*.tmp files]
[2009/09/17 21:03:45 | 00,341,007 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\07170909.jpg
[2009/09/17 21:01:40 | 00,405,331 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\071709.jpg
[2009/09/13 19:08:47 | 00,000,045 | ---- | M] () -- C:\windows\System32\initdebug.nfo
[2009/09/12 19:11:33 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/09/12 19:06:07 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/12 17:36:08 | 00,000,000 | ---- | M] () -- C:\backup.reg
[2009/09/12 17:36:07 | 00,061,440 | ---- | M] () -- C:\windows\System32\drivers\pjwd.sys
[2009/09/12 17:36:07 | 00,000,574 | ---- | M] () -- C:\cleanup.bat
[2009/09/12 17:12:28 | 00,000,782 | ---- | M] () -- C:\windows\win.ini
[2009/09/12 17:12:28 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2009/09/10 21:35:16 | 00,000,153 | ---- | M] () -- C:\windows\cavscan.INI
[2009/09/10 13:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/09/10 13:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2009/09/09 21:59:53 | 00,000,272 | ---- | M] () -- C:\windows\System32\drivers\sfi.dat
[2009/09/09 21:58:05 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/09/09 21:19:46 | 00,000,789 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2009/09/07 21:37:58 | 00,011,131 | ---- | M] () -- C:\windows\edupix.reg
[2009/09/03 21:25:22 | 00,230,912 | ---- | M] () -- C:\windows\PEV.exe
[2009/08/19 22:20:44 | 00,097,640 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/19 21:39:24 | 01,630,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2009/08/18 21:41:36 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2009/08/14 02:30:37 | 00,018,985 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\ibyqofosik.bin
[2009/08/14 02:30:37 | 00,018,454 | ---- | M] () -- C:\windows\dubezu.ban
[2009/08/14 02:30:37 | 00,018,307 | ---- | M] () -- C:\Program Files\Common Files\tetaqis.bin
[2009/08/14 02:30:37 | 00,017,871 | ---- | M] () -- C:\Program Files\Common Files\mysozimeje.scr
[2009/08/14 02:30:37 | 00,017,851 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\uhyke.com
[2009/08/14 02:30:37 | 00,017,182 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\osysi.vbs
[2009/08/14 02:30:37 | 00,016,852 | ---- | M] () -- C:\Program Files\Common Files\zigon.bin
[2009/08/14 02:30:37 | 00,016,469 | ---- | M] () -- C:\windows\cowolocyh.reg
[2009/08/14 02:30:37 | 00,016,385 | ---- | M] () -- C:\windows\qyhawuwy.bin
[2009/08/14 02:30:37 | 00,015,962 | ---- | M] () -- C:\windows\oturi.pif
[2009/08/14 02:30:37 | 00,015,827 | ---- | M] () -- C:\windows\System32\tojel.bin
[2009/08/14 02:30:37 | 00,015,577 | ---- | M] () -- C:\windows\System32\ovuvahor.scr
[2009/08/14 02:30:37 | 00,014,399 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\ubobima._dl
[2009/08/14 02:30:37 | 00,014,204 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\irojowiqu.inf
[2009/08/14 02:30:37 | 00,013,443 | ---- | M] () -- C:\windows\System32\pezy.pif
[2009/08/14 02:30:37 | 00,013,269 | ---- | M] () -- C:\windows\ibiv.ban
[2009/08/14 02:30:37 | 00,013,176 | ---- | M] () -- C:\windows\cegosoty.pif
[2009/08/14 02:30:37 | 00,012,925 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\jelic.pif
[2009/08/14 02:30:37 | 00,012,132 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\lyha.lib
[2009/08/14 02:30:37 | 00,010,068 | ---- | M] () -- C:\windows\System32\oveh.scr
[2009/08/14 02:30:16 | 00,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2009/08/14 00:55:24 | 00,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2009/08/14 00:33:20 | 00,019,920 | ---- | M] () -- C:\windows\ysitu.inf
[2009/08/14 00:33:20 | 00,018,283 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\dynotajyb.scr
[2009/08/14 00:33:20 | 00,017,661 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\vowytux.bat
[2009/08/14 00:33:20 | 00,016,015 | ---- | M] () -- C:\Program Files\Common Files\ekusebuxi.com
[2009/08/14 00:33:20 | 00,015,907 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\laciki.dl
[2009/08/14 00:33:20 | 00,015,641 | ---- | M] () -- C:\Program Files\Common Files\pynynyha.vbs
[2009/08/14 00:33:20 | 00,015,632 | ---- | M] () -- C:\windows\otofomot.inf
[2009/08/14 00:33:20 | 00,015,631 | ---- | M] () -- C:\windows\qezy.dl
[2009/08/14 00:33:20 | 00,015,533 | ---- | M] () -- C:\windows\System32\fucaxudyke.lib
[2009/08/14 00:33:20 | 00,015,261 | ---- | M] () -- C:\Program Files\Common Files\posa.pif
[2009/08/14 00:33:20 | 00,015,113 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\vewojohihu.inf
[2009/08/14 00:33:20 | 00,014,967 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\obyk._sy
[2009/08/14 00:33:20 | 00,014,527 | ---- | M] () -- C:\Program Files\Common Files\otyxexe.exe
[2009/08/14 00:33:20 | 00,013,899 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jysogon.vbs
[2009/08/14 00:33:20 | 00,013,798 | ---- | M] () -- C:\windows\depuraje.db
[2009/08/14 00:33:20 | 00,013,720 | ---- | M] () -- C:\windows\ozylub.db
[2009/08/14 00:33:20 | 00,012,464 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ycuj._sy
[2009/08/14 00:33:20 | 00,011,617 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\owymi.ban
[2009/08/14 00:33:20 | 00,011,565 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\osopericyl.dll
[2009/08/14 00:33:20 | 00,011,010 | ---- | M] () -- C:\windows\ipubofanem.dl
[2009/08/11 19:35:40 | 00,007,522 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\pig1.gif
[2009/08/11 19:35:31 | 00,011,075 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\pig2.gif
[2009/08/08 21:51:37 | 00,043,668 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Picture345copy.jpg
[2009/08/03 05:01:32 | 00,011,168 | -H-- | M] () -- C:\windows\System32\lufejiro
[2009/08/02 14:49:33 | 00,000,110 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Ntev tseem nco… translation… By The sounders « …mozemoua….URL
[2009/07/31 19:02:32 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 11:00:55 | 00,000,896 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\My Sharing Folders.lnk
[2009/07/21 11:05:14 | 00,000,069 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\httpcommunity.livejournal.comoneegya….URL
[2009/07/20 17:13:26 | 00,221,328 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Untitled-1.jpg
[2009/07/20 17:13:13 | 00,153,198 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Golden_Feather_by_PattyMcK.jpg
[2009/07/20 17:13:12 | 00,117,822 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Feather_of_jealousy_by_Nigrita.jpg
[2009/07/18 12:47:51 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Home\Desktop\~$eng Lo.docx
[2009/07/16 21:19:08 | 01,052,598 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\paon_by_ShadyMedusa_stock.zip
[2009/07/13 20:11:04 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/07/10 14:36:57 | 00,671,283 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\writing.pdf
[2009/07/10 14:36:48 | 00,626,322 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\reading.pdf
[2009/07/09 11:26:35 | 00,082,432 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Scrap.shs
[2009/07/09 01:57:34 | 00,001,419 | ---- | M] () -- C:\windows\wininit.ini
[2009/07/07 13:59:52 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Home\Desktop\~$essay.docx
[2009/07/07 13:56:34 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Home\Desktop\~$ng work cited.docx
[2009/07/06 17:34:11 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Home\Desktop\~$ng essay.docx
[2009/07/06 02:32:33 | 00,001,355 | ---- | M] () -- C:\windows\imsins.BAK
[2009/07/06 02:31:46 | 00,000,230 | ---- | M] () -- C:\windows\System32\spupdsvc.inf
[2009/06/28 21:38:05 | 00,001,482 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\rundll32.exe.lnk
[2009/06/22 19:35:50 | 00,127,034 | R--- | M] (BackWeb Technologies Inc. ) -- C:\windows\bwUnin-8.1.1.50-8876480SL.exe
[2009/06/06 16:26:54 | 00,011,555 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Resume.docx
[2009/05/27 17:15:23 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/05/23 11:59:17 | 00,230,454 | ---- | M] () -- C:\cam0002.bmp
[2009/05/23 11:59:16 | 00,230,454 | ---- | M] () -- C:\cam0001.bmp
[2009/05/23 11:59:16 | 00,230,454 | ---- | M] () -- C:\cam0000.bmp
[2009/05/22 21:15:54 | 00,037,888 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/05/22 21:15:22 | 00,014,336 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/05/19 05:33:13 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Home\Desktop\~$e summer is deep and down.doc
[2009/05/10 16:20:07 | 00,013,738 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\John Steinbeckl.docx
[2009/05/10 16:19:53 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\rhetorical essay.doc
[2009/05/10 10:21:01 | 00,012,203 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\CCCApply_appsubmittal2.asp.htm
[2009/02/24 23:44:17 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/02/17 08:14:52 | 00,483,328 | ---- | M] (SoftShape Development) -- C:\windows\System32\actskn45.ocx
[2009/02/10 20:58:55 | 00,000,738 | -H-- | M] () -- C:\IPH.PH
[2009/02/06 10:14:18 | 00,131,018 | ---- | M] () -- C:\windows\System32\DellPM.ini
[2009/01/29 13:25:06 | 00,969,833 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\MOV01249.3GP
[2009/01/22 14:21:41 | 00,092,453 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Pattern_8_by_Ransie3.zip
[2009/01/20 12:42:58 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2009/01/20 12:35:34 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/01/20 12:35:29 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/01/20 12:28:17 | 02,640,572 | -H-- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\IconCache.db
[2009/01/20 08:54:58 | 00,027,140 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\New Microsoft Office PowerPoint Presentation.pptx
[2009/01/19 22:48:35 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2009/01/18 22:20:09 | 00,411,112 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2009/01/18 22:20:09 | 00,065,752 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2009/01/18 22:20:08 | 00,484,244 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2009/01/18 20:54:01 | 00,179,792 | ---- | M] (COMODO) -- C:\windows\System32\guard32.dll
[2009/01/18 20:53:48 | 00,087,104 | ---- | M] (COMODO) -- C:\windows\System32\drivers\inspect.sys
[2009/01/18 20:53:36 | 00,025,160 | ---- | M] (COMODO) -- C:\windows\System32\drivers\cmdhlp.sys
[2009/01/18 20:53:19 | 00,132,296 | ---- | M] (COMODO) -- C:\windows\System32\drivers\cmdguard.sys
[2009/01/18 19:01:28 | 00,258,070 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Untitled-10000.jpg
[2009/01/18 14:44:39 | 00,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/01/16 23:18:00 | 00,000,038 | ---- | M] () -- C:\windows\popcinfot.dat
[2009/01/16 23:17:59 | 00,000,030 | ---- | M] () -- C:\windows\popcinfo.dat
[2009/01/10 09:39:02 | 03,144,558 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\dl600.pdf

========== LOP Check ==========

[2009/09/09 22:09:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/06/13 09:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/24 16:07:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2008/10/19 16:51:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2008/10/25 16:48:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2008/06/01 11:45:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/10/22 15:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/02/10 21:33:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/06/22 22:10:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2008/01/26 23:30:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2008/10/06 01:34:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/03/16 10:00:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/12/30 16:41:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/01/19 09:00:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2008/02/07 15:02:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2008/02/25 19:58:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/06/13 21:53:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/06/01 15:48:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/01/18 20:52:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2008/10/25 01:44:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2008/12/14 01:12:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2008/11/09 17:38:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2008/10/25 21:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/01/19 09:13:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/05/22 20:55:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/03/15 12:58:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2008/03/22 12:08:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/06/28 09:00:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/13 18:25:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Home\Application Data
[2009/07/23 10:42:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\.purple
[2008/01/18 13:15:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\1ClickDVDCopy
[2008/05/30 23:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Ahead
[2008/05/14 13:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Aim
[2008/03/13 22:19:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Any Video Converter
[2008/01/19 09:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\ATI
[2009/01/14 17:22:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Auslogics
[2008/10/25 17:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Corel
[2008/07/07 14:46:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\COWON
[2008/10/18 11:10:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\DAEMON Tools
[2008/11/17 16:32:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\DefenseWall HIPS
[2008/03/16 10:00:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\GameHouse
[2008/12/11 18:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\GetRightToGo
[2009/07/17 15:04:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\gtk-2.0
[2009/01/11 13:27:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\IEPro
[2009/06/22 19:35:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Leadertech
[2009/06/02 12:11:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\MiniDm
[2009/05/24 16:06:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Move Networks
[2008/02/11 21:02:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\MSNInstaller
[2008/12/30 16:41:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\NCH Swift Sound
[2008/03/17 06:42:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Nexon
[2008/02/10 21:46:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Nokia
[2008/02/10 21:36:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\PC Suite
[2008/01/27 10:38:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Photodex
[2008/06/01 15:48:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\PlayFirst
[2008/07/06 22:11:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Power Sound Editor Free
[2008/03/30 23:11:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Recordpad
[2008/11/12 00:09:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Research In Motion
[2008/11/09 10:24:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Roxio
[2008/04/24 16:49:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Snapfish
[2008/05/31 22:29:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\SpinTop
[2008/11/02 23:55:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\SuperAdBlocker.com
[2009/06/19 23:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\SystemRequirementsLab
[2008/12/07 20:25:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Thinstall
[2008/12/11 23:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\U3
[2008/03/21 00:32:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Ulead Systems(2)
[2009/06/14 10:41:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Ventrilo
[2009/01/19 22:48:35 | 00,000,284 | ---- | M] () -- C:\windows\Tasks\AppleSoftwareUpdate.job
[2004/08/04 02:00:00 | 00,000,065 | RH-- | M] () -- C:\windows\Tasks\desktop.ini
[2009/01/20 12:35:34 | 00,000,006 | -H-- | M] () -- C:\windows\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2004/08/04 02:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2004/08/04 02:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77721732
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29E09095
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5B56640
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFA09BFC
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A628F34
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

#3
SpySentinel
Posted 25 September 2009 - 08:47 AM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi aznboi2o9,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\windows\edupix.reg
C:\Documents and Settings\Home\Application Data\ibyqofosik.bin
C:\windows\dubezu.ban
C:\Program Files\Common Files\tetaqis.bin
C:\Program Files\Common Files\mysozimeje.scr
c:\Documents and Settings\Home\Application Data\uhyke.com
C:\Documents and Settings\All Users\Documents\osysi.vbs
C:\Program Files\Common Files\zigon.bin
C:\windows\cowolocyh.reg
C:\windows\qyhawuwy.bin
C:\windows\oturi.pif
C:\windows\System32\tojel.bin
C:\windows\System32\ovuvahor.scr
C:\Documents and Settings\Home\Application Data\ubobima._dl
C:\Documents and Settings\Home\Local Settings\Application Data\irojowiqu.inf
C:\windows\System32\pezy.pif
C:\windows\ibiv.ban
C:\windows\cegosoty.pif
C:\Documents and Settings\All Users\Documents\jelic.pif
C:\Documents and Settings\Home\Application Data\lyha.lib
C:\windows\System32\oveh.scr
C:\windows\ysitu.inf
C:\Documents and Settings\Home\Local Settings\Application Data\dynotajyb.scr
c:\Documents and Settings\All Users\Documents\vowytux.bat
C:\Program Files\Common Files\ekusebuxi.com
C:\Documents and Settings\Home\Local Settings\Application Data\laciki.dl
C:\Program Files\Common Files\pynynyha.vbs
C:\windows\otofomot.inf
C:\windows\qezy.dl
C:\windows\System32\fucaxudyke.libC:\Program Files\Common Files\posa.pif
C:\Documents and Settings\Home\Local Settings\Application Data\vewojohihu.inf
C:\Documents and Settings\All Users\Documents\obyk._sy
C:\Program Files\Common Files\otyxexe.exe
C:\Documents and Settings\All Users\Application Data\jysogon.vbs
C:\windows\depuraje.db
C:\windows\ozylub.db
C:\Documents and Settings\All Users\Application Data\ycuj._sy
C:\Documents and Settings\Home\Application Data\owymi.ban
C:\Documents and Settings\All Users\Documents\osopericyl.dll
C:\windows\ipubofanem.dl

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

  • 0

#4
aznboi2o9
Posted 25 September 2009 - 09:28 PM

aznboi2o9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
I finished the otl thing you said for me to do. One thing I forgot to mention was that a couple of days ago, I saw that my cd/dvd drive was not working and my sound was not working as well. I went on my device manager and saw this.

Posted Image Posted Image
I've uninstalled and reinstalled but it still says the same thing. I went into bios and it said that the cd/dvd drive was connected...
  • 0

#5
SpySentinel
Posted 26 September 2009 - 08:09 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi aznboi2o9,

Can you post the OTL log? It should be located under C:\_OTL


Also:

Please download Win32kDiag.exe by AD to the desktop. Double click on it. It will make a diagnostic and produce a report on the desktop. Post that report on your next reply:
  • 0

#6
aznboi2o9
Posted 27 September 2009 - 12:27 PM

aznboi2o9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
OTL LOG
All processes killed
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Viewpoint moved successfully.
C:\windows\edupix.reg moved successfully.
C:\Documents and Settings\Home\Application Data\ibyqofosik.bin moved successfully.
C:\windows\dubezu.ban moved successfully.
C:\Program Files\Common Files\tetaqis.bin moved successfully.
C:\Program Files\Common Files\mysozimeje.scr moved successfully.
c:\Documents and Settings\Home\Application Data\uhyke.com moved successfully.
C:\Documents and Settings\All Users\Documents\osysi.vbs moved successfully.
C:\Program Files\Common Files\zigon.bin moved successfully.
C:\windows\cowolocyh.reg moved successfully.
C:\windows\qyhawuwy.bin moved successfully.
C:\windows\oturi.pif moved successfully.
File move failed. C:\windows\System32\tojel.bin scheduled to be moved on reboot.
File move failed. C:\windows\System32\ovuvahor.scr scheduled to be moved on reboot.
C:\Documents and Settings\Home\Application Data\ubobima._dl moved successfully.
C:\Documents and Settings\Home\Local Settings\Application Data\irojowiqu.inf moved successfully.
File move failed. C:\windows\System32\pezy.pif scheduled to be moved on reboot.
C:\windows\ibiv.ban moved successfully.
C:\windows\cegosoty.pif moved successfully.
C:\Documents and Settings\All Users\Documents\jelic.pif moved successfully.
C:\Documents and Settings\Home\Application Data\lyha.lib moved successfully.
File move failed. C:\windows\System32\oveh.scr scheduled to be moved on reboot.
C:\windows\ysitu.inf moved successfully.
C:\Documents and Settings\Home\Local Settings\Application Data\dynotajyb.scr moved successfully.
c:\Documents and Settings\All Users\Documents\vowytux.bat moved successfully.
C:\Program Files\Common Files\ekusebuxi.com moved successfully.
C:\Documents and Settings\Home\Local Settings\Application Data\laciki.dl moved successfully.
C:\Program Files\Common Files\pynynyha.vbs moved successfully.
C:\windows\otofomot.inf moved successfully.
C:\windows\qezy.dl moved successfully.
File\Folder C:\windows\System32\fucaxudyke.libC:\Program Files\Common Files\posa.pif not found.
C:\Documents and Settings\Home\Local Settings\Application Data\vewojohihu.inf moved successfully.
C:\Documents and Settings\All Users\Documents\obyk._sy moved successfully.
C:\Program Files\Common Files\otyxexe.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\jysogon.vbs moved successfully.
C:\windows\depuraje.db moved successfully.
C:\windows\ozylub.db moved successfully.
C:\Documents and Settings\All Users\Application Data\ycuj._sy moved successfully.
C:\Documents and Settings\Home\Application Data\owymi.ban moved successfully.
LoadLibrary failed for C:\Documents and Settings\All Users\Documents\osopericyl.dll
C:\Documents and Settings\All Users\Documents\osopericyl.dll NOT unregistered.
C:\Documents and Settings\All Users\Documents\osopericyl.dll moved successfully.
C:\windows\ipubofanem.dl moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Administrator.DELL-B3446AB14D
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.DELL-B3446AB14D.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.DELL-B3446AB14D.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.DELL-B3446AB14D.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.DELL-B3446AB14D.003
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.DELL-B3446AB14D.004
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Home
File delete failed. C:\Documents and Settings\Home\Local Settings\Temp\etilqs_9AAaYwsuweehXbjwhdmi scheduled to be deleted on reboot.
->Temp folder emptied: 1178261 bytes
File delete failed. C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\CDY7WHUN\ManualPatcherv76[1].exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 8862248 bytes
->Java cache emptied: 0 bytes
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\9rjibm24.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\9rjibm24.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\9rjibm24.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\9rjibm24.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\9rjibm24.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\9rjibm24.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 67209404 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\windows\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\Perflib_Perfdata_218.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 165578 bytes
RecycleBin emptied: 1151507159 bytes

Total Files Cleaned = 1172.06 mb


OTL by OldTimer - Version 3.0.10.7 log created on 01252009_201805



WIN32kdiag

Running from: C:\Documents and Settings\Home\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Home\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\windows'...



Cannot access: C:\windows\system32\drivers\sfi.dat
  • 0

#7
SpySentinel
Posted 27 September 2009 - 01:25 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
  • 0

#8
aznboi2o9
Posted 27 September 2009 - 09:05 PM

aznboi2o9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Running from: C:\Documents and Settings\Home\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Home\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\windows'...



Cannot access: C:\windows\system32\drivers\sfi.dat

Attempting to restore permissions of : C:\windows\system32\drivers\sfi.dat

[1] 2009-09-09 22:59:53 272 C:\windows\system32\drivers\sfi.dat ()





Finished!
  • 0

#9
SpySentinel
Posted 27 September 2009 - 09:11 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
If you have comboFix please delete it then:


Please download ComboFix from
Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

#10
aznboi2o9
Posted 27 September 2009 - 11:12 PM

aznboi2o9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
When attempting to install combo-fix, several screen pops up. It keeps on popping up whenever I try to install combofix.

Posted Image Posted Image

Posted Image Posted Image

Posted Image Posted Image
  • 0

Advertisements

#11
SpySentinel
Posted 28 September 2009 - 08:23 AM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Looks like the infection corrupted ComboFix.

Please download Win32kDiag.exe by AD to the desktop. Double click on it. It will make a diagnostic and produce a report on the desktop. Post that report on your next reply:
  • 0

#12
aznboi2o9
Posted 29 September 2009 - 06:14 PM

aznboi2o9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Running from: C:\Documents and Settings\Home\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Home\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\windows'...



Cannot access: C:\windows\system32\drivers\sfi.dat
  • 0

#13
SpySentinel
Posted 29 September 2009 - 08:33 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
  • 0

#14
aznboi2o9
Posted 01 October 2009 - 03:48 PM

aznboi2o9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Running from: C:\Documents and Settings\Home\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Home\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\windows'...



Cannot access: C:\windows\system32\drivers\sfi.dat

Attempting to restore permissions of : C:\windows\system32\drivers\sfi.dat
  • 0

#15
SpySentinel
Posted 01 October 2009 - 05:42 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Please try running ComboFix now.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP