Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

okay I got it too


  • Please log in to reply

#1
cheech4487

cheech4487

    New Member

  • Member
  • Pip
  • 7 posts
Hi all! New to the forum here. I found this site while trying to rid my puter of AntivirusPro 2010, which I have had no luck with at all. This virus is driving me crazy. I cannot connect to the internet, it shuts down any programs that I try to run & sometimes it causes the mouse & keyboard not to work. I am hopeing to find some help and guidance on this forum to get rid of this and go back to living a peaceful life, hehe. I have read as much as possible here but it appears I might need specific help depending on the severity of the problem. Thank you for any help that you can give me.
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello cheech4487

Welcome to G2Go. :)

You may have to boot into Safe Mode to run these programs.
To do that:
Restart your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

If you cannot get online from there the please download the programs from another computer and transfer them via cd or flash Drive (pen drive)
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
cheech4487

cheech4487

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you very much for the help.

OTL logfile created on: 10/2/2009 11:10:01 AM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\Joe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.49 Mb Total Physical Memory | 621.60 Mb Available Physical Memory | 80.99% Memory free
1.83 Gb Paging File | 1.76 Gb Available in Paging File | 96.24% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 40.03 Gb Free Space | 53.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 982.72 Mb Total Space | 949.72 Mb Free Space | 96.64% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEPUG
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\Joe\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler [Auto | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (comHost [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (Creative Service for CDROM Access [Auto | Stopped]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (CSHelper [Auto | Stopped]) -- C:\WINDOWS\System32\CSHelper.exe ()
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Stopped]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Stopped]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (ISPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (JavaQuickStarterService [Auto | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Net Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NVSvc [Auto | Stopped]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (SymAppCore [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (TomTomHOMEService [Auto | Stopped]) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (UMWdf [Auto | Stopped]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (eeCtrl [System | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (elagopro [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\elaunidr.sys (Gteko Ltd.)
DRV - (EraserUtilRebootDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (gameenum [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (km_filter [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\km_filter.sys (NetRatings, Inc.)
DRV - (ms_mpu401 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080227.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080227.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NielGfx [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nielgfx.sys (The Nielsen Company)
DRV - (nielprt [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nielprt.sys (The Nielsen Company)
DRV - (nnrnstdi [System | Stopped]) -- C:\WINDOWS\System32\drivers\nnrnstdi.sys (The Nielsen Company)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvax [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENET [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NVENET.sys (NVIDIA Corporation)
DRV - (nvnforce [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nv_agp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SRTSP [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMDNS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080226.002\SymIDSCo.sys (Symantec Corporation)
DRV - (symlcbrd [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/25 17:04:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/22 17:17:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/29 20:30:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/29 20:29:59 | 00,000,000 | ---D | M]

[2009/09/29 20:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Extensions
[2009/09/29 20:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/12/25 11:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Extensions\[email protected]
[2009/09/29 20:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\hvk7e1cp.default\extensions
[2009/09/29 20:30:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/29 20:30:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 16:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 16:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 16:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/08/24 14:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 14:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 14:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 14:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 14:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 14:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 14:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Gamevance) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll ()
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll (Gamevance LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Antivirus Pro 2010] C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (TheBestSoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [mserv] C:\Documents and Settings\Joe\Application Data\svcst.exe ()
O4 - HKCU..\Run: [svchost] C:\Documents and Settings\Joe\Application Data\svcst.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1101832610858 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1140896561281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineco...loadcontrol.cab (InetDownload Class)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/19 15:10:25 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{13b8a834-d27f-11dd-b023-00112fa344ed}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/02 11:09:18 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2009/10/02 10:55:24 | 00,018,979 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\wijyle.dat
[2009/10/02 10:55:24 | 00,017,006 | ---- | C] () -- C:\Program Files\Common Files\gyqucelem.reg
[2009/10/02 10:55:24 | 00,016,976 | ---- | C] () -- C:\Program Files\Common Files\adewoqidek.dat
[2009/10/02 10:55:24 | 00,016,902 | ---- | C] () -- C:\WINDOWS\ykodu._dl
[2009/10/02 10:55:24 | 00,015,153 | ---- | C] () -- C:\Program Files\Common Files\refezyjode.db
[2009/10/02 10:55:24 | 00,014,644 | ---- | C] () -- C:\Program Files\Common Files\nopynibaf.pif
[2009/10/02 10:55:24 | 00,014,644 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avazuh.inf
[2009/10/02 10:55:24 | 00,014,419 | ---- | C] () -- C:\WINDOWS\egowesovyw.reg
[2009/10/02 10:55:24 | 00,013,505 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\oqiwuwe.com
[2009/10/02 10:55:24 | 00,013,116 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\ohehyqojur.lib
[2009/10/02 10:55:24 | 00,012,785 | ---- | C] () -- C:\Program Files\Common Files\givyx.db
[2009/10/02 10:55:24 | 00,012,214 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\ycirynakew.exe
[2009/10/02 10:55:24 | 00,012,075 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qojaxeve._dl
[2009/10/02 10:55:24 | 00,011,565 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\lityhus.bat
[2009/10/02 10:55:24 | 00,010,664 | ---- | C] () -- C:\WINDOWS\ywicip.dat
[2009/10/02 07:56:38 | 00,019,546 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\owiwe.dat
[2009/10/02 07:56:38 | 00,018,572 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xocix.com
[2009/10/02 07:56:38 | 00,016,440 | ---- | C] () -- C:\Program Files\Common Files\pyxo.bin
[2009/10/02 07:56:38 | 00,015,318 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\omemy.ban
[2009/10/02 07:56:38 | 00,015,216 | ---- | C] () -- C:\WINDOWS\System32\adid._sy
[2009/10/02 07:56:38 | 00,014,844 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\lelylexanu.scr
[2009/10/02 07:56:38 | 00,013,752 | ---- | C] () -- C:\Program Files\Common Files\fuvysode._dl
[2009/10/02 07:56:38 | 00,013,374 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\bulupik.dl
[2009/10/02 07:56:38 | 00,012,341 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\xynuwa._dl
[2009/10/02 07:56:38 | 00,011,900 | ---- | C] () -- C:\WINDOWS\ykaregi._dl
[2009/10/02 07:56:38 | 00,011,131 | ---- | C] () -- C:\WINDOWS\puwyxaxar.sys
[2009/10/02 07:56:38 | 00,010,689 | ---- | C] () -- C:\Program Files\Common Files\cetewa.com
[2009/10/01 22:02:45 | 00,001,670 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\AntivirusPro_2010.lnk
[2009/10/01 18:01:24 | 00,288,768 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\8uyc2vnw.exe
[2009/10/01 17:44:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\attack2
[2009/09/30 21:54:41 | 00,018,662 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\yvaferifo.dl
[2009/09/30 21:54:41 | 00,018,179 | ---- | C] () -- C:\Program Files\Common Files\lywopolesi.scr
[2009/09/30 21:54:41 | 00,017,401 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\udixyhasi.com
[2009/09/30 21:54:41 | 00,016,887 | ---- | C] () -- C:\WINDOWS\jigikawuc.ban
[2009/09/30 21:54:41 | 00,016,202 | ---- | C] () -- C:\Program Files\Common Files\gybomurufo.inf
[2009/09/30 21:54:41 | 00,015,984 | ---- | C] () -- C:\Program Files\Common Files\ejijek._dl
[2009/09/30 21:54:41 | 00,015,113 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ozyki.bin
[2009/09/30 21:54:41 | 00,014,758 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ehenuw.db
[2009/09/30 21:54:41 | 00,014,382 | ---- | C] () -- C:\Program Files\Common Files\qusuviru.vbs
[2009/09/30 21:54:41 | 00,014,373 | ---- | C] () -- C:\WINDOWS\wohif.pif
[2009/09/30 21:54:41 | 00,014,338 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\wobav.dl
[2009/09/30 21:54:41 | 00,011,773 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\isiwodyku.dll
[2009/09/30 21:54:41 | 00,011,742 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\fity.dat
[2009/09/30 21:54:41 | 00,011,635 | ---- | C] () -- C:\WINDOWS\System32\eworysy.reg
[2009/09/30 21:54:41 | 00,011,569 | ---- | C] () -- C:\WINDOWS\hawe.reg
[2009/09/30 21:54:41 | 00,010,438 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\ukagyjikip.scr
[2009/09/30 20:16:55 | 00,265,216 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\svcst.exe
[2009/09/30 19:40:26 | 00,019,777 | ---- | C] () -- C:\WINDOWS\meqejujyz.dll
[2009/09/30 19:40:26 | 00,019,123 | ---- | C] () -- C:\WINDOWS\jywu.bin
[2009/09/30 19:40:26 | 00,018,564 | ---- | C] () -- C:\WINDOWS\System32\qyfoxoquf.dl
[2009/09/30 19:40:26 | 00,018,416 | ---- | C] () -- C:\Program Files\Common Files\emez.scr
[2009/09/30 19:40:26 | 00,018,238 | ---- | C] () -- C:\Program Files\Common Files\jyxo._dl
[2009/09/30 19:40:26 | 00,015,678 | ---- | C] () -- C:\WINDOWS\System32\ibuwydyn._sy
[2009/09/30 19:40:26 | 00,012,577 | ---- | C] () -- C:\WINDOWS\yfoxyc.bin
[2009/09/30 19:40:25 | 00,018,870 | ---- | C] () -- C:\WINDOWS\umejajap.bin
[2009/09/30 19:40:25 | 00,018,818 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\osyped.inf
[2009/09/30 19:40:25 | 00,017,655 | ---- | C] () -- C:\Program Files\Common Files\vejazuk.bin
[2009/09/30 19:40:25 | 00,016,417 | ---- | C] () -- C:\WINDOWS\imiz.ban
[2009/09/30 19:40:25 | 00,015,886 | ---- | C] () -- C:\WINDOWS\iqopat.dat
[2009/09/30 19:40:25 | 00,015,805 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\udij.ban
[2009/09/30 19:40:25 | 00,015,571 | ---- | C] () -- C:\Program Files\Common Files\ytamug.inf
[2009/09/30 19:40:25 | 00,015,087 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ygepicykex.dl
[2009/09/30 19:40:25 | 00,014,541 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\elubabef._dl
[2009/09/30 19:40:25 | 00,014,376 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\icili.scr
[2009/09/30 19:40:25 | 00,013,711 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ugahotugam.dl
[2009/09/30 19:40:25 | 00,011,122 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\irifagec.scr
[2009/09/30 19:40:25 | 00,010,921 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yqyni.vbs
[2009/09/30 19:40:25 | 00,010,039 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\myceril._sy
[2009/09/30 19:39:49 | 00,000,000 | ---D | C] -- C:\Program Files\AntivirusPro_2010
[2009/09/29 20:31:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/29 20:30:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla
[2009/09/29 20:30:07 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/29 20:29:49 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/09/29 19:47:22 | 00,017,907 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dapar.dl
[2009/09/29 19:47:22 | 00,016,492 | ---- | C] () -- C:\WINDOWS\muqykoqeva.dll
[2009/09/29 19:47:22 | 00,015,936 | ---- | C] () -- C:\Program Files\Common Files\ybenucody.dl
[2009/09/29 19:47:22 | 00,015,609 | ---- | C] () -- C:\WINDOWS\System32\dafigi.inf
[2009/09/29 19:47:22 | 00,015,484 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\alasy.exe
[2009/09/29 19:47:22 | 00,014,947 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\ewerehub.dat
[2009/09/29 19:47:22 | 00,014,717 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\mygy._sy
[2009/09/29 19:47:22 | 00,014,578 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\hyqurog.dat
[2009/09/29 19:47:22 | 00,014,264 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\ycotef.dat
[2009/09/29 19:47:22 | 00,011,396 | ---- | C] () -- C:\WINDOWS\huraxohy.inf
[2009/09/29 19:47:22 | 00,011,125 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\mybepug.exe
[2009/09/29 19:47:22 | 00,010,987 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\joqu.bin
[2009/09/29 19:47:22 | 00,010,952 | ---- | C] () -- C:\WINDOWS\zizyjyqyzu.pif
[2009/09/29 19:47:22 | 00,010,785 | ---- | C] () -- C:\Program Files\Common Files\uwahevev.dl
[2009/09/29 19:47:22 | 00,010,659 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\pejymeh.dll
[2009/09/29 19:47:22 | 00,010,056 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\ewikaredy.lib
[2009/09/29 19:04:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\attack
[2009/09/29 19:02:29 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joe\Desktop\mbam-setup.exe
[2009/09/29 18:59:03 | 00,000,469 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\Shortcut to mbam-setup.lnk
[2009/09/29 18:39:28 | 00,019,740 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\dokogigun._dl
[2009/09/29 18:39:28 | 00,018,705 | ---- | C] () -- C:\WINDOWS\uruquzezaw.pif
[2009/09/29 18:39:28 | 00,018,485 | ---- | C] () -- C:\WINDOWS\ijakyt.com
[2009/09/29 18:39:28 | 00,017,673 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\rihol.dll
[2009/09/29 18:39:28 | 00,017,469 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\arofuby.reg
[2009/09/29 18:39:28 | 00,016,971 | ---- | C] () -- C:\WINDOWS\unimume.com
[2009/09/29 18:39:28 | 00,016,914 | ---- | C] () -- C:\WINDOWS\udigosito._dl
[2009/09/29 18:39:28 | 00,016,492 | ---- | C] () -- C:\WINDOWS\ypeqepe.ban
[2009/09/29 18:39:28 | 00,016,358 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\fudalos.reg
[2009/09/29 18:39:28 | 00,015,505 | ---- | C] () -- C:\WINDOWS\System32\torenu.bin
[2009/09/29 18:39:28 | 00,015,243 | ---- | C] () -- C:\WINDOWS\nicimos.com
[2009/09/29 18:39:28 | 00,014,672 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\dyqefa.dat
[2009/09/29 18:39:28 | 00,013,572 | ---- | C] () -- C:\WINDOWS\gykecugu.db
[2009/09/29 18:39:28 | 00,013,394 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\nini.db
[2009/09/29 18:39:28 | 00,012,403 | ---- | C] () -- C:\WINDOWS\opuwuburyl.db
[2009/09/29 18:39:28 | 00,010,672 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\ogeqe.exe
[2009/09/29 18:39:28 | 00,010,421 | ---- | C] () -- C:\WINDOWS\hyzocah._sy
[2009/09/29 18:39:28 | 00,010,256 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\ryjone.bat
[2009/09/29 18:39:28 | 00,010,105 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\isas.exe
[2009/09/28 22:37:10 | 00,019,682 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\xipurohyxo._sy
[2009/09/28 22:37:10 | 00,018,912 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\juceq.bat
[2009/09/28 22:37:10 | 00,018,901 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\elyv.pif
[2009/09/28 22:37:10 | 00,017,343 | ---- | C] () -- C:\WINDOWS\haqyv.bin
[2009/09/28 22:37:10 | 00,016,380 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qybep.vbs
[2009/09/28 22:37:10 | 00,015,272 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\siceh.lib
[2009/09/28 22:37:10 | 00,014,977 | ---- | C] () -- C:\WINDOWS\System32\ejugoziw._dl
[2009/09/28 22:37:10 | 00,014,617 | ---- | C] () -- C:\WINDOWS\System32\umyh.reg
[2009/09/28 22:37:10 | 00,014,314 | ---- | C] () -- C:\WINDOWS\eqyva.scr
[2009/09/28 22:37:10 | 00,014,176 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\azucupoco.bin
[2009/09/28 22:37:10 | 00,013,616 | ---- | C] () -- C:\WINDOWS\alufyn.sys
[2009/09/28 22:37:10 | 00,013,565 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uhopu.bin
[2009/09/28 22:37:10 | 00,013,345 | ---- | C] () -- C:\WINDOWS\ydomy.dll
[2009/09/28 22:37:10 | 00,012,519 | ---- | C] () -- C:\Program Files\Common Files\pexelozyc.dl
[2009/09/28 22:37:10 | 00,012,497 | ---- | C] () -- C:\WINDOWS\siqeby
[2009/09/28 22:37:10 | 00,011,707 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\vawi.dll
[2009/09/28 22:37:10 | 00,011,463 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\boxonul.dll
[2009/09/28 22:37:10 | 00,011,140 | ---- | C] () -- C:\Program Files\Common Files\edyrab.db
[2009/09/28 22:37:10 | 00,011,095 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\ezowocar.db
[2009/09/28 22:37:10 | 00,011,026 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ydonyjosu.vbs
[2009/09/28 22:37:10 | 00,010,150 | ---- | C] () -- C:\WINDOWS\evovago.exe
[2009/09/28 21:22:14 | 00,000,302 | ---- | C] () -- C:\spyhunter.fix
[2009/09/28 21:22:12 | 00,000,290 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2009/09/28 21:21:52 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/09/28 18:18:38 | 00,014,035 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\woxire.sys
[2009/09/28 18:17:25 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/09/28 18:17:25 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/09/28 18:17:21 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/09/28 18:17:21 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2009/09/28 18:16:51 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2009/09/28 18:16:51 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/09/27 05:13:47 | 00,014,242 | ---- | C] () -- C:\WINDOWS\somogefo._sy
[2009/09/26 06:22:59 | 00,167,424 | ---- | C] (Legal Corporation) -- C:\WINDOWS\System32\_scui.cpl
[2009/09/26 06:22:55 | 00,019,864 | ---- | C] () -- C:\WINDOWS\ycuqid.inf
[2009/09/26 06:22:55 | 00,019,010 | ---- | C] () -- C:\WINDOWS\System32\ikafak.bat
[2009/09/26 06:22:55 | 00,016,344 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\cacobydi.dl
[2009/09/26 06:22:55 | 00,015,886 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\usetysa.vbs
[2009/09/26 06:22:55 | 00,015,218 | ---- | C] () -- C:\Program Files\Common Files\jidal.com
[2009/09/26 06:22:55 | 00,015,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bicory.pif
[2009/09/26 06:22:55 | 00,014,252 | ---- | C] () -- C:\WINDOWS\wemunad._dl
[2009/09/26 06:22:55 | 00,014,232 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\obatovamad.scr
[2009/09/26 06:22:55 | 00,014,007 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fykuri.inf
[2009/09/26 06:22:55 | 00,012,934 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lyhypona.pif
[2009/09/26 06:22:55 | 00,012,727 | ---- | C] () -- C:\Program Files\Common Files\irylodiq.bat
[2009/09/26 06:22:55 | 00,011,915 | ---- | C] () -- C:\Program Files\Common Files\fidykuwa.scr
[2009/09/26 06:22:55 | 00,011,852 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ogerowygu.exe
[2009/09/26 06:22:55 | 00,011,774 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\edecajol.sys
[2009/09/26 06:22:55 | 00,011,347 | ---- | C] () -- C:\WINDOWS\utuh.dat
[2009/09/26 06:21:23 | 00,229,488 | ---- | C] (TheBestSoft Corporation) -- C:\Documents and Settings\Joe\Application Data\lizkavd.exe
[2009/09/26 06:19:55 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\gasfkylhbqqbtw.sys
[2009/09/26 06:19:16 | 00,265,216 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\seres.exe
[2009/09/21 16:25:21 | 00,999,999 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\IMGP0193.JPG
[2009/09/21 16:25:21 | 00,963,160 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\IMGP0195.JPG
[2009/09/19 06:56:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Merscom
[2009/09/19 06:56:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/09/19 06:55:50 | 00,000,927 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\National Geographic Adventure - Lost City of Z.lnk
[2009/09/18 22:42:48 | 00,964,196 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\IMGP0189.JPG
[2009/09/12 07:36:06 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\20090912TRADES.xls
[2009/09/09 04:50:11 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/05 22:25:06 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/09/05 22:24:57 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/09/05 22:24:57 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/09/05 22:24:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/07/19 10:32:31 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/06/27 15:28:38 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\extitusiwtrppofv.sys
[2008/12/19 13:23:06 | 00,018,941 | ---- | C] () -- C:\WINDOWS\vmreg.dll
[2008/11/24 10:04:15 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/04/09 07:51:31 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/05/08 06:40:27 | 00,000,636 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/02/27 11:54:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/02/27 11:45:46 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/02/27 11:44:56 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2005/02/20 11:32:11 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/12 18:00:00 | 00,000,074 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2004/12/12 17:34:21 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\PretzelSpellCheck.dll
[2004/12/12 17:34:19 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\PMovieServer.dll
[2004/12/12 17:34:18 | 00,745,472 | ---- | C] () -- C:\WINDOWS\System32\PMAppBuilder.dll
[2004/12/02 21:12:21 | 00,000,055 | ---- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini
[2004/12/02 21:10:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2004/11/30 21:27:04 | 00,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2004/11/30 12:15:06 | 00,003,265 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/11/30 12:15:05 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2002/02/22 16:49:08 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\Twci_Err.dll
[2001/08/23 08:00:00 | 00,000,634 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/01/22 14:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/10/02 11:06:38 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/02 11:05:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/02 10:56:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/02 10:55:54 | 00,000,634 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/02 10:55:54 | 00,000,229 | RHS- | M] () -- C:\boot.ini
[2009/10/02 10:55:54 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/02 10:55:24 | 00,018,979 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\wijyle.dat
[2009/10/02 10:55:24 | 00,017,006 | ---- | M] () -- C:\Program Files\Common Files\gyqucelem.reg
[2009/10/02 10:55:24 | 00,016,976 | ---- | M] () -- C:\Program Files\Common Files\adewoqidek.dat
[2009/10/02 10:55:24 | 00,016,902 | ---- | M] () -- C:\WINDOWS\ykodu._dl
[2009/10/02 10:55:24 | 00,015,153 | ---- | M] () -- C:\Program Files\Common Files\refezyjode.db
[2009/10/02 10:55:24 | 00,014,644 | ---- | M] () -- C:\Program Files\Common Files\nopynibaf.pif
[2009/10/02 10:55:24 | 00,014,644 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\avazuh.inf
[2009/10/02 10:55:24 | 00,014,419 | ---- | M] () -- C:\WINDOWS\egowesovyw.reg
[2009/10/02 10:55:24 | 00,013,505 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\oqiwuwe.com
[2009/10/02 10:55:24 | 00,013,116 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\ohehyqojur.lib
[2009/10/02 10:55:24 | 00,012,785 | ---- | M] () -- C:\Program Files\Common Files\givyx.db
[2009/10/02 10:55:24 | 00,012,214 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\ycirynakew.exe
[2009/10/02 10:55:24 | 00,012,075 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\qojaxeve._dl
[2009/10/02 10:55:24 | 00,011,565 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\lityhus.bat
[2009/10/02 10:55:24 | 00,010,664 | ---- | M] () -- C:\WINDOWS\ywicip.dat
[2009/10/02 10:50:18 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2009/10/02 07:56:38 | 00,019,546 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\owiwe.dat
[2009/10/02 07:56:38 | 00,018,572 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xocix.com
[2009/10/02 07:56:38 | 00,016,440 | ---- | M] () -- C:\Program Files\Common Files\pyxo.bin
[2009/10/02 07:56:38 | 00,015,318 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\omemy.ban
[2009/10/02 07:56:38 | 00,015,216 | ---- | M] () -- C:\WINDOWS\System32\adid._sy
[2009/10/02 07:56:38 | 00,014,844 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\lelylexanu.scr
[2009/10/02 07:56:38 | 00,013,752 | ---- | M] () -- C:\Program Files\Common Files\fuvysode._dl
[2009/10/02 07:56:38 | 00,013,374 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\bulupik.dl
[2009/10/02 07:56:38 | 00,012,341 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\xynuwa._dl
[2009/10/02 07:56:38 | 00,011,900 | ---- | M] () -- C:\WINDOWS\ykaregi._dl
[2009/10/02 07:56:38 | 00,011,131 | ---- | M] () -- C:\WINDOWS\puwyxaxar.sys
[2009/10/02 07:56:38 | 00,010,689 | ---- | M] () -- C:\Program Files\Common Files\cetewa.com
[2009/10/01 22:02:44 | 00,001,670 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\AntivirusPro_2010.lnk
[2009/10/01 22:02:30 | 00,229,488 | ---- | M] (TheBestSoft Corporation) -- C:\Documents and Settings\Joe\Application Data\lizkavd.exe
[2009/10/01 18:00:10 | 00,288,768 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\8uyc2vnw.exe
[2009/09/30 21:54:41 | 00,018,662 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\yvaferifo.dl
[2009/09/30 21:54:41 | 00,018,179 | ---- | M] () -- C:\Program Files\Common Files\lywopolesi.scr
[2009/09/30 21:54:41 | 00,017,401 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\udixyhasi.com
[2009/09/30 21:54:41 | 00,016,887 | ---- | M] () -- C:\WINDOWS\jigikawuc.ban
[2009/09/30 21:54:41 | 00,016,202 | ---- | M] () -- C:\Program Files\Common Files\gybomurufo.inf
[2009/09/30 21:54:41 | 00,015,984 | ---- | M] () -- C:\Program Files\Common Files\ejijek._dl
[2009/09/30 21:54:41 | 00,015,113 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ozyki.bin
[2009/09/30 21:54:41 | 00,014,758 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ehenuw.db
[2009/09/30 21:54:41 | 00,014,382 | ---- | M] () -- C:\Program Files\Common Files\qusuviru.vbs
[2009/09/30 21:54:41 | 00,014,373 | ---- | M] () -- C:\WINDOWS\wohif.pif
[2009/09/30 21:54:41 | 00,014,338 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\wobav.dl
[2009/09/30 21:54:41 | 00,011,773 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\isiwodyku.dll
[2009/09/30 21:54:41 | 00,011,742 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\fity.dat
[2009/09/30 21:54:41 | 00,011,635 | ---- | M] () -- C:\WINDOWS\System32\eworysy.reg
[2009/09/30 21:54:41 | 00,011,569 | ---- | M] () -- C:\WINDOWS\hawe.reg
[2009/09/30 21:54:41 | 00,010,438 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\ukagyjikip.scr
[2009/09/30 21:26:05 | 00,000,469 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Shortcut to mbam-setup.lnk
[2009/09/30 20:16:48 | 00,017,145 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/09/30 19:40:26 | 00,019,777 | ---- | M] () -- C:\WINDOWS\meqejujyz.dll
[2009/09/30 19:40:26 | 00,019,123 | ---- | M] () -- C:\WINDOWS\jywu.bin
[2009/09/30 19:40:26 | 00,018,564 | ---- | M] () -- C:\WINDOWS\System32\qyfoxoquf.dl
[2009/09/30 19:40:26 | 00,018,416 | ---- | M] () -- C:\Program Files\Common Files\emez.scr
[2009/09/30 19:40:26 | 00,018,238 | ---- | M] () -- C:\Program Files\Common Files\jyxo._dl
[2009/09/30 19:40:26 | 00,015,678 | ---- | M] () -- C:\WINDOWS\System32\ibuwydyn._sy
[2009/09/30 19:40:26 | 00,012,577 | ---- | M] () -- C:\WINDOWS\yfoxyc.bin
[2009/09/30 19:40:25 | 00,018,870 | ---- | M] () -- C:\WINDOWS\umejajap.bin
[2009/09/30 19:40:25 | 00,018,818 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\osyped.inf
[2009/09/30 19:40:25 | 00,017,655 | ---- | M] () -- C:\Program Files\Common Files\vejazuk.bin
[2009/09/30 19:40:25 | 00,016,417 | ---- | M] () -- C:\WINDOWS\imiz.ban
[2009/09/30 19:40:25 | 00,015,886 | ---- | M] () -- C:\WINDOWS\iqopat.dat
[2009/09/30 19:40:25 | 00,015,805 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\udij.ban
[2009/09/30 19:40:25 | 00,015,571 | ---- | M] () -- C:\Program Files\Common Files\ytamug.inf
[2009/09/30 19:40:25 | 00,015,087 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ygepicykex.dl
[2009/09/30 19:40:25 | 00,014,541 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\elubabef._dl
[2009/09/30 19:40:25 | 00,014,376 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\icili.scr
[2009/09/30 19:40:25 | 00,013,711 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ugahotugam.dl
[2009/09/30 19:40:25 | 00,011,122 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\irifagec.scr
[2009/09/30 19:40:25 | 00,010,921 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yqyni.vbs
[2009/09/30 19:40:25 | 00,010,039 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\myceril._sy
[2009/09/29 20:31:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/09/29 20:30:07 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/29 19:47:22 | 00,017,907 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dapar.dl
[2009/09/29 19:47:22 | 00,016,492 | ---- | M] () -- C:\WINDOWS\muqykoqeva.dll
[2009/09/29 19:47:22 | 00,015,936 | ---- | M] () -- C:\Program Files\Common Files\ybenucody.dl
[2009/09/29 19:47:22 | 00,015,609 | ---- | M] () -- C:\WINDOWS\System32\dafigi.inf
[2009/09/29 19:47:22 | 00,015,484 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\alasy.exe
[2009/09/29 19:47:22 | 00,014,947 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\ewerehub.dat
[2009/09/29 19:47:22 | 00,014,717 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\mygy._sy
[2009/09/29 19:47:22 | 00,014,578 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\hyqurog.dat
[2009/09/29 19:47:22 | 00,014,264 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\ycotef.dat
[2009/09/29 19:47:22 | 00,011,396 | ---- | M] () -- C:\WINDOWS\huraxohy.inf
[2009/09/29 19:47:22 | 00,011,125 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\mybepug.exe
[2009/09/29 19:47:22 | 00,010,987 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\joqu.bin
[2009/09/29 19:47:22 | 00,010,952 | ---- | M] () -- C:\WINDOWS\zizyjyqyzu.pif
[2009/09/29 19:47:22 | 00,010,785 | ---- | M] () -- C:\Program Files\Common Files\uwahevev.dl
[2009/09/29 19:47:22 | 00,010,659 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\pejymeh.dll
[2009/09/29 19:47:22 | 00,010,056 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\ewikaredy.lib
[2009/09/29 19:17:33 | 00,000,290 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2009/09/29 18:57:08 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joe\Desktop\mbam-setup.exe
[2009/09/29 18:39:28 | 00,019,740 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\dokogigun._dl
[2009/09/29 18:39:28 | 00,018,705 | ---- | M] () -- C:\WINDOWS\uruquzezaw.pif
[2009/09/29 18:39:28 | 00,018,485 | ---- | M] () -- C:\WINDOWS\ijakyt.com
[2009/09/29 18:39:28 | 00,017,673 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\rihol.dll
[2009/09/29 18:39:28 | 00,017,469 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\arofuby.reg
[2009/09/29 18:39:28 | 00,016,971 | ---- | M] () -- C:\WINDOWS\unimume.com
[2009/09/29 18:39:28 | 00,016,914 | ---- | M] () -- C:\WINDOWS\udigosito._dl
[2009/09/29 18:39:28 | 00,016,492 | ---- | M] () -- C:\WINDOWS\ypeqepe.ban
[2009/09/29 18:39:28 | 00,016,358 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\fudalos.reg
[2009/09/29 18:39:28 | 00,015,505 | ---- | M] () -- C:\WINDOWS\System32\torenu.bin
[2009/09/29 18:39:28 | 00,015,243 | ---- | M] () -- C:\WINDOWS\nicimos.com
[2009/09/29 18:39:28 | 00,014,672 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\dyqefa.dat
[2009/09/29 18:39:28 | 00,013,572 | ---- | M] () -- C:\WINDOWS\gykecugu.db
[2009/09/29 18:39:28 | 00,013,394 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\nini.db
[2009/09/29 18:39:28 | 00,012,403 | ---- | M] () -- C:\WINDOWS\opuwuburyl.db
[2009/09/29 18:39:28 | 00,010,672 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\ogeqe.exe
[2009/09/29 18:39:28 | 00,010,421 | ---- | M] () -- C:\WINDOWS\hyzocah._sy
[2009/09/29 18:39:28 | 00,010,256 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\ryjone.bat
[2009/09/29 18:39:28 | 00,010,105 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\isas.exe
[2009/09/29 17:17:31 | 00,000,618 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Joe.job
[2009/09/29 16:52:36 | 00,000,302 | ---- | M] () -- C:\spyhunter.fix
[2009/09/28 22:37:10 | 00,019,682 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\xipurohyxo._sy
[2009/09/28 22:37:10 | 00,018,912 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\juceq.bat
[2009/09/28 22:37:10 | 00,018,901 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\elyv.pif
[2009/09/28 22:37:10 | 00,017,343 | ---- | M] () -- C:\WINDOWS\haqyv.bin
[2009/09/28 22:37:10 | 00,016,380 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\qybep.vbs
[2009/09/28 22:37:10 | 00,015,272 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\siceh.lib
[2009/09/28 22:37:10 | 00,014,977 | ---- | M] () -- C:\WINDOWS\System32\ejugoziw._dl
[2009/09/28 22:37:10 | 00,014,617 | ---- | M] () -- C:\WINDOWS\System32\umyh.reg
[2009/09/28 22:37:10 | 00,014,314 | ---- | M] () -- C:\WINDOWS\eqyva.scr
[2009/09/28 22:37:10 | 00,014,176 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\azucupoco.bin
[2009/09/28 22:37:10 | 00,013,616 | ---- | M] () -- C:\WINDOWS\alufyn.sys
[2009/09/28 22:37:10 | 00,013,565 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\uhopu.bin
[2009/09/28 22:37:10 | 00,013,345 | ---- | M] () -- C:\WINDOWS\ydomy.dll
[2009/09/28 22:37:10 | 00,012,519 | ---- | M] () -- C:\Program Files\Common Files\pexelozyc.dl
[2009/09/28 22:37:10 | 00,012,497 | ---- | M] () -- C:\WINDOWS\siqeby
[2009/09/28 22:37:10 | 00,011,707 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\vawi.dll
[2009/09/28 22:37:10 | 00,011,463 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\boxonul.dll
[2009/09/28 22:37:10 | 00,011,140 | ---- | M] () -- C:\Program Files\Common Files\edyrab.db
[2009/09/28 22:37:10 | 00,011,095 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\ezowocar.db
[2009/09/28 22:37:10 | 00,011,026 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ydonyjosu.vbs
[2009/09/28 22:37:10 | 00,010,150 | ---- | M] () -- C:\WINDOWS\evovago.exe
[2009/09/28 18:25:07 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2009/09/28 18:18:38 | 00,014,035 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\woxire.sys
[2009/09/27 05:13:47 | 00,014,242 | ---- | M] () -- C:\WINDOWS\somogefo._sy
[2009/09/26 06:23:05 | 00,167,424 | ---- | M] (Legal Corporation) -- C:\WINDOWS\System32\_scui.cpl
[2009/09/26 06:22:55 | 00,019,864 | ---- | M] () -- C:\WINDOWS\ycuqid.inf
[2009/09/26 06:22:55 | 00,019,010 | ---- | M] () -- C:\WINDOWS\System32\ikafak.bat
[2009/09/26 06:22:55 | 00,016,344 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\cacobydi.dl
[2009/09/26 06:22:55 | 00,015,886 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\usetysa.vbs
[2009/09/26 06:22:55 | 00,015,218 | ---- | M] () -- C:\Program Files\Common Files\jidal.com
[2009/09/26 06:22:55 | 00,015,188 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bicory.pif
[2009/09/26 06:22:55 | 00,014,252 | ---- | M] () -- C:\WINDOWS\wemunad._dl
[2009/09/26 06:22:55 | 00,014,232 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\obatovamad.scr
[2009/09/26 06:22:55 | 00,014,007 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\fykuri.inf
[2009/09/26 06:22:55 | 00,012,934 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\lyhypona.pif
[2009/09/26 06:22:55 | 00,012,727 | ---- | M] () -- C:\Program Files\Common Files\irylodiq.bat
[2009/09/26 06:22:55 | 00,011,915 | ---- | M] () -- C:\Program Files\Common Files\fidykuwa.scr
[2009/09/26 06:22:55 | 00,011,852 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ogerowygu.exe
[2009/09/26 06:22:55 | 00,011,774 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\edecajol.sys
[2009/09/26 06:22:55 | 00,011,347 | ---- | M] () -- C:\WINDOWS\utuh.dat
[2009/09/26 06:19:55 | 00,072,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\gasfkylhbqqbtw.sys
[2009/09/26 06:19:15 | 00,265,216 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\svcst.exe
[2009/09/26 06:19:15 | 00,265,216 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\seres.exe
[2009/09/22 16:25:00 | 00,963,160 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\IMGP0195.JPG
[2009/09/22 16:24:40 | 00,999,999 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\IMGP0193.JPG
[2009/09/21 16:22:39 | 00,006,656 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/19 22:39:30 | 00,964,196 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\IMGP0189.JPG
[2009/09/19 06:55:50 | 00,000,927 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\National Geographic Adventure - Lost City of Z.lnk
[2009/09/13 13:00:51 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\20090912TRADES.xls
[2009/09/09 05:33:27 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/05 22:25:06 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/09/05 22:24:57 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/09/05 22:24:57 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/09/05 22:24:37 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2009/09/05 22:24:37 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

========== LOP Check ==========

[2009/10/02 10:55:24 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/08/01 06:59:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/09/19 06:56:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/06/19 09:50:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2007/12/04 09:01:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/12/24 19:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2005/10/02 18:54:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/05/31 14:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/06/21 17:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2008/03/16 08:20:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2005/02/20 12:14:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2008/11/29 09:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/25 11:53:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/10/02 07:56:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Joe\Application Data
[2006/03/04 16:38:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\7Wonders
[2005/02/27 11:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\ArcSoft
[2004/11/30 23:31:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\ICQ
[2007/08/25 11:05:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\iWin
[2005/11/27 17:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Leadertech
[2009/06/20 08:03:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\MagicBall4
[2009/09/19 06:56:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Merscom
[2005/06/11 20:52:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Mind Control Software
[2008/11/22 08:46:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Move Networks
[2009/06/19 09:51:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\MSN6
[2008/05/31 14:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\PlayFirst
[2007/01/14 11:18:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\ProjectPoint-7
[2006/12/23 00:14:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Roxio
[2008/02/16 10:10:48 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Joe\Application Data\SecuROM
[2004/12/02 20:11:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\ThinkWave Software
[2008/12/25 11:47:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\TomTom
[2001/08/23 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/29 17:17:31 | 00,000,618 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Joe.job
[2009/10/02 10:56:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8591AF9
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3A4217C
< End of report >

OTL Extras logfile created on: 10/2/2009 11:10:01 AM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\Joe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.49 Mb Total Physical Memory | 621.60 Mb Available Physical Memory | 80.99% Memory free
1.83 Gb Paging File | 1.76 Gb Available in Paging File | 96.24% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 40.03 Gb Free Space | 53.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 982.72 Mb Total Space | 949.72 Mb Free Space | 96.64% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEPUG
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\ICQ\Icq.exe" = C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ -- (ICQ Inc.)
"C:\Program Files\EA GAMES\Ultima Online Samurai Empire\client.exe" = C:\Program Files\EA GAMES\Ultima Online Samurai Empire\client.exe:*:Enabled:Ultima Online Client -- (Electronic Arts)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A416BE7-AC93-414B-0093-7193CAF18296}" = Ultima Online: Samurai Empire
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{1C2EE26A-3D1E-470E-A704-4A90B34910F5}" = SymNet
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{25771101-7948-4591-ABF3-B1ECE7A7F45F}" = HP Update
"{25E671BE-87A0-40F1-ABE5-BCBC6E65B0F5}" = Canon Camera WIA Driver
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2A304FDE-F4E3-446D-AA0D-31425C897B71}" = PrintMaster
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4200_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{7148F0A8-6813-11D6-A77B-00B0D0142070}" = Java 2 Runtime Environment, SE v1.4.2_07
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB90749C-7422-4580-8A7A-66CC5E9E5F98}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AD708DF0-9F04-4CB3-821A-85804A833B4D}" = ArcSoft Camera Suite
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B8CD1189-53D6-4C51-8082-14B812EABBA8}" = Canon Camera WIA Driver
"{B94061DC-B2BB-42F7-800D-BCBF678AA8B3}" = Canon Camera WIA Driver
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D46E7115-E836-4EED-8173-1E45AE8FCE9B}" = Symantec Real Time Storage Protection Component
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4200_Help
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AntivirusPro_2010" = Antivirus Pro 2010
"Army Builder V2.2c" = Army Builder V2.2c
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"AutoCAD 2000 Uninstall" = AutoCAD 2000
"Bicycle Casino 2.0" = Bicycle Casino 2.0
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"CutePDF Writer Installation" = CutePDF Writer 2.7
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"Gamevance" = Gamevance
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"ICQ" = ICQ
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{25E671BE-87A0-40F1-ABE5-BCBC6E65B0F5}" = Canon PowerShot S45 WIA Driver
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{B8CD1189-53D6-4C51-8082-14B812EABBA8}" = Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver
"InstallShield_{B94061DC-B2BB-42F7-800D-BCBF678AA8B3}" = Canon PowerShot G3 WIA Driver
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"magicball4" = Magic Ball 4
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"nationalgeographicadventurelostcityofz" = National Geographic Adventure - Lost City of Z
"NetSight" = Nielsen//NetRatings
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAnForce" = NVIDIA Windows 2000/XP nForce Drivers
"PhotoRecord" = Canon PhotoRecord
"ProjectPoint-7" = Autodesk Buzzsaw 7.3.1838.31
"Puzzle Hero" = Puzzle Hero
"RealArcade" = RealArcade
"RealPlayer 12.0" = RealPlayer
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SysInfo" = Creative System Information
"TomTom HOME" = TomTom HOME 2.6.2.1586
"UOAM" = UO Auto-Map
"UOAssist" = UOAssist
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Web Controls_is1" = Supportsoft Web Controls
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2009 8:52:35 PM | Computer Name = THEPUG | Source = Application Error | ID = 1000
Description = Faulting application hpwucli.exe, version 5.0.8.1, faulting module
hpwucli.exe, version 5.0.8.1, fault address 0x00004607.

[ System Events ]
Error - 10/1/2009 4:55:20 PM | Computer Name = THEPUG | Source = Service Control Manager | ID = 7034
Description = The TomTomHOMEService service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/2/2009 10:49:18 AM | Computer Name = THEPUG | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/2/2009 10:55:00 AM | Computer Name = THEPUG | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/2/2009 11:06:51 AM | Computer Name = THEPUG | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/2/2009 11:07:17 AM | Computer Name = THEPUG | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 10/2/2009 11:07:17 AM | Computer Name = THEPUG | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 10/2/2009 11:07:17 AM | Computer Name = THEPUG | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 10/2/2009 11:07:17 AM | Computer Name = THEPUG | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 10/2/2009 11:07:17 AM | Computer Name = THEPUG | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK7 eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SYMTDI Tcpip

Error - 10/2/2009 11:09:04 AM | Computer Name = THEPUG | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-02 15:17:31
Windows 5.1.2600 Service Pack 3
Running: 8uyc2vnw.exe; Driver: C:\DOCUME~1\Joe\LOCALS~1\Temp\pwtdipoc.sys


---- System - GMER 1.0.15 ----

Code E173FE58 ZwEnumerateKey
Code E1011D28 ZwFlushInstructionCache
Code F72D6EAB pIofCallDriver
Code F72D7853 pIofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP E173FE5C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP E1011D2C

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[828] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[828] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[828] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C3000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\TDSSmxlt.sys (*** hidden *** ) F72D5000-F72E7000 (73728 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:144] F72D7D66

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\TDSSmxlt.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \systemroot\system32\drivers\TDSSmxlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\[email protected] \systemroot\system32\drivers\TDSSmxlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSoity.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSmtve.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSarxx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSvoql.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSnvuo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSdxcp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSsahj.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSxhyf.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSkkai.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] \systemroot\system32\drivers\TDSSmxlt.sys
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] file system
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\[email protected] \systemroot\system32\drivers\TDSSmxlt.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSoity.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSmtve.dat
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSarxx.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSvoql.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSnvuo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSdxcp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSsahj.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSxhyf.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSkkai.log
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 95
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 404
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 0x02 0x19 0x12 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] pagead2.googlesyndication.com
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 1

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\TDSSmxlt.sys 60416 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\TDSSarxx.dll 29696 bytes executable
File C:\WINDOWS\system32\TDSSdxcp.dll 3628 bytes
File C:\WINDOWS\system32\TDSSkkai.log 11852 bytes
File C:\WINDOWS\system32\TDSSmtve.dat 441 bytes
File C:\WINDOWS\system32\TDSSnvuo.dll 61440 bytes executable
File C:\WINDOWS\system32\TDSSoity.dll 35840 bytes executable
File C:\WINDOWS\system32\TDSSvoql.dll 31232 bytes executable
File C:\WINDOWS\Temp\TDSSf279.tmp 441 bytes
File C:\WINDOWS\Temp\TDSSf567.tmp 60416 bytes executable
File C:\WINDOWS\Temp\TDSSf7b9.tmp 35840 bytes executable
File C:\WINDOWS\Temp\TDSSf910.tmp 29696 bytes executable
File C:\WINDOWS\Temp\TDSSfa78.tmp 31232 bytes executable
File C:\WINDOWS\Temp\TDSSfc5c.tmp 61440 bytes executable
File C:\Documents and Settings\Joe\Local Settings\Temp\TDSS5e84.tmp 102400 bytes executable
File C:\Documents and Settings\Joe\Local Settings\Temp\TDSS5ed3.tmp 617472 bytes executable

---- EOF - GMER 1.0.15 ----
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
First temporarily disable any antivirus program or any real time shields that are present:
If you do not know how then you can refer to this link:
http://www.bleepingc...opic114351.html
================
Then Download Combofix from any of the links below. You must rename it before saving it. Rename it to kahdah then save it to your desktop.
Link 1
Link 2
--------------------------------------------------------------------

Double click on kahdah.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

  • 0

#5
cheech4487

cheech4487

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Sorry for the delay, I now have this problem on my backup PC. I am finally back online & I am working on the next step. Thanx for the patience.
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok we can clean this one first then go to that one.
  • 0

#7
cheech4487

cheech4487

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Well I ran the scan but I am thinking that the Symantec update was still active and I hope it won't affect the results any. For the first time since I got this problem I am "able" to go online with the affected PC. Thank you so much for the help. Here is the log for the combofix:

ComboFix 09-10-06.03 - Joe 10/06/2009 21:16.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.393 [GMT -4:00]
Running from: c:\documents and settings\Joe\Desktop\kahdah.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\avazuh.inf
c:\documents and settings\All Users\Application Data\bicory.pif
c:\documents and settings\All Users\Application Data\dapar.dl
c:\documents and settings\All Users\Application Data\fykuri.inf
c:\documents and settings\All Users\Application Data\icili.scr
c:\documents and settings\All Users\Application Data\isiwodyku.dll
c:\documents and settings\All Users\Application Data\joqu.bin
c:\documents and settings\All Users\Application Data\kuleh.lib
c:\documents and settings\All Users\Application Data\lyhypona.pif
c:\documents and settings\All Users\Application Data\Microsoft\Protect\svhost.exe
c:\documents and settings\All Users\Application Data\Microsoft\Protect\track.sys
c:\documents and settings\All Users\Application Data\qojaxeve._dl
c:\documents and settings\All Users\Application Data\qybep.vbs
c:\documents and settings\All Users\Application Data\svhost.exe
c:\documents and settings\All Users\Application Data\uhopu.bin
c:\documents and settings\All Users\Application Data\usetysa.vbs
c:\documents and settings\All Users\Application Data\vadoralufi.scr
c:\documents and settings\All Users\Application Data\xocix.com
c:\documents and settings\All Users\Application Data\ydonyjosu.vbs
c:\documents and settings\All Users\Application Data\ygepicykex.dl
c:\documents and settings\All Users\Application Data\yqyni.vbs
c:\documents and settings\All Users\Documents\alasy.exe
c:\documents and settings\All Users\Documents\asiva.bin
c:\documents and settings\All Users\Documents\bulupik.dl
c:\documents and settings\All Users\Documents\juceq.bat
c:\documents and settings\All Users\Documents\obatovamad.scr
c:\documents and settings\All Users\Documents\ogerowygu.exe
c:\documents and settings\All Users\Documents\omemy.ban
c:\documents and settings\All Users\Documents\ozyki.bin
c:\documents and settings\All Users\Documents\udixyhasi.com
c:\documents and settings\All Users\Documents\ugahotugam.dl
c:\documents and settings\All Users\Documents\wobav.dl
c:\documents and settings\Joe\Application Data\arofuby.reg
c:\documents and settings\Joe\Application Data\boxonul.dll
c:\documents and settings\Joe\Application Data\dokogigun._dl
c:\documents and settings\Joe\Application Data\elubabef._dl
c:\documents and settings\Joe\Application Data\elyv.pif
c:\documents and settings\Joe\Application Data\ewikaredy.lib
c:\documents and settings\Joe\Application Data\gedavyvula.reg
c:\documents and settings\Joe\Application Data\isas.exe
c:\documents and settings\Joe\Application Data\lelylexanu.scr
c:\documents and settings\Joe\Application Data\lizkavd.exe
c:\documents and settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Joe\Application Data\mygy._sy
c:\documents and settings\Joe\Application Data\ogeqe.exe
c:\documents and settings\Joe\Application Data\ohehyqojur.lib
c:\documents and settings\Joe\Application Data\seres.exe
c:\documents and settings\Joe\Application Data\svcst.exe
c:\documents and settings\Joe\Application Data\udij.ban
c:\documents and settings\Joe\Application Data\vabi.lib
c:\documents and settings\Joe\Application Data\vawi.dll
c:\documents and settings\Joe\Application Data\woxire.sys
c:\documents and settings\Joe\Application Data\xipurohyxo._sy
c:\documents and settings\Joe\Application Data\xynuwa._dl
c:\documents and settings\Joe\Application Data\yvaferifo.dl
c:\documents and settings\Joe\Cookies\abylaqu.lib
c:\documents and settings\Joe\Cookies\eqef.ban
c:\documents and settings\Joe\Cookies\eqyputy.sys
c:\documents and settings\Joe\Cookies\hezuvexuz.lib
c:\documents and settings\Joe\Cookies\imador.db
c:\documents and settings\Joe\Cookies\iwyv.pif
c:\documents and settings\Joe\Cookies\mewowobe.db
c:\documents and settings\Joe\Cookies\pezedo.pif
c:\documents and settings\Joe\Cookies\qirawadom._dl
c:\documents and settings\Joe\Cookies\ruketaj.bin
c:\documents and settings\Joe\Cookies\sagazequ.vbs
c:\documents and settings\Joe\Cookies\ysizut.sys
c:\documents and settings\Joe\Cookies\zyfujedu.lib
c:\documents and settings\Joe\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\Joe\Local Settings\Application Data\azucupoco.bin
c:\documents and settings\Joe\Local Settings\Application Data\cacobydi.dl
c:\documents and settings\Joe\Local Settings\Application Data\edecajol.sys
c:\documents and settings\Joe\Local Settings\Application Data\fudalos.reg
c:\documents and settings\Joe\Local Settings\Application Data\irifagec.scr
c:\documents and settings\Joe\Local Settings\Application Data\jisas._sy
c:\documents and settings\Joe\Local Settings\Application Data\lityhus.bat
c:\documents and settings\Joe\Local Settings\Application Data\mybepug.exe
c:\documents and settings\Joe\Local Settings\Application Data\oqiwuwe.com
c:\documents and settings\Joe\Local Settings\Application Data\osyped.inf
c:\documents and settings\Joe\Local Settings\Application Data\pejymeh.dll
c:\documents and settings\Joe\Local Settings\Application Data\rihol.dll
c:\documents and settings\Joe\Local Settings\Application Data\ryjone.bat
c:\documents and settings\Joe\Local Settings\Application Data\ukagyjikip.scr
c:\documents and settings\Joe\Local Settings\Application Data\ycirynakew.exe
c:\documents and settings\Joe\Local Settings\Temporary Internet Files\cikixodaz.exe
c:\documents and settings\Joe\Local Settings\Temporary Internet Files\cola.pif
c:\documents and settings\Joe\Local Settings\Temporary Internet Files\dovybahi.scr
c:\documents and settings\Joe\Local Settings\Temporary Internet Files\egaro.bin
c:\documents and settings\Joe\Local Settings\Temporary Internet Files\etuvulyjil.dat
c:\documents and settings\Joe\Local Settings\Temporary Internet Files\ifir._sy
c:\documents and settings\Joe\Local Settings\Temporary Internet Files\izubesaxib.pif
c:\documents and settings\Joe\Local Settings\Temporary Internet Files\jelidasomy.dll
c:\documents and settings\Joe\Local Settings\Temporary Internet Files\joxywaxapa.pif
c:\documents and settings\Joe\Local Settings\Temporary Internet Files\ohafaqory.pif
c:\documents and settings\Joe\Local Settings\Temporary Internet Files\osivig.exe
c:\documents and settings\Joe\Local Settings\Temporary Internet Files\tewabawite.lib
c:\documents and settings\Joe\Local Settings\Temporary Internet Files\uviju.scr
c:\documents and settings\Joe\Local Settings\Temporary Internet Files\uzifef.scr
c:\documents and settings\Joe\Local Settings\Temporary Internet Files\vofypycuq.vbs
c:\documents and settings\Joe\Local Settings\Temporary Internet Files\yqykeq.dl
c:\documents and settings\Joe\My Documents\langpacks.info
c:\documents and settings\Joe\My Documents\packs.info
c:\documents and settings\Joe\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\Joe\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Joe\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
c:\documents and settings\Kathy\My Documents\ZbThumbnail.info
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\AntivirusPro_2010\kljhsf.mov.exe
c:\program files\Common Files\cetewa.com
c:\program files\Common Files\ejijek._dl
c:\program files\Common Files\emez.scr
c:\program files\Common Files\fidykuwa.scr
c:\program files\Common Files\fuvysode._dl
c:\program files\Common Files\gybomurufo.inf
c:\program files\Common Files\gyqucelem.reg
c:\program files\Common Files\irylodiq.bat
c:\program files\Common Files\jidal.com
c:\program files\Common Files\jyxo._dl
c:\program files\Common Files\lywopolesi.scr
c:\program files\Common Files\nopynibaf.pif
c:\program files\Common Files\pexelozyc.dl
c:\program files\Common Files\pyxo.bin
c:\program files\Common Files\qusuviru.vbs
c:\program files\Common Files\upuh.vbs
c:\program files\Common Files\uwahevev.dl
c:\program files\Common Files\vejazuk.bin
c:\program files\Common Files\ybenucody.dl
c:\program files\Common Files\ytamug.inf
c:\program files\gamevance\gamevancelib32.dll
c:\program files\Gamevance\gvtl.dll
c:\program files\INSTALL.LOG
c:\program files\Spyware Guard 2008
c:\program files\Spyware Guard 2008\conf.cfg
c:\program files\Spyware Guard 2008\mbase.vdb
c:\program files\Spyware Guard 2008\quarantine.vdb
c:\program files\Spyware Guard 2008\queue.vdb
c:\program files\Spyware Guard 2008\spywareguard.exe
c:\program files\Spyware Guard 2008\uninstall.exe
c:\program files\Spyware Guard 2008\vbase.vdb
c:\windows\adaharih._dl
c:\windows\alufyn.sys
c:\windows\egowesovyw.reg
c:\windows\eqyva.scr
c:\windows\evovago.exe
c:\windows\haqyv.bin
c:\windows\hawe.reg
c:\windows\huraxohy.inf
c:\windows\imiz.ban
c:\windows\jigikawuc.ban
c:\windows\jywu.bin
c:\windows\meqejujyz.dll
c:\windows\muqykoqeva.dll
c:\windows\onaguveku._dl
c:\windows\puwyxaxar.sys
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\_scui.cpl
c:\windows\system32\dafigi.inf
c:\windows\system32\drivers\extitusiwtrppofv.sys
c:\windows\system32\drivers\gasfkylhbqqbtw.sys
c:\windows\system32\drivers\TDSSmxlt.sys
c:\windows\system32\ejugoziw._dl
c:\windows\system32\eworysy.reg
c:\windows\system32\ikafak.bat
c:\windows\system32\nopyjomufo.ban
c:\windows\system32\qyfoxoquf.dl
c:\windows\system32\TDSSarxx.dll
c:\windows\system32\TDSSdxcp.dll
c:\windows\system32\TDSSkkai.log
c:\windows\system32\TDSSmtve.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnvuo.dll
c:\windows\system32\TDSSoity.dll
c:\windows\system32\TDSSsahj.dll
c:\windows\system32\TDSSvoql.dll
c:\windows\system32\TDSSxhyf.log
c:\windows\system32\torenu.bin
c:\windows\system32\umyh.reg
c:\windows\system32\uxamet.pif
c:\windows\system32\wbem\proquota.exe
c:\windows\udigosito._dl
c:\windows\umejajap.bin
c:\windows\uruquzezaw.pif
c:\windows\vmreg.dll
c:\windows\wemunad._dl
c:\windows\wohif.pif
c:\windows\ycuqid.inf
c:\windows\ydomy.dll
c:\windows\yfoxyc.bin
c:\windows\ykaregi._dl
c:\windows\ykodu._dl
c:\windows\ypeqepe.ban
c:\windows\zizyjyqyzu.pif

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-07 01:24 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-07 01:24 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-07 01:11 . 2009-10-07 01:11 -------- d-----w- C:\kahdah5733k
2009-10-07 00:06 . 2009-10-07 00:09 -------- d-----w- C:\kahdah
2009-10-02 14:55 . 2009-10-02 14:55 16976 ----a-w- c:\program files\Common Files\adewoqidek.dat
2009-10-02 14:55 . 2009-10-02 14:55 10664 ----a-w- c:\windows\ywicip.dat
2009-09-30 23:40 . 2009-09-30 23:40 15886 ----a-w- c:\windows\iqopat.dat
2009-09-30 00:31 . 2009-09-30 00:31 0 ----a-w- c:\windows\nsreg.dat
2009-09-30 00:30 . 2009-09-30 00:30 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\Mozilla
2009-09-29 23:47 . 2009-09-29 23:47 14947 ----a-w- c:\documents and settings\Joe\Local Settings\Application Data\ewerehub.dat
2009-09-29 23:47 . 2009-09-29 23:47 14264 ----a-w- c:\documents and settings\Joe\Local Settings\Application Data\ycotef.dat
2009-09-29 22:39 . 2009-09-29 22:39 18485 ----a-w- c:\windows\ijakyt.com
2009-09-29 22:39 . 2009-09-29 22:39 16971 ----a-w- c:\windows\unimume.com
2009-09-29 22:39 . 2009-09-29 22:39 15243 ----a-w- c:\windows\nicimos.com
2009-09-29 01:21 . 2009-09-29 01:21 -------- d-----w- c:\program files\Enigma Software Group
2009-09-28 22:17 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-09-28 22:17 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-09-28 22:17 . 2001-08-17 17:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-09-28 22:17 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-09-28 22:16 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-09-28 22:16 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-09-26 10:22 . 2009-09-26 10:22 11347 ----a-w- c:\windows\utuh.dat
2009-09-19 10:56 . 2009-09-19 10:56 -------- d-----w- c:\documents and settings\Joe\Application Data\Merscom
2009-09-19 10:56 . 2009-09-19 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2009-09-09 08:50 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 01:28 . 2004-12-01 01:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-07 01:23 . 2009-06-19 11:45 -------- d-----w- c:\program files\Gamevance
2009-10-02 22:03 . 2008-09-13 13:30 -------- d-----w- c:\program files\RealArcade
2009-10-02 14:55 . 2009-10-02 14:55 18979 ----a-w- c:\documents and settings\Joe\Application Data\wijyle.dat
2009-10-02 14:55 . 2009-10-02 14:55 15153 ----a-w- c:\program files\Common Files\refezyjode.db
2009-10-02 14:55 . 2009-10-02 14:55 12785 ----a-w- c:\program files\Common Files\givyx.db
2009-10-02 11:56 . 2009-10-02 11:56 19546 ----a-w- c:\documents and settings\All Users\Application Data\owiwe.dat
2009-09-29 22:39 . 2009-09-29 22:39 14672 ----a-w- c:\documents and settings\Joe\Application Data\dyqefa.dat
2009-09-29 02:37 . 2009-09-29 02:37 11140 ----a-w- c:\program files\Common Files\edyrab.db
2009-09-12 18:33 . 2004-12-01 03:15 -------- d-----w- c:\program files\UOAssist
2009-09-12 17:25 . 2004-12-01 03:30 -------- d-----w- c:\program files\ICQ
2009-09-06 02:25 . 2004-12-04 00:10 -------- d-----w- c:\program files\Common Files\Real
2009-09-06 02:24 . 2009-09-06 02:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-06 02:24 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-25 09:14 . 2009-08-25 09:13 -------- d-----w- c:\documents and settings\Joe\Application Data\HpUpdate
2009-08-25 09:14 . 2008-11-25 20:58 -------- d-----w- c:\program files\HP
2009-08-24 10:53 . 2004-12-05 14:44 -------- d-----w- c:\documents and settings\Joe\Application Data\AdobeUM
2009-08-17 08:40 . 2004-12-03 00:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-17 01:09 . 2005-06-18 00:31 -------- d-----w- c:\program files\MSN Games
2009-08-08 15:10 . 2005-01-20 16:01 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2001-08-23 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 09:23 . 2008-12-03 10:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-19 14:32 . 2009-07-19 14:32 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-17 19:01 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-04 07:56 286720 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-06 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-10-29 86016]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-10-29 4620288]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2007-11-16 45056]
"NapsterShell"="c:\program files\Napster\napster.exe" [2008-05-09 323216]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-14 257088]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"Gamevance"="c:\program files\Gamevance\gamevance32.exe" [2009-06-19 104960]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-10-29 921600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2004-12-12 323584]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\EA GAMES\\Ultima Online Samurai Empire\\client.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

R0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys [5/19/2009 9:24 PM 21888]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [4/1/2008 7:07 AM 14336]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 6:38 AM 92008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2008 7:44 PM 109616]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [4/1/2008 7:07 AM 8832]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [3/1/2009 10:53 AM 266240]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\Joe\LOCALS~1\Temp\ewdmaudn.sys --> c:\docume~1\Joe\LOCALS~1\Temp\ewdmaudn.sys [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys [5/19/2009 9:24 PM 9088]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-29 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Joe.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\hvk7e1cp.default\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe
HKLM-Run-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-06 21:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-1757981266-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3024)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2009-10-07 21:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-07 01:34

Pre-Run: 42,906,689,536 bytes free
Post-Run: 48,117,690,368 bytes free

426 --- E O F --- 2009-09-09 09:35
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    c:\program files\Common Files\adewoqidek.dat
    c:\windows\ywicip.dat
    c:\windows\iqopat.dat
    c:\documents and settings\Joe\Local Settings\Application Data\ewerehub.dat
    c:\documents and settings\Joe\Local Settings\Application Data\ycotef.dat
    c:\windows\ijakyt.com
    c:\windows\unimume.com
    c:\windows\nicimos.com
    c:\windows\utuh.dat
    c:\program files\Gamevance
    c:\documents and settings\Joe\Application Data\wijyle.dat
    c:\program files\Common Files\refezyjode.db
    c:\program files\Common Files\givyx.db
    c:\documents and settings\All Users\Application Data\owiwe.dat
    c:\documents and settings\Joe\Application Data\dyqefa.dat
    c:\program files\Common Files\edyrab.db
    c:\program files\Enigma Software Group
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Gamevance"=-
    
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Malwarebytes' Anti-Malware=================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

#9
cheech4487

cheech4487

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
All processes killed
========== FILES ==========
c:\program files\Common Files\adewoqidek.dat moved successfully.
c:\windows\ywicip.dat moved successfully.
c:\windows\iqopat.dat moved successfully.
c:\documents and settings\Joe\Local Settings\Application Data\ewerehub.dat moved successfully.
c:\documents and settings\Joe\Local Settings\Application Data\ycotef.dat moved successfully.
c:\windows\ijakyt.com moved successfully.
c:\windows\unimume.com moved successfully.
c:\windows\nicimos.com moved successfully.
c:\windows\utuh.dat moved successfully.
c:\program files\Gamevance moved successfully.
c:\documents and settings\Joe\Application Data\wijyle.dat moved successfully.
c:\program files\Common Files\refezyjode.db moved successfully.
c:\program files\Common Files\givyx.db moved successfully.
c:\documents and settings\All Users\Application Data\owiwe.dat moved successfully.
c:\documents and settings\Joe\Application Data\dyqefa.dat moved successfully.
c:\program files\Common Files\edyrab.db moved successfully.
c:\program files\Enigma Software Group\SpyHunter moved successfully.
c:\program files\Enigma Software Group moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Gamevance deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bubba
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Joe
File delete failed. C:\Documents and Settings\Joe\Local Settings\Temp\JET91BB.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 11943633 bytes
->Java cache emptied: 41374711 bytes
->FireFox cache emptied: 13373983 bytes

User: Kathy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 98371 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138618 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6b8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 632832 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 65.46 mb


OTL by OldTimer - Version 3.0.17.0 log created on 10072009_175345

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Joe\Local Settings\Temp\JET91BB.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6b8.dat not found!

Registry entries deleted on Reboot...



Malwarebytes' Anti-Malware 1.41
Database version: 2922
Windows 5.1.2600 Service Pack 3

10/7/2009 8:31:28 PM
mbam-log-2009-10-07 (20-31-28).txt

Scan type: Quick Scan
Objects scanned: 110529
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 10/7/2009 8:34:47 PM - Run 3
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\Joe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.49 Mb Total Physical Memory | 422.22 Mb Available Physical Memory | 55.01% Memory free
1.83 Gb Paging File | 1.53 Gb Available in Paging File | 83.68% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 45.72 Gb Free Space | 61.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEPUG
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\System32\CSHelper.exe ()
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (NetRatings, Inc.)
PRC - C:\Program Files\Napster\napster.exe (Napster)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (NetRatings, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
PRC - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - C:\Documents and Settings\Joe\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (CSHelper [Auto | Running]) -- C:\WINDOWS\System32\CSHelper.exe ()
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NIS [Unknown | Running]) -- C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (TomTomHOMEService [Auto | Running]) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (BHDrvx86 [System | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20090921.001\BHDrvx86.sys (Symantec Corporation)
DRV - (ccHP [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\ccHPx86.sys (Symantec Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (elagopro [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\elaunidr.sys (Gteko Ltd.)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (IDSxpx86 [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090911.001\IDSxpx86.sys (Symantec Corporation)
DRV - (km_filter [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\km_filter.sys (NetRatings, Inc.)
DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Stopped]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091007.021\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Stopped]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091007.021\NAVEX15.SYS (Symantec Corporation)
DRV - (NielGfx [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nielgfx.sys (The Nielsen Company)
DRV - (nielprt [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nielprt.sys (The Nielsen Company)
DRV - (nnrnstdi [System | Running]) -- C:\WINDOWS\System32\drivers\nnrnstdi.sys (The Nielsen Company)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvax [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENET [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENET.sys (NVIDIA Corporation)
DRV - (nvnforce [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nv_agp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SRTSP [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SRTSPX.SYS (Symantec Corporation)
DRV - (SymDS [Boot | Running]) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SYMDS.SYS (Symantec Corporation)
DRV - (SymEFA [Boot | Running]) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SYMEFA.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymIRON [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\Ironx86.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SYMTDI.SYS (Symantec Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/25 17:04:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/22 17:17:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009/10/06 22:35:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2009/10/06 22:35:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/29 20:30:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/29 20:29:59 | 00,000,000 | ---D | M]

[2009/09/29 20:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Extensions
[2009/09/29 20:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/12/25 11:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Extensions\[email protected]
[2009/09/29 20:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\hvk7e1cp.default\extensions
[2009/09/29 20:30:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/29 20:30:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 16:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 16:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 16:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/08/24 14:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 14:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 14:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 14:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 14:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 14:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 14:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (NetRatings, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe (TLC Multimedia Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1101832610858 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1140896561281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineco...loadcontrol.cab (InetDownload Class)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/19 15:10:25 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/07 20:24:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Malwarebytes
[2009/10/07 20:24:03 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/07 20:24:00 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/07 20:23:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/07 20:23:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/07 20:23:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/07 17:57:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\Logs
[2009/10/07 17:54:10 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/07 17:53:45 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/06 22:35:14 | 00,666,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Cat.DB
[2009/10/06 22:35:04 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/06 22:35:04 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/06 22:35:04 | 00,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/06 22:35:04 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/06 22:35:04 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/10/06 22:34:54 | 00,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/10/06 22:34:52 | 00,361,392 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\symtdi.sys
[2009/10/06 22:34:52 | 00,338,480 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\symtdiv.sys
[2009/10/06 22:34:52 | 00,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymDS.sys
[2009/10/06 22:34:52 | 00,325,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtsp.sys
[2009/10/06 22:34:52 | 00,169,008 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymEFA.sys
[2009/10/06 22:34:52 | 00,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtspx.sys
[2009/10/06 22:34:51 | 00,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\ccHPx86.sys
[2009/10/06 22:34:51 | 00,114,736 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Ironx86.sys
[2009/10/06 22:34:26 | 00,003,375 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymEFA.inf
[2009/10/06 22:34:26 | 00,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymDS.inf
[2009/10/06 22:34:26 | 00,001,475 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymNetV.inf
[2009/10/06 22:34:26 | 00,001,447 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymNet.inf
[2009/10/06 22:34:26 | 00,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtspx.inf
[2009/10/06 22:34:26 | 00,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtsp.inf
[2009/10/06 22:34:26 | 00,000,743 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Iron.inf
[2009/10/06 22:34:25 | 00,001,756 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\ccHPx86.inf
[2009/10/06 22:34:00 | 00,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\symnetv.cat
[2009/10/06 22:34:00 | 00,007,355 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymNet.cat
[2009/10/06 22:33:59 | 00,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtsp.cat
[2009/10/06 22:33:59 | 00,007,431 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymEFA.cat
[2009/10/06 22:33:59 | 00,007,429 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtspx.cat
[2009/10/06 22:33:59 | 00,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymDS.cat
[2009/10/06 22:33:59 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\iron.cat
[2009/10/06 22:33:59 | 00,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\cchpx86.cat
[2009/10/06 22:33:58 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\isolate.ini
[2009/10/06 22:33:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1100000.088
[2009/10/06 22:33:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/10/06 22:33:58 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/10/06 22:33:52 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/10/06 22:25:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/10/06 22:25:01 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/10/06 22:25:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/10/06 22:18:08 | 00,000,761 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\Norton Installation Files.lnk
[2009/10/06 22:18:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2009/10/06 22:18:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/10/06 21:24:03 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/10/06 21:24:03 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2009/10/06 21:24:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/06 21:11:24 | 00,000,000 | ---D | C] -- C:\kahdah5733k
[2009/10/06 20:09:04 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/06 20:08:58 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/06 20:08:56 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/06 20:06:00 | 00,000,000 | ---D | C] -- C:\kahdah
[2009/10/06 20:04:15 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/06 20:04:15 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/06 20:04:15 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/06 20:04:15 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/06 20:04:15 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/06 20:04:15 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/06 20:04:15 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/06 20:04:15 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/06 20:01:07 | 00,016,562 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\myfeb.db
[2009/10/06 20:01:06 | 00,012,105 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\izyjoq.lib
[2009/10/06 19:51:47 | 00,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/10/06 19:51:47 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/10/06 19:51:47 | 00,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/10/06 19:51:47 | 00,000,758 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
[2009/10/06 19:51:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/06 19:49:51 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/06 19:48:39 | 03,327,820 | R--- | C] () -- C:\Documents and Settings\Joe\Desktop\kahdah.exe
[2009/10/03 11:18:18 | 02,096,656 | -H-- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\IconCache.db
[2009/10/02 11:09:18 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2009/10/02 07:56:38 | 00,015,216 | ---- | C] () -- C:\WINDOWS\System32\adid._sy
[2009/10/01 18:01:24 | 00,288,768 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\8uyc2vnw.exe
[2009/10/01 17:44:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\attack2
[2009/09/30 21:54:41 | 00,014,758 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ehenuw.db
[2009/09/30 21:54:41 | 00,011,742 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\fity.dat
[2009/09/30 19:40:26 | 00,015,678 | ---- | C] () -- C:\WINDOWS\System32\ibuwydyn._sy
[2009/09/30 19:40:25 | 00,010,039 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\myceril._sy
[2009/09/29 20:31:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/29 20:30:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla
[2009/09/29 20:30:07 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/29 20:29:49 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/09/29 19:47:22 | 00,014,578 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\hyqurog.dat
[2009/09/29 19:04:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\attack
[2009/09/29 19:02:29 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joe\Desktop\mbam-setup.exe
[2009/09/29 18:59:03 | 00,000,469 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\Shortcut to mbam-setup.lnk
[2009/09/29 18:39:28 | 00,013,572 | ---- | C] () -- C:\WINDOWS\gykecugu.db
[2009/09/29 18:39:28 | 00,013,394 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\nini.db
[2009/09/29 18:39:28 | 00,012,403 | ---- | C] () -- C:\WINDOWS\opuwuburyl.db
[2009/09/29 18:39:28 | 00,010,421 | ---- | C] () -- C:\WINDOWS\hyzocah._sy
[2009/09/28 22:37:10 | 00,015,272 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\siceh.lib
[2009/09/28 22:37:10 | 00,012,497 | ---- | C] () -- C:\WINDOWS\siqeby
[2009/09/28 22:37:10 | 00,011,095 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\ezowocar.db
[2009/09/28 21:22:14 | 00,000,302 | ---- | C] () -- C:\spyhunter.fix
[2009/09/28 21:22:12 | 00,000,290 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2009/09/28 18:17:25 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/09/28 18:17:25 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/09/28 18:17:21 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/09/28 18:17:21 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2009/09/28 18:16:51 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2009/09/28 18:16:51 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/09/27 05:13:47 | 00,014,242 | ---- | C] () -- C:\WINDOWS\somogefo._sy
[2009/09/21 16:25:21 | 00,999,999 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\IMGP0193.JPG
[2009/09/21 16:25:21 | 00,963,160 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\IMGP0195.JPG
[2009/09/19 06:56:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Merscom
[2009/09/19 06:56:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/09/19 06:55:50 | 00,000,927 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\National Geographic Adventure - Lost City of Z.lnk
[2009/09/18 22:42:48 | 00,964,196 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\IMGP0189.JPG
[2009/09/12 07:36:06 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\20090912TRADES.xls
[2009/09/09 04:50:11 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/07/19 10:32:31 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/11/24 10:04:15 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/04/09 07:51:31 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/05/08 06:40:27 | 00,000,636 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/02/27 11:54:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/02/27 11:45:46 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/02/27 11:44:56 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2005/02/20 11:32:11 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/12 18:00:00 | 00,000,074 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2004/12/12 17:34:21 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\PretzelSpellCheck.dll
[2004/12/12 17:34:19 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\PMovieServer.dll
[2004/12/12 17:34:18 | 00,745,472 | ---- | C] () -- C:\WINDOWS\System32\PMAppBuilder.dll
[2004/12/02 21:12:21 | 00,000,055 | ---- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini
[2004/12/02 21:10:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2004/11/30 21:27:04 | 00,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2004/11/30 12:15:06 | 00,003,265 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/11/30 12:15:05 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2002/02/22 16:49:08 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\Twci_Err.dll
[2001/08/23 08:00:00 | 00,000,634 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/01/22 14:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/10/07 20:24:03 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/07 17:56:44 | 00,017,145 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/07 17:56:31 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/07 17:55:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/07 17:55:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/07 17:41:54 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/07 17:30:24 | 03,327,820 | R--- | M] () -- C:\Documents and Settings\Joe\Desktop\kahdah.exe
[2009/10/06 22:35:28 | 00,666,120 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Cat.DB
[2009/10/06 22:35:04 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/06 22:35:04 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/06 22:35:04 | 00,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/06 22:35:04 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/06 22:35:02 | 00,000,740 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Joe.job
[2009/10/06 22:34:54 | 00,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/10/06 22:33:40 | 00,000,761 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Norton Installation Files.lnk
[2009/10/06 21:29:19 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/06 20:09:04 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/06 20:01:07 | 00,016,562 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\myfeb.db
[2009/10/06 20:01:06 | 00,012,105 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\izyjoq.lib
[2009/10/06 19:51:49 | 00,000,634 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/06 19:51:49 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/10/03 11:18:19 | 02,096,656 | -H-- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\IconCache.db
[2009/10/02 10:50:18 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2009/10/02 07:56:38 | 00,015,216 | ---- | M] () -- C:\WINDOWS\System32\adid._sy
[2009/10/01 18:00:10 | 00,288,768 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\8uyc2vnw.exe
[2009/09/30 21:54:41 | 00,014,758 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ehenuw.db
[2009/09/30 21:54:41 | 00,011,742 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\fity.dat
[2009/09/30 21:26:05 | 00,000,469 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Shortcut to mbam-setup.lnk
[2009/09/30 19:40:26 | 00,015,678 | ---- | M] () -- C:\WINDOWS\System32\ibuwydyn._sy
[2009/09/30 19:40:25 | 00,010,039 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\myceril._sy
[2009/09/29 20:31:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/09/29 20:30:07 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/29 19:47:22 | 00,014,578 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\hyqurog.dat
[2009/09/29 19:17:33 | 00,000,290 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2009/09/29 18:57:08 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joe\Desktop\mbam-setup.exe
[2009/09/29 18:39:28 | 00,013,572 | ---- | M] () -- C:\WINDOWS\gykecugu.db
[2009/09/29 18:39:28 | 00,013,394 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\nini.db
[2009/09/29 18:39:28 | 00,012,403 | ---- | M] () -- C:\WINDOWS\opuwuburyl.db
[2009/09/29 18:39:28 | 00,010,421 | ---- | M] () -- C:\WINDOWS\hyzocah._sy
[2009/09/29 16:52:36 | 00,000,302 | ---- | M] () -- C:\spyhunter.fix
[2009/09/28 22:37:10 | 00,015,272 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\siceh.lib
[2009/09/28 22:37:10 | 00,012,497 | ---- | M] () -- C:\WINDOWS\siqeby
[2009/09/28 22:37:10 | 00,011,095 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\ezowocar.db
[2009/09/28 18:25:07 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2009/09/27 05:13:47 | 00,014,242 | ---- | M] () -- C:\WINDOWS\somogefo._sy
[2009/09/22 16:25:00 | 00,963,160 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\IMGP0195.JPG
[2009/09/22 16:24:40 | 00,999,999 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\IMGP0193.JPG
[2009/09/21 16:22:39 | 00,006,656 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/19 22:39:30 | 00,964,196 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\IMGP0189.JPG
[2009/09/19 06:55:50 | 00,000,927 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\National Geographic Adventure - Lost City of Z.lnk
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/13 13:00:51 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\20090912TRADES.xls
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 05:33:27 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2009/10/06 20:01:07 | 00,016,562 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\myfeb.db
    [2009/10/06 20:01:06 | 00,012,105 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\izyjoq.lib
    [2009/10/02 07:56:38 | 00,015,216 | ---- | C] () -- C:\WINDOWS\System32\adid._sy
    [2009/09/30 21:54:41 | 00,014,758 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ehenuw.db
    [2009/09/30 21:54:41 | 00,011,742 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\fity.dat
    [2009/09/30 19:40:26 | 00,015,678 | ---- | C] () -- C:\WINDOWS\System32\ibuwydyn._sy
    [2009/09/30 19:40:25 | 00,010,039 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\myceril._sy
    [2009/09/29 19:47:22 | 00,014,578 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\hyqurog.dat
    [2009/09/29 18:39:28 | 00,013,572 | ---- | C] () -- C:\WINDOWS\gykecugu.db
    [2009/09/29 18:39:28 | 00,013,394 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\nini.db
    [2009/09/29 18:39:28 | 00,012,403 | ---- | C] () -- C:\WINDOWS\opuwuburyl.db
    [2009/09/29 18:39:28 | 00,010,421 | ---- | C] () -- C:\WINDOWS\hyzocah._sy
    [2009/09/28 22:37:10 | 00,015,272 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\siceh.lib
    [2009/09/28 22:37:10 | 00,012,497 | ---- | C] () -- C:\WINDOWS\siqeby
    [2009/09/28 22:37:10 | 00,011,095 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\ezowocar.db
    [2009/09/28 21:22:14 | 00,000,302 | ---- | C] () -- C:\spyhunter.fix
    [2009/09/28 21:22:12 | 00,000,290 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
    2009/09/27 05:13:47 | 00,014,242 | ---- | C] () -- C:\WINDOWS\somogefo._sy
  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.
===============
Please perform the following online scan:

* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#11
cheech4487

cheech4487

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL log



========== OTL ==========
C:\Documents and Settings\Joe\Local Settings\Application Data\myfeb.db moved successfully.
C:\Documents and Settings\All Users\Documents\izyjoq.lib moved successfully.
C:\WINDOWS\System32\adid._sy moved successfully.
C:\Documents and Settings\All Users\Documents\ehenuw.db moved successfully.
C:\Documents and Settings\All Users\Documents\fity.dat moved successfully.
C:\WINDOWS\System32\ibuwydyn._sy moved successfully.
C:\Documents and Settings\All Users\Documents\myceril._sy moved successfully.
C:\Documents and Settings\All Users\Documents\hyqurog.dat moved successfully.
C:\WINDOWS\gykecugu.db moved successfully.
C:\Documents and Settings\Joe\Local Settings\Application Data\nini.db moved successfully.
C:\WINDOWS\opuwuburyl.db moved successfully.
C:\WINDOWS\hyzocah._sy moved successfully.
C:\Documents and Settings\Joe\Local Settings\Application Data\siceh.lib moved successfully.
C:\WINDOWS\siqeby moved successfully.
C:\Documents and Settings\Joe\Local Settings\Application Data\ezowocar.db moved successfully.
C:\spyhunter.fix moved successfully.
C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk moved successfully.

OTL by OldTimer - Version 3.0.17.0 log created on 10082009_205812




ESET log

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=b5523abdfd55a24bbef24693ce2f9876
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-09 02:23:52
# local_time=2009-10-08 10:23:52 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3588 38 85 90 32614625616740
# scanned=93683
# found=4
# cleaned=4
# scan_time=4099
C:\Qoobox\Quarantine\C\Program Files\Gamevance\gamevancelib32.dll.vir a variant of Win32/Adware.Gamevance.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Gamevance\gvtl.dll.vir probably a variant of Win32/Adware.Gamevance.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\10072009_175345\program files\Gamevance\gamevance32.exe probably a variant of Win32/Adware.Gamevance.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\10072009_175345\program files\Gamevance\gvun.exe a variant of Win32/Adware.Gamevance.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Let me know how things are running as well.

================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

#13
cheech4487

cheech4487

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Well everything appears to be running awesome, and has been for a few days with no issues. So I want to say thank you very much for all the help, I will be make a Donation in the next few days to show my deep appreciation for all your hard work. I am the Administrator of a website myself for Harley Davidson Enthusiasts and I will definately recommend your site to others like me. Thank you again, here is the OTL log:


OTL logfile created on: 10/9/2009 10:40:00 PM - Run 4
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\Joe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.49 Mb Total Physical Memory | 310.59 Mb Available Physical Memory | 40.47% Memory free
1.83 Gb Paging File | 1.48 Gb Available in Paging File | 80.94% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 45.52 Gb Free Space | 61.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEPUG
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\System32\CSHelper.exe ()
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (NetRatings, Inc.)
PRC - C:\Program Files\Napster\napster.exe (Napster)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (NetRatings, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
PRC - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Joe\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (CSHelper [Auto | Running]) -- C:\WINDOWS\System32\CSHelper.exe ()
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NIS [Unknown | Running]) -- C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (TomTomHOMEService [Auto | Running]) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (BHDrvx86 [System | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20090921.001\BHDrvx86.sys (Symantec Corporation)
DRV - (ccHP [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\ccHPx86.sys (Symantec Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (elagopro [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\elaunidr.sys (Gteko Ltd.)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (IDSxpx86 [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090911.001\IDSxpx86.sys (Symantec Corporation)
DRV - (km_filter [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\km_filter.sys (NetRatings, Inc.)
DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091009.008\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091009.008\NAVEX15.SYS (Symantec Corporation)
DRV - (NielGfx [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nielgfx.sys (The Nielsen Company)
DRV - (nielprt [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nielprt.sys (The Nielsen Company)
DRV - (nnrnstdi [System | Running]) -- C:\WINDOWS\System32\drivers\nnrnstdi.sys (The Nielsen Company)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvax [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENET [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENET.sys (NVIDIA Corporation)
DRV - (nvnforce [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nv_agp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SRTSPX.SYS (Symantec Corporation)
DRV - (SymDS [Boot | Running]) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SYMDS.SYS (Symantec Corporation)
DRV - (SymEFA [Boot | Running]) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SYMEFA.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymIRON [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\Ironx86.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SYMTDI.SYS (Symantec Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {4C0766D3-67A7-45a3-85A2-752F77312F32}:4.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/25 17:04:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/22 17:17:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009/10/06 22:35:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2009/10/06 22:35:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/29 20:30:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/29 20:29:59 | 00,000,000 | ---D | M]

[2009/09/29 20:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Extensions
[2009/09/29 20:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/12/25 11:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Extensions\[email protected]
[2009/09/29 20:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\hvk7e1cp.default\extensions
[2009/09/29 20:30:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/29 20:30:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 16:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 16:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 16:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/08/24 14:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 14:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 14:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 14:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 14:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 14:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 14:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (NetRatings, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe (TLC Multimedia Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1101832610858 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1140896561281 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineco...loadcontrol.cab (InetDownload Class)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/19 15:10:25 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/08 21:09:43 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/10/07 20:24:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Malwarebytes
[2009/10/07 20:24:03 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/07 20:24:00 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/07 20:23:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/07 20:23:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/07 20:23:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/07 17:57:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\Logs
[2009/10/07 17:54:10 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/07 17:53:45 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/06 22:35:14 | 00,666,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Cat.DB
[2009/10/06 22:35:04 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/06 22:35:04 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/06 22:35:04 | 00,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/06 22:35:04 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/06 22:35:04 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/10/06 22:34:54 | 00,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/10/06 22:34:52 | 00,361,392 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\symtdi.sys
[2009/10/06 22:34:52 | 00,338,480 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\symtdiv.sys
[2009/10/06 22:34:52 | 00,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymDS.sys
[2009/10/06 22:34:52 | 00,325,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtsp.sys
[2009/10/06 22:34:52 | 00,169,008 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymEFA.sys
[2009/10/06 22:34:52 | 00,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtspx.sys
[2009/10/06 22:34:51 | 00,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\ccHPx86.sys
[2009/10/06 22:34:51 | 00,114,736 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Ironx86.sys
[2009/10/06 22:34:26 | 00,003,375 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymEFA.inf
[2009/10/06 22:34:26 | 00,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymDS.inf
[2009/10/06 22:34:26 | 00,001,475 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymNetV.inf
[2009/10/06 22:34:26 | 00,001,447 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymNet.inf
[2009/10/06 22:34:26 | 00,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtspx.inf
[2009/10/06 22:34:26 | 00,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtsp.inf
[2009/10/06 22:34:26 | 00,000,743 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Iron.inf
[2009/10/06 22:34:25 | 00,001,756 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\ccHPx86.inf
[2009/10/06 22:34:00 | 00,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\symnetv.cat
[2009/10/06 22:34:00 | 00,007,355 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymNet.cat
[2009/10/06 22:33:59 | 00,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtsp.cat
[2009/10/06 22:33:59 | 00,007,431 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymEFA.cat
[2009/10/06 22:33:59 | 00,007,429 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtspx.cat
[2009/10/06 22:33:59 | 00,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymDS.cat
[2009/10/06 22:33:59 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\iron.cat
[2009/10/06 22:33:59 | 00,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\cchpx86.cat
[2009/10/06 22:33:58 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\isolate.ini
[2009/10/06 22:33:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1100000.088
[2009/10/06 22:33:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/10/06 22:33:58 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/10/06 22:33:52 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/10/06 22:25:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/10/06 22:25:01 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/10/06 22:25:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/10/06 22:18:08 | 00,000,761 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\Norton Installation Files.lnk
[2009/10/06 22:18:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2009/10/06 22:18:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/10/06 21:24:03 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/10/06 21:24:03 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2009/10/06 21:24:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/06 21:11:24 | 00,000,000 | ---D | C] -- C:\kahdah5733k
[2009/10/06 20:09:04 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/06 20:08:58 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/06 20:08:56 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/06 20:06:00 | 00,000,000 | ---D | C] -- C:\kahdah
[2009/10/06 20:04:15 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/06 20:04:15 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/06 20:04:15 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/06 20:04:15 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/06 20:04:15 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/06 20:04:15 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/06 20:04:15 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/06 20:04:15 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/06 19:51:47 | 00,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/10/06 19:51:47 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/10/06 19:51:47 | 00,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/10/06 19:51:47 | 00,000,758 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
[2009/10/06 19:51:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/06 19:49:51 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/06 19:48:39 | 03,327,820 | R--- | C] () -- C:\Documents and Settings\Joe\Desktop\kahdah.exe
[2009/10/03 11:18:18 | 02,096,656 | -H-- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\IconCache.db
[2009/10/02 11:09:18 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2009/10/01 18:01:24 | 00,288,768 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\8uyc2vnw.exe
[2009/10/01 17:44:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\attack2
[2009/09/29 20:31:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/29 20:30:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla
[2009/09/29 20:30:07 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/29 20:29:49 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/09/29 19:04:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\attack
[2009/09/29 19:02:29 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joe\Desktop\mbam-setup.exe
[2009/09/29 18:59:03 | 00,000,469 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\Shortcut to mbam-setup.lnk
[2009/09/28 18:17:25 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/09/28 18:17:25 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/09/28 18:17:21 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/09/28 18:17:21 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2009/09/28 18:16:51 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2009/09/28 18:16:51 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/09/27 05:13:47 | 00,014,242 | ---- | C] () -- C:\WINDOWS\somogefo._sy
[2009/09/21 16:25:21 | 00,999,999 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\IMGP0193.JPG
[2009/09/21 16:25:21 | 00,963,160 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\IMGP0195.JPG
[2009/09/19 06:56:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Merscom
[2009/09/19 06:56:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/09/19 06:55:50 | 00,000,927 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\National Geographic Adventure - Lost City of Z.lnk
[2009/09/18 22:42:48 | 00,964,196 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\IMGP0189.JPG
[2009/09/12 07:36:06 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\20090912TRADES.xls
[2009/07/19 10:32:31 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/11/24 10:04:15 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/04/09 07:51:31 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/05/08 06:40:27 | 00,000,636 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/02/27 11:54:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/02/27 11:45:46 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/02/27 11:44:56 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2005/02/20 11:32:11 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/12 18:00:00 | 00,000,074 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2004/12/12 17:34:21 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\PretzelSpellCheck.dll
[2004/12/12 17:34:19 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\PMovieServer.dll
[2004/12/12 17:34:18 | 00,745,472 | ---- | C] () -- C:\WINDOWS\System32\PMAppBuilder.dll
[2004/12/02 21:12:21 | 00,000,055 | ---- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini
[2004/12/02 21:10:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2004/11/30 21:27:04 | 00,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2004/11/30 12:15:06 | 00,003,265 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/11/30 12:15:05 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2002/02/22 16:49:08 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\Twci_Err.dll
[2001/08/23 08:00:00 | 00,000,634 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/01/22 14:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/10/08 20:52:22 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/08 20:52:20 | 00,017,145 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/08 20:52:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/08 20:51:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/07 20:24:03 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/07 17:41:54 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/07 17:30:24 | 03,327,820 | R--- | M] () -- C:\Documents and Settings\Joe\Desktop\kahdah.exe
[2009/10/06 22:35:28 | 00,666,120 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Cat.DB
[2009/10/06 22:35:04 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/06 22:35:04 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/06 22:35:04 | 00,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/06 22:35:04 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/06 22:35:02 | 00,000,740 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Joe.job
[2009/10/06 22:34:54 | 00,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/10/06 22:33:40 | 00,000,761 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Norton Installation Files.lnk
[2009/10/06 21:29:19 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/06 20:09:04 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/06 19:51:49 | 00,000,634 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/06 19:51:49 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/10/03 11:18:19 | 02,096,656 | -H-- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\IconCache.db
[2009/10/02 10:50:18 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2009/10/01 18:00:10 | 00,288,768 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\8uyc2vnw.exe
[2009/09/30 21:26:05 | 00,000,469 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Shortcut to mbam-setup.lnk
[2009/09/29 20:31:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/09/29 20:30:07 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/29 18:57:08 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joe\Desktop\mbam-setup.exe
[2009/09/28 18:25:07 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2009/09/27 05:13:47 | 00,014,242 | ---- | M] () -- C:\WINDOWS\somogefo._sy
[2009/09/22 16:25:00 | 00,963,160 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\IMGP0195.JPG
[2009/09/22 16:24:40 | 00,999,999 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\IMGP0193.JPG
[2009/09/21 16:22:39 | 00,006,656 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/19 22:39:30 | 00,964,196 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\IMGP0189.JPG
[2009/09/19 06:55:50 | 00,000,927 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\National Geographic Adventure - Lost City of Z.lnk
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/13 13:00:51 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\20090912TRADES.xls
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome and after doing the below steps we can start on the other computer if you want.
Just let me know if you are ready.
======================================
Looks good need to Uninstall this program though:
NielsenOnline

You can do so by going to Start > Control Panel > Add\Remove Programs.
Select it then choose remove.

=======Cleanup=======
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
======Next======
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 16...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================Clear out infected System Restore points======================


Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingc...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================
After that your all set. :)


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP