By the way I changed a security setting per Yahoo instructions earlier today, in order to see their new Java email.
Thanks
Kevin Osborne
Kirkland, WA
netsky worm [Closed]
Started by
kevino1955
, Dec 11 2009 12:51 AM
-
This topic is locked
#1
Posted 11 December 2009 - 12:51 AM
kevino1955
-
- Member
-
- 3 posts
New Member
By the way I changed a security setting per Yahoo instructions earlier today, in order to see their new Java email.
Thanks
Kevin Osborne
Kirkland, WA
#2
Posted 12 December 2009 - 01:06 PM
kevino1955
- Topic Starter
-
- Member
-
- 3 posts
New Member
I have been trying various things and the situation has improved but I still have safe mode blocked and other issues. I ran the OTL scan and below are the two reports. Any help will be much appreciated!
Thanks!
OTL logfile created on: 12/12/2009 10:54:57 AM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
501.98 Mb Total Physical Memory | 208.61 Mb Available Physical Memory | 41.56% Memory free
1.20 Gb Paging File | 0.69 Gb Available in Paging File | 57.44% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.91 Gb Total Space | 75.13 Gb Free Space | 80.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-USER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Local Settings\Temp\JobMonitor\JobMonitor.exe ()
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\agrsmmsg.exe (Agere Systems)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\xm1985.dll (微软公司)
MOD - C:\WINDOWS\system32\yeyuvike.dll ()
MOD - C:\WINDOWS\system32\gikatuma.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\idle.dll (Yahoo! Inc.)
MOD - C:\Program Files\Yahoo!\Messenger\msvcr71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TDispVol.dll ()
========== Win32 Services (SafeList) ==========
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (NWCWorkstation) -- C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (NWRDR) -- C:\WINDOWS\system32\drivers\nwrdr.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (tbiosdrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (pwi_oflt) -- C:\WINDOWS\system32\drivers\pwi_oflt.sys (MCCI)
DRV - (pwi_serd) Curitel PC Card Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\pwi_serd.sys (MCCI)
DRV - (pwi_mdm) -- C:\WINDOWS\system32\drivers\pwi_mdm.sys (MCCI)
DRV - (pwi_mdfl) -- C:\WINDOWS\system32\drivers\pwi_mdfl.sys (MCCI)
DRV - (pwi_bus) Curitel PC Card Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\pwi_bus.sys (MCCI)
DRV - (KR10N) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/10/18 10:22:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EB379ABB-4B4B-452B-B391-6D8027D840B1}: C:\Documents and Settings\Owner\Local Settings\Application Data\{EB379ABB-4B4B-452B-B391-6D8027D840B1} [2009/04/23 08:01:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/08 08:33:03 | 00,000,000 | ---D | M]
[2007/10/18 10:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\36v0kjbz.default\extensions
[2007/10/18 10:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\36v0kjbz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/10/18 10:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\36v0kjbz.default\extensions\staged-xpis
O1 HOSTS File: (0 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\DLACTRLW.exe (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\IBM\Lotus Forms\Viewer\3.0\masqform.exe (IBM Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MsWerr] C:\WINDOWS\System32\xm1985.DLL (微软公司)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [net] C:\WINDOWS\System32\net.net (Company)
O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [serisejeh] C:\WINDOWS\System32\gikatuma.DLL ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\Owner\LOCALS~1\Temp\system.exe File not found
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EFI Job Monitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\efjm.DLL (EFI)
O4 - HKCU..\Run: [elrbuuus] C:\Documents and Settings\Owner\Local Settings\Application Data\ujescd\fivhsysguard.exe File not found
O4 - HKCU..\Run: [Installer] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1UQ0GYKQ\setup_243_3777_[1].exe File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [notepad] C:\DOCUME~1\NETWOR~1\ntload.DLL File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\Owner\LOCALS~1\Temp\gnqwi50.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.dll (Microsoft)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://scan.safety.l...lscbase5059.cab (Windows Live Safety Center Base Module)
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/IXP000.TMP/setup.cab (PowerTeam HTML Printing Behavior)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1151075700703 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1151075799687 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\gikatuma.dll) - C:\WINDOWS\system32\gikatuma.dll ()
O20 - AppInit_DLLs: (yeyuvike.dll) - C:\WINDOWS\System32\yeyuvike.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\kbupdate: DllName - kbupdate.dll - C:\WINDOWS\System32\kbupdate.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: ropabusup - {d30066a7-da20-40da-8dd5-b86f5b70b4b6} - C:\WINDOWS\system32\gikatuma.dll ()
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - gar873hruefrh87w3hjinhef87w3h7dfd - C:\WINDOWS\System32\q4qqp9.dll File not found
O22 - SharedTaskScheduler: {d30066a7-da20-40da-8dd5-b86f5b70b4b6} - jugezatag - C:\WINDOWS\system32\gikatuma.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/15 07:38:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2ea772d0-02df-11db-98f2-00038a000015}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O33 - MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\E\Shell\phone\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/02/15 07:38:14 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {11595080-8E73-46C5-B74F-411E5F229AF5} - Yahoo! Tracking for IE7
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9212D8B4-C3CF-43E1-A1FF-8EEA311633DC} - Reg Error: Value error.
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar for Internet Explorer
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{19FB76C6-DBEF-44B5-A053-ECDF5F855A07} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
========== Files/Folders - Created Within 30 Days ==========
[2009/12/11 16:25:26 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/11 14:56:33 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/12/11 14:04:25 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/12/11 14:04:07 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\VundoFix.exe
[2009/12/11 13:30:16 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/12/11 12:55:47 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/12/11 12:55:47 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/12/11 12:55:47 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/12/11 12:55:46 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/12/11 12:55:46 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/12/11 12:55:46 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/12/11 12:55:46 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/12/11 12:55:46 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/12/11 12:55:45 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/12/11 12:55:45 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/12/11 12:55:45 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/12/11 12:39:45 | 00,000,000 | ---D | C] -- C:\Cache
[2009/12/11 11:09:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\SmitfraudFix
[2009/12/11 01:37:52 | 00,000,000 | ---D | C] -- C:\backups
[2009/12/10 21:16:50 | 00,057,344 | ---- | C] (微软公司) -- C:\WINDOWS\System32\xm1985.dll
[2009/12/10 21:14:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ujescd
[2009/12/10 21:14:37 | 00,024,064 | ---- | C] (tzuk) -- C:\tdndhuv.exe
[2009/12/07 11:06:50 | 00,000,000 | ---D | C] -- C:\Program Files\IBM
[2009/11/26 22:20:05 | 00,000,000 | ---D | C] -- C:\SBS
[2009/05/11 00:16:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/02/13 07:14:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/12 07:15:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/17 15:40:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/08/22 13:15:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/07/21 12:17:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/02/15 08:25:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2006/02/15 07:41:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/02/15 07:38:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/09/23 23:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2004/11/24 10:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2009/12/12 10:57:13 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\jinowavu
[2009/12/12 10:54:20 | 00,021,063 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/12/12 10:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\detfbrjy.job
[2009/12/12 09:01:19 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/12 08:27:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\kboem32.dat
[2009/12/12 08:25:47 | 00,001,713 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Job Monitor.lnk
[2009/12/12 08:25:35 | 00,000,020 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
[2009/12/12 08:25:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/12 08:25:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/12 08:25:27 | 52,643,8400 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/12 08:23:39 | 05,242,880 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/12 08:23:39 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/12 08:10:16 | 00,004,874 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/12/12 08:10:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/12 08:02:47 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\yutobayu.dll
[2009/12/12 08:02:46 | 00,000,529 | -HS- | M] () -- C:\WINDOWS\System32\begadosi.exe
[2009/12/11 16:25:22 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/11 14:56:34 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/12/11 14:04:08 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\VundoFix.exe
[2009/12/11 11:08:42 | 01,814,829 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip
[2009/12/11 07:36:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR10.exe
[2009/12/11 07:36:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/11 07:36:33 | 00,002,854 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/11 01:41:15 | 00,000,209 | -HS- | M] () -- C:\boot.ini
[2009/12/11 01:38:22 | 11,317,882 | ---- | M] () -- C:\BACKUPS.gz
[2009/12/11 01:37:53 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/12/11 01:37:02 | 00,000,029 | ---- | M] () -- C:\sampath
[2009/12/10 21:16:51 | 00,057,344 | ---- | M] (微软公司) -- C:\WINDOWS\System32\xm1985.dll
[2009/12/10 21:15:43 | 00,000,649 | -HS- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.lnk
[2009/12/10 21:14:52 | 00,096,768 | ---- | M] () -- C:\WINDOWS\System32\kbdatat4.dll
[2009/12/10 21:14:52 | 00,017,920 | ---- | M] () -- C:\WINDOWS\System32\kbupdate.dll
[2009/12/10 21:14:51 | 00,168,960 | ---- | M] () -- C:\WINDOWS\System32\crt4.dll
[2009/12/10 21:14:39 | 00,135,168 | ---- | M] () -- C:\dcgwhpoh.exe
[2009/12/10 21:14:38 | 00,045,056 | ---- | M] () -- C:\ddnany.exe
[2009/12/10 21:14:37 | 00,024,064 | ---- | M] (tzuk) -- C:\tdndhuv.exe
[2009/12/10 14:15:32 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word.lnk
[2009/12/10 10:38:12 | 00,000,452 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2009/12/09 16:47:45 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Email password.doc
[2009/12/09 11:19:17 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$ail password.doc
[2009/12/09 11:05:26 | 00,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 11:05:26 | 00,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 11:05:25 | 00,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 10:57:17 | 02,003,997 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/12/09 10:57:17 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/07 13:26:38 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\stockvalu recommendations.doc
[2009/12/07 11:54:16 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/03 14:43:21 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\seattlesuperads.doc
[2009/12/03 09:55:44 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Correct verbiage on Congratulations page.doc
[2009/12/01 01:00:38 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/29 13:14:28 | 07,382,016 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Outlook backup.pst
[2009/11/29 13:00:30 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Outlook 2003.lnk
[2009/11/27 08:53:19 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\top down understanding.doc
[2009/11/23 22:29:55 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/11/21 11:25:01 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\I fear.doc
[2009/11/14 12:54:52 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Hopwood flyer side 2.doc
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009/12/12 08:02:47 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\yutobayu.dll
[2009/12/12 08:02:46 | 00,000,529 | -HS- | C] () -- C:\WINDOWS\System32\begadosi.exe
[2009/12/12 08:00:26 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\detfbrjy.job
[2009/12/11 12:55:46 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/12/11 12:55:46 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/12/11 12:55:45 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/12/11 11:10:17 | 00,004,874 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/12/11 11:08:47 | 01,814,829 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip
[2009/12/11 01:38:37 | 05,242,880 | ---- | C] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/11 01:38:37 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/12/11 01:37:55 | 11,317,882 | ---- | C] () -- C:\BACKUPS.gz
[2009/12/10 21:30:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR10.exe
[2009/12/10 21:30:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/10 21:19:52 | 00,002,854 | ---- | C] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/10 21:14:57 | 00,000,020 | ---- | C] () -- C:\WINDOWS\System32\crt.dat
[2009/12/10 21:14:52 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\kbupdate.dll
[2009/12/10 21:14:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\kboem32.dat
[2009/12/10 21:14:51 | 00,168,960 | ---- | C] () -- C:\WINDOWS\System32\crt4.dll
[2009/12/10 21:14:51 | 00,096,768 | ---- | C] () -- C:\WINDOWS\System32\kbdatat4.dll
[2009/12/10 21:14:37 | 00,135,168 | ---- | C] () -- C:\dcgwhpoh.exe
[2009/12/10 21:14:37 | 00,045,056 | ---- | C] () -- C:\ddnany.exe
[2009/12/10 10:38:12 | 00,000,452 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2009/12/09 11:19:17 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$ail password.doc
[2009/12/07 13:26:37 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\stockvalu recommendations.doc
[2009/12/03 14:43:20 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\seattlesuperads.doc
[2009/12/03 09:55:44 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Correct verbiage on Congratulations page.doc
[2009/12/02 10:17:44 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Email password.doc
[2009/11/26 16:10:24 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\top down understanding.doc
[2009/11/21 11:25:01 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\I fear.doc
[2009/11/14 12:54:51 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Hopwood flyer side 2.doc
[2009/09/12 08:05:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\yeyuvike.dll
[2009/09/12 08:05:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\wivovego.dll
[2009/09/12 08:05:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\jiyazami.dll
[2009/09/12 08:00:17 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\gikatuma.dll
[2009/09/12 08:00:15 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\melasora.dll
[2009/09/12 08:00:14 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\movemora.dll
[2009/09/12 08:00:14 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fabeduyu.dll
[2009/09/11 12:36:29 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\sibomado.dll
[2009/09/11 12:36:29 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\fetepevo.dll
[2009/09/11 12:36:29 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\siveraja.dll
[2009/08/11 14:03:54 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/07/24 08:15:00 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsfocejctfpqrq.sys
[2008/12/18 12:33:25 | 00,000,074 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2008/07/05 02:14:48 | 00,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/07/05 02:14:44 | 03,591,168 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/07/05 02:13:16 | 00,708,096 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/06/22 08:34:00 | 00,177,664 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/06/13 02:39:38 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/06/12 09:36:38 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/10 16:07:20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/10 16:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/10 16:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 14:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/10/01 11:00:53 | 00,000,024 | ---- | C] () -- C:\WINDOWS\sysc_drv.ini
[2007/08/26 19:46:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2007/07/10 07:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/11/19 20:27:03 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/03 11:11:00 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2006/11/01 17:49:19 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/01 17:49:18 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/09/24 07:27:27 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/11 15:02:44 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/11 15:01:35 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/25 14:38:51 | 00,005,323 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/07/25 14:38:51 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/24 08:13:46 | 00,000,330 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/23 08:06:41 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/06/23 08:06:41 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/06/22 18:58:46 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/06/05 19:40:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/24 20:28:54 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/02/16 07:07:58 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/02/16 01:50:52 | 00,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/16 01:25:21 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/16 01:25:21 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/16 01:25:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/16 01:25:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/16 01:25:21 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/16 01:25:21 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/15 08:41:53 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/15 08:41:53 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/02/15 08:40:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/15 08:28:50 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/15 08:28:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/15 08:28:50 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/15 08:28:50 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/15 08:25:00 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/02/15 08:21:53 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/15 07:44:19 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/15 07:34:07 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/15 06:09:00 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/28 20:33:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 14:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 15:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/10/03 08:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009/06/21 07:50:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/07 11:06:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2009/07/26 16:52:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/02/16 01:55:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/07/08 09:21:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/07/17 16:01:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YesVideo
[2008/07/09 13:09:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eBookPro6
[2007/04/25 00:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2006/09/12 21:19:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2007/04/28 21:49:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Microgaming
[2009/11/04 15:26:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mjusbsp
[2009/12/07 11:08:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PureEdge
[2006/09/22 13:49:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro
[2009/04/22 09:47:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StumbleUpon
[2006/10/18 18:28:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\toshiba
[2009/07/09 10:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2007/07/20 09:08:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/12/12 10:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\detfbrjy.job
[2009/07/15 00:11:55 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/12/01 01:00:38 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2009/12/10 21:14:39 | 00,135,168 | ---- | M] () -- C:\dcgwhpoh.exe
[2009/12/10 21:14:38 | 00,045,056 | ---- | M] () -- C:\ddnany.exe
[2009/12/10 21:14:37 | 00,024,064 | ---- | M] (tzuk) -- C:\tdndhuv.exe
< MD5 for: AGP440.SYS >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: KR10N.SYS >
[2005/01/12 00:05:46 | 00,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\OemDir\KR10N.sys
[2005/01/12 00:05:46 | 00,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\system32\drivers\KR10N.sys
< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/10 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-12-09 18:57:53
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
OTL logfile created on: 12/12/2009 10:54:57 AM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
501.98 Mb Total Physical Memory | 208.61 Mb Available Physical Memory | 41.56% Memory free
1.20 Gb Paging File | 0.69 Gb Available in Paging File | 57.44% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.91 Gb Total Space | 75.13 Gb Free Space | 80.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-USER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Local Settings\Temp\JobMonitor\JobMonitor.exe ()
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\agrsmmsg.exe (Agere Systems)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\xm1985.dll (微软公司)
MOD - C:\WINDOWS\system32\yeyuvike.dll ()
MOD - C:\WINDOWS\system32\gikatuma.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\idle.dll (Yahoo! Inc.)
MOD - C:\Program Files\Yahoo!\Messenger\msvcr71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TDispVol.dll ()
========== Win32 Services (SafeList) ==========
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (NWCWorkstation) -- C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (NWRDR) -- C:\WINDOWS\system32\drivers\nwrdr.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (tbiosdrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (pwi_oflt) -- C:\WINDOWS\system32\drivers\pwi_oflt.sys (MCCI)
DRV - (pwi_serd) Curitel PC Card Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\pwi_serd.sys (MCCI)
DRV - (pwi_mdm) -- C:\WINDOWS\system32\drivers\pwi_mdm.sys (MCCI)
DRV - (pwi_mdfl) -- C:\WINDOWS\system32\drivers\pwi_mdfl.sys (MCCI)
DRV - (pwi_bus) Curitel PC Card Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\pwi_bus.sys (MCCI)
DRV - (KR10N) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/10/18 10:22:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EB379ABB-4B4B-452B-B391-6D8027D840B1}: C:\Documents and Settings\Owner\Local Settings\Application Data\{EB379ABB-4B4B-452B-B391-6D8027D840B1} [2009/04/23 08:01:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/08 08:33:03 | 00,000,000 | ---D | M]
[2007/10/18 10:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\36v0kjbz.default\extensions
[2007/10/18 10:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\36v0kjbz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/10/18 10:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\36v0kjbz.default\extensions\staged-xpis
O1 HOSTS File: (0 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\DLACTRLW.exe (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\IBM\Lotus Forms\Viewer\3.0\masqform.exe (IBM Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MsWerr] C:\WINDOWS\System32\xm1985.DLL (微软公司)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [net] C:\WINDOWS\System32\net.net (Company)
O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [serisejeh] C:\WINDOWS\System32\gikatuma.DLL ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\Owner\LOCALS~1\Temp\system.exe File not found
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EFI Job Monitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\efjm.DLL (EFI)
O4 - HKCU..\Run: [elrbuuus] C:\Documents and Settings\Owner\Local Settings\Application Data\ujescd\fivhsysguard.exe File not found
O4 - HKCU..\Run: [Installer] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1UQ0GYKQ\setup_243_3777_[1].exe File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [notepad] C:\DOCUME~1\NETWOR~1\ntload.DLL File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\Owner\LOCALS~1\Temp\gnqwi50.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.dll (Microsoft)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://scan.safety.l...lscbase5059.cab (Windows Live Safety Center Base Module)
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/IXP000.TMP/setup.cab (PowerTeam HTML Printing Behavior)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1151075700703 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1151075799687 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\gikatuma.dll) - C:\WINDOWS\system32\gikatuma.dll ()
O20 - AppInit_DLLs: (yeyuvike.dll) - C:\WINDOWS\System32\yeyuvike.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\kbupdate: DllName - kbupdate.dll - C:\WINDOWS\System32\kbupdate.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: ropabusup - {d30066a7-da20-40da-8dd5-b86f5b70b4b6} - C:\WINDOWS\system32\gikatuma.dll ()
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - gar873hruefrh87w3hjinhef87w3h7dfd - C:\WINDOWS\System32\q4qqp9.dll File not found
O22 - SharedTaskScheduler: {d30066a7-da20-40da-8dd5-b86f5b70b4b6} - jugezatag - C:\WINDOWS\system32\gikatuma.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/15 07:38:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2ea772d0-02df-11db-98f2-00038a000015}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O33 - MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\E\Shell\phone\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/02/15 07:38:14 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {11595080-8E73-46C5-B74F-411E5F229AF5} - Yahoo! Tracking for IE7
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9212D8B4-C3CF-43E1-A1FF-8EEA311633DC} - Reg Error: Value error.
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar for Internet Explorer
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{19FB76C6-DBEF-44B5-A053-ECDF5F855A07} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
========== Files/Folders - Created Within 30 Days ==========
[2009/12/11 16:25:26 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/11 14:56:33 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/12/11 14:04:25 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/12/11 14:04:07 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\VundoFix.exe
[2009/12/11 13:30:16 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/12/11 12:55:47 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/12/11 12:55:47 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/12/11 12:55:47 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/12/11 12:55:46 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/12/11 12:55:46 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/12/11 12:55:46 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/12/11 12:55:46 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/12/11 12:55:46 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/12/11 12:55:45 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/12/11 12:55:45 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/12/11 12:55:45 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/12/11 12:39:45 | 00,000,000 | ---D | C] -- C:\Cache
[2009/12/11 11:09:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\SmitfraudFix
[2009/12/11 01:37:52 | 00,000,000 | ---D | C] -- C:\backups
[2009/12/10 21:16:50 | 00,057,344 | ---- | C] (微软公司) -- C:\WINDOWS\System32\xm1985.dll
[2009/12/10 21:14:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ujescd
[2009/12/10 21:14:37 | 00,024,064 | ---- | C] (tzuk) -- C:\tdndhuv.exe
[2009/12/07 11:06:50 | 00,000,000 | ---D | C] -- C:\Program Files\IBM
[2009/11/26 22:20:05 | 00,000,000 | ---D | C] -- C:\SBS
[2009/05/11 00:16:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/02/13 07:14:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/12 07:15:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/17 15:40:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/08/22 13:15:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/07/21 12:17:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/02/15 08:25:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2006/02/15 07:41:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/02/15 07:38:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/09/23 23:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2004/11/24 10:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2009/12/12 10:57:13 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\jinowavu
[2009/12/12 10:54:20 | 00,021,063 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/12/12 10:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\detfbrjy.job
[2009/12/12 09:01:19 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/12 08:27:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\kboem32.dat
[2009/12/12 08:25:47 | 00,001,713 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Job Monitor.lnk
[2009/12/12 08:25:35 | 00,000,020 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
[2009/12/12 08:25:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/12 08:25:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/12 08:25:27 | 52,643,8400 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/12 08:23:39 | 05,242,880 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/12 08:23:39 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/12 08:10:16 | 00,004,874 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/12/12 08:10:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/12 08:02:47 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\yutobayu.dll
[2009/12/12 08:02:46 | 00,000,529 | -HS- | M] () -- C:\WINDOWS\System32\begadosi.exe
[2009/12/11 16:25:22 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/11 14:56:34 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/12/11 14:04:08 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\VundoFix.exe
[2009/12/11 11:08:42 | 01,814,829 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip
[2009/12/11 07:36:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR10.exe
[2009/12/11 07:36:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/11 07:36:33 | 00,002,854 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/11 01:41:15 | 00,000,209 | -HS- | M] () -- C:\boot.ini
[2009/12/11 01:38:22 | 11,317,882 | ---- | M] () -- C:\BACKUPS.gz
[2009/12/11 01:37:53 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/12/11 01:37:02 | 00,000,029 | ---- | M] () -- C:\sampath
[2009/12/10 21:16:51 | 00,057,344 | ---- | M] (微软公司) -- C:\WINDOWS\System32\xm1985.dll
[2009/12/10 21:15:43 | 00,000,649 | -HS- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.lnk
[2009/12/10 21:14:52 | 00,096,768 | ---- | M] () -- C:\WINDOWS\System32\kbdatat4.dll
[2009/12/10 21:14:52 | 00,017,920 | ---- | M] () -- C:\WINDOWS\System32\kbupdate.dll
[2009/12/10 21:14:51 | 00,168,960 | ---- | M] () -- C:\WINDOWS\System32\crt4.dll
[2009/12/10 21:14:39 | 00,135,168 | ---- | M] () -- C:\dcgwhpoh.exe
[2009/12/10 21:14:38 | 00,045,056 | ---- | M] () -- C:\ddnany.exe
[2009/12/10 21:14:37 | 00,024,064 | ---- | M] (tzuk) -- C:\tdndhuv.exe
[2009/12/10 14:15:32 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word.lnk
[2009/12/10 10:38:12 | 00,000,452 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2009/12/09 16:47:45 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Email password.doc
[2009/12/09 11:19:17 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$ail password.doc
[2009/12/09 11:05:26 | 00,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 11:05:26 | 00,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 11:05:25 | 00,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 10:57:17 | 02,003,997 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/12/09 10:57:17 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/07 13:26:38 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\stockvalu recommendations.doc
[2009/12/07 11:54:16 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/03 14:43:21 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\seattlesuperads.doc
[2009/12/03 09:55:44 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Correct verbiage on Congratulations page.doc
[2009/12/01 01:00:38 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/29 13:14:28 | 07,382,016 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Outlook backup.pst
[2009/11/29 13:00:30 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Outlook 2003.lnk
[2009/11/27 08:53:19 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\top down understanding.doc
[2009/11/23 22:29:55 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/11/21 11:25:01 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\I fear.doc
[2009/11/14 12:54:52 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Hopwood flyer side 2.doc
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009/12/12 08:02:47 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\yutobayu.dll
[2009/12/12 08:02:46 | 00,000,529 | -HS- | C] () -- C:\WINDOWS\System32\begadosi.exe
[2009/12/12 08:00:26 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\detfbrjy.job
[2009/12/11 12:55:46 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/12/11 12:55:46 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/12/11 12:55:45 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/12/11 11:10:17 | 00,004,874 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/12/11 11:08:47 | 01,814,829 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip
[2009/12/11 01:38:37 | 05,242,880 | ---- | C] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/11 01:38:37 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/12/11 01:37:55 | 11,317,882 | ---- | C] () -- C:\BACKUPS.gz
[2009/12/10 21:30:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR10.exe
[2009/12/10 21:30:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/10 21:19:52 | 00,002,854 | ---- | C] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/10 21:14:57 | 00,000,020 | ---- | C] () -- C:\WINDOWS\System32\crt.dat
[2009/12/10 21:14:52 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\kbupdate.dll
[2009/12/10 21:14:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\kboem32.dat
[2009/12/10 21:14:51 | 00,168,960 | ---- | C] () -- C:\WINDOWS\System32\crt4.dll
[2009/12/10 21:14:51 | 00,096,768 | ---- | C] () -- C:\WINDOWS\System32\kbdatat4.dll
[2009/12/10 21:14:37 | 00,135,168 | ---- | C] () -- C:\dcgwhpoh.exe
[2009/12/10 21:14:37 | 00,045,056 | ---- | C] () -- C:\ddnany.exe
[2009/12/10 10:38:12 | 00,000,452 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2009/12/09 11:19:17 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$ail password.doc
[2009/12/07 13:26:37 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\stockvalu recommendations.doc
[2009/12/03 14:43:20 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\seattlesuperads.doc
[2009/12/03 09:55:44 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Correct verbiage on Congratulations page.doc
[2009/12/02 10:17:44 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Email password.doc
[2009/11/26 16:10:24 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\top down understanding.doc
[2009/11/21 11:25:01 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\I fear.doc
[2009/11/14 12:54:51 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Hopwood flyer side 2.doc
[2009/09/12 08:05:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\yeyuvike.dll
[2009/09/12 08:05:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\wivovego.dll
[2009/09/12 08:05:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\jiyazami.dll
[2009/09/12 08:00:17 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\gikatuma.dll
[2009/09/12 08:00:15 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\melasora.dll
[2009/09/12 08:00:14 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\movemora.dll
[2009/09/12 08:00:14 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fabeduyu.dll
[2009/09/11 12:36:29 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\sibomado.dll
[2009/09/11 12:36:29 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\fetepevo.dll
[2009/09/11 12:36:29 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\siveraja.dll
[2009/08/11 14:03:54 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/07/24 08:15:00 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsfocejctfpqrq.sys
[2008/12/18 12:33:25 | 00,000,074 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2008/07/05 02:14:48 | 00,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/07/05 02:14:44 | 03,591,168 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/07/05 02:13:16 | 00,708,096 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/06/22 08:34:00 | 00,177,664 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/06/13 02:39:38 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/06/12 09:36:38 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/10 16:07:20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/10 16:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/10 16:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 14:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/10/01 11:00:53 | 00,000,024 | ---- | C] () -- C:\WINDOWS\sysc_drv.ini
[2007/08/26 19:46:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2007/07/10 07:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/11/19 20:27:03 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/03 11:11:00 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2006/11/01 17:49:19 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/01 17:49:18 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/09/24 07:27:27 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/11 15:02:44 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/11 15:01:35 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/25 14:38:51 | 00,005,323 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/07/25 14:38:51 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/24 08:13:46 | 00,000,330 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/23 08:06:41 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/06/23 08:06:41 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/06/22 18:58:46 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/06/05 19:40:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/24 20:28:54 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/02/16 07:07:58 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/02/16 01:50:52 | 00,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/16 01:25:21 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/16 01:25:21 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/16 01:25:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/16 01:25:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/16 01:25:21 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/16 01:25:21 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/15 08:41:53 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/15 08:41:53 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/02/15 08:40:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/15 08:28:50 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/15 08:28:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/15 08:28:50 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/15 08:28:50 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/15 08:25:00 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/02/15 08:21:53 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/15 07:44:19 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/15 07:34:07 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/15 06:09:00 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/28 20:33:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 14:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 15:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/10/03 08:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009/06/21 07:50:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/07 11:06:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2009/07/26 16:52:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/02/16 01:55:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/07/08 09:21:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/07/17 16:01:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YesVideo
[2008/07/09 13:09:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eBookPro6
[2007/04/25 00:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2006/09/12 21:19:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2007/04/28 21:49:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Microgaming
[2009/11/04 15:26:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mjusbsp
[2009/12/07 11:08:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PureEdge
[2006/09/22 13:49:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro
[2009/04/22 09:47:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StumbleUpon
[2006/10/18 18:28:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\toshiba
[2009/07/09 10:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2007/07/20 09:08:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/12/12 10:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\detfbrjy.job
[2009/07/15 00:11:55 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/12/01 01:00:38 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2009/12/10 21:14:39 | 00,135,168 | ---- | M] () -- C:\dcgwhpoh.exe
[2009/12/10 21:14:38 | 00,045,056 | ---- | M] () -- C:\ddnany.exe
[2009/12/10 21:14:37 | 00,024,064 | ---- | M] (tzuk) -- C:\tdndhuv.exe
< MD5 for: AGP440.SYS >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: KR10N.SYS >
[2005/01/12 00:05:46 | 00,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\OemDir\KR10N.sys
[2005/01/12 00:05:46 | 00,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\system32\drivers\KR10N.sys
< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/10 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-12-09 18:57:53
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
Thanks!
OTL logfile created on: 12/12/2009 10:54:57 AM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
501.98 Mb Total Physical Memory | 208.61 Mb Available Physical Memory | 41.56% Memory free
1.20 Gb Paging File | 0.69 Gb Available in Paging File | 57.44% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.91 Gb Total Space | 75.13 Gb Free Space | 80.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-USER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Local Settings\Temp\JobMonitor\JobMonitor.exe ()
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\agrsmmsg.exe (Agere Systems)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\xm1985.dll (微软公司)
MOD - C:\WINDOWS\system32\yeyuvike.dll ()
MOD - C:\WINDOWS\system32\gikatuma.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\idle.dll (Yahoo! Inc.)
MOD - C:\Program Files\Yahoo!\Messenger\msvcr71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TDispVol.dll ()
========== Win32 Services (SafeList) ==========
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (NWCWorkstation) -- C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (NWRDR) -- C:\WINDOWS\system32\drivers\nwrdr.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (tbiosdrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (pwi_oflt) -- C:\WINDOWS\system32\drivers\pwi_oflt.sys (MCCI)
DRV - (pwi_serd) Curitel PC Card Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\pwi_serd.sys (MCCI)
DRV - (pwi_mdm) -- C:\WINDOWS\system32\drivers\pwi_mdm.sys (MCCI)
DRV - (pwi_mdfl) -- C:\WINDOWS\system32\drivers\pwi_mdfl.sys (MCCI)
DRV - (pwi_bus) Curitel PC Card Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\pwi_bus.sys (MCCI)
DRV - (KR10N) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/10/18 10:22:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EB379ABB-4B4B-452B-B391-6D8027D840B1}: C:\Documents and Settings\Owner\Local Settings\Application Data\{EB379ABB-4B4B-452B-B391-6D8027D840B1} [2009/04/23 08:01:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/08 08:33:03 | 00,000,000 | ---D | M]
[2007/10/18 10:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\36v0kjbz.default\extensions
[2007/10/18 10:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\36v0kjbz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/10/18 10:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\36v0kjbz.default\extensions\staged-xpis
O1 HOSTS File: (0 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\DLACTRLW.exe (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\IBM\Lotus Forms\Viewer\3.0\masqform.exe (IBM Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MsWerr] C:\WINDOWS\System32\xm1985.DLL (微软公司)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [net] C:\WINDOWS\System32\net.net (Company)
O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [serisejeh] C:\WINDOWS\System32\gikatuma.DLL ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\Owner\LOCALS~1\Temp\system.exe File not found
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EFI Job Monitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\efjm.DLL (EFI)
O4 - HKCU..\Run: [elrbuuus] C:\Documents and Settings\Owner\Local Settings\Application Data\ujescd\fivhsysguard.exe File not found
O4 - HKCU..\Run: [Installer] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1UQ0GYKQ\setup_243_3777_[1].exe File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [notepad] C:\DOCUME~1\NETWOR~1\ntload.DLL File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\Owner\LOCALS~1\Temp\gnqwi50.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.dll (Microsoft)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://scan.safety.l...lscbase5059.cab (Windows Live Safety Center Base Module)
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/IXP000.TMP/setup.cab (PowerTeam HTML Printing Behavior)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1151075700703 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1151075799687 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\gikatuma.dll) - C:\WINDOWS\system32\gikatuma.dll ()
O20 - AppInit_DLLs: (yeyuvike.dll) - C:\WINDOWS\System32\yeyuvike.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\kbupdate: DllName - kbupdate.dll - C:\WINDOWS\System32\kbupdate.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: ropabusup - {d30066a7-da20-40da-8dd5-b86f5b70b4b6} - C:\WINDOWS\system32\gikatuma.dll ()
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - gar873hruefrh87w3hjinhef87w3h7dfd - C:\WINDOWS\System32\q4qqp9.dll File not found
O22 - SharedTaskScheduler: {d30066a7-da20-40da-8dd5-b86f5b70b4b6} - jugezatag - C:\WINDOWS\system32\gikatuma.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/15 07:38:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2ea772d0-02df-11db-98f2-00038a000015}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O33 - MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\E\Shell\phone\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/02/15 07:38:14 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {11595080-8E73-46C5-B74F-411E5F229AF5} - Yahoo! Tracking for IE7
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9212D8B4-C3CF-43E1-A1FF-8EEA311633DC} - Reg Error: Value error.
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar for Internet Explorer
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{19FB76C6-DBEF-44B5-A053-ECDF5F855A07} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
========== Files/Folders - Created Within 30 Days ==========
[2009/12/11 16:25:26 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/11 14:56:33 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/12/11 14:04:25 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/12/11 14:04:07 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\VundoFix.exe
[2009/12/11 13:30:16 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/12/11 12:55:47 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/12/11 12:55:47 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/12/11 12:55:47 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/12/11 12:55:46 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/12/11 12:55:46 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/12/11 12:55:46 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/12/11 12:55:46 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/12/11 12:55:46 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/12/11 12:55:45 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/12/11 12:55:45 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/12/11 12:55:45 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/12/11 12:39:45 | 00,000,000 | ---D | C] -- C:\Cache
[2009/12/11 11:09:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\SmitfraudFix
[2009/12/11 01:37:52 | 00,000,000 | ---D | C] -- C:\backups
[2009/12/10 21:16:50 | 00,057,344 | ---- | C] (微软公司) -- C:\WINDOWS\System32\xm1985.dll
[2009/12/10 21:14:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ujescd
[2009/12/10 21:14:37 | 00,024,064 | ---- | C] (tzuk) -- C:\tdndhuv.exe
[2009/12/07 11:06:50 | 00,000,000 | ---D | C] -- C:\Program Files\IBM
[2009/11/26 22:20:05 | 00,000,000 | ---D | C] -- C:\SBS
[2009/05/11 00:16:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/02/13 07:14:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/12 07:15:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/17 15:40:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/08/22 13:15:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/07/21 12:17:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/02/15 08:25:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2006/02/15 07:41:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/02/15 07:38:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/09/23 23:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2004/11/24 10:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2009/12/12 10:57:13 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\jinowavu
[2009/12/12 10:54:20 | 00,021,063 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/12/12 10:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\detfbrjy.job
[2009/12/12 09:01:19 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/12 08:27:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\kboem32.dat
[2009/12/12 08:25:47 | 00,001,713 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Job Monitor.lnk
[2009/12/12 08:25:35 | 00,000,020 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
[2009/12/12 08:25:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/12 08:25:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/12 08:25:27 | 52,643,8400 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/12 08:23:39 | 05,242,880 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/12 08:23:39 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/12 08:10:16 | 00,004,874 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/12/12 08:10:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/12 08:02:47 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\yutobayu.dll
[2009/12/12 08:02:46 | 00,000,529 | -HS- | M] () -- C:\WINDOWS\System32\begadosi.exe
[2009/12/11 16:25:22 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/11 14:56:34 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/12/11 14:04:08 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\VundoFix.exe
[2009/12/11 11:08:42 | 01,814,829 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip
[2009/12/11 07:36:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR10.exe
[2009/12/11 07:36:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/11 07:36:33 | 00,002,854 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/11 01:41:15 | 00,000,209 | -HS- | M] () -- C:\boot.ini
[2009/12/11 01:38:22 | 11,317,882 | ---- | M] () -- C:\BACKUPS.gz
[2009/12/11 01:37:53 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/12/11 01:37:02 | 00,000,029 | ---- | M] () -- C:\sampath
[2009/12/10 21:16:51 | 00,057,344 | ---- | M] (微软公司) -- C:\WINDOWS\System32\xm1985.dll
[2009/12/10 21:15:43 | 00,000,649 | -HS- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.lnk
[2009/12/10 21:14:52 | 00,096,768 | ---- | M] () -- C:\WINDOWS\System32\kbdatat4.dll
[2009/12/10 21:14:52 | 00,017,920 | ---- | M] () -- C:\WINDOWS\System32\kbupdate.dll
[2009/12/10 21:14:51 | 00,168,960 | ---- | M] () -- C:\WINDOWS\System32\crt4.dll
[2009/12/10 21:14:39 | 00,135,168 | ---- | M] () -- C:\dcgwhpoh.exe
[2009/12/10 21:14:38 | 00,045,056 | ---- | M] () -- C:\ddnany.exe
[2009/12/10 21:14:37 | 00,024,064 | ---- | M] (tzuk) -- C:\tdndhuv.exe
[2009/12/10 14:15:32 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word.lnk
[2009/12/10 10:38:12 | 00,000,452 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2009/12/09 16:47:45 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Email password.doc
[2009/12/09 11:19:17 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$ail password.doc
[2009/12/09 11:05:26 | 00,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 11:05:26 | 00,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 11:05:25 | 00,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 10:57:17 | 02,003,997 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/12/09 10:57:17 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/07 13:26:38 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\stockvalu recommendations.doc
[2009/12/07 11:54:16 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/03 14:43:21 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\seattlesuperads.doc
[2009/12/03 09:55:44 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Correct verbiage on Congratulations page.doc
[2009/12/01 01:00:38 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/29 13:14:28 | 07,382,016 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Outlook backup.pst
[2009/11/29 13:00:30 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Outlook 2003.lnk
[2009/11/27 08:53:19 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\top down understanding.doc
[2009/11/23 22:29:55 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/11/21 11:25:01 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\I fear.doc
[2009/11/14 12:54:52 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Hopwood flyer side 2.doc
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009/12/12 08:02:47 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\yutobayu.dll
[2009/12/12 08:02:46 | 00,000,529 | -HS- | C] () -- C:\WINDOWS\System32\begadosi.exe
[2009/12/12 08:00:26 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\detfbrjy.job
[2009/12/11 12:55:46 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/12/11 12:55:46 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/12/11 12:55:45 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/12/11 11:10:17 | 00,004,874 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/12/11 11:08:47 | 01,814,829 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip
[2009/12/11 01:38:37 | 05,242,880 | ---- | C] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/11 01:38:37 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/12/11 01:37:55 | 11,317,882 | ---- | C] () -- C:\BACKUPS.gz
[2009/12/10 21:30:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR10.exe
[2009/12/10 21:30:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/10 21:19:52 | 00,002,854 | ---- | C] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/10 21:14:57 | 00,000,020 | ---- | C] () -- C:\WINDOWS\System32\crt.dat
[2009/12/10 21:14:52 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\kbupdate.dll
[2009/12/10 21:14:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\kboem32.dat
[2009/12/10 21:14:51 | 00,168,960 | ---- | C] () -- C:\WINDOWS\System32\crt4.dll
[2009/12/10 21:14:51 | 00,096,768 | ---- | C] () -- C:\WINDOWS\System32\kbdatat4.dll
[2009/12/10 21:14:37 | 00,135,168 | ---- | C] () -- C:\dcgwhpoh.exe
[2009/12/10 21:14:37 | 00,045,056 | ---- | C] () -- C:\ddnany.exe
[2009/12/10 10:38:12 | 00,000,452 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2009/12/09 11:19:17 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$ail password.doc
[2009/12/07 13:26:37 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\stockvalu recommendations.doc
[2009/12/03 14:43:20 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\seattlesuperads.doc
[2009/12/03 09:55:44 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Correct verbiage on Congratulations page.doc
[2009/12/02 10:17:44 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Email password.doc
[2009/11/26 16:10:24 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\top down understanding.doc
[2009/11/21 11:25:01 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\I fear.doc
[2009/11/14 12:54:51 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Hopwood flyer side 2.doc
[2009/09/12 08:05:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\yeyuvike.dll
[2009/09/12 08:05:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\wivovego.dll
[2009/09/12 08:05:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\jiyazami.dll
[2009/09/12 08:00:17 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\gikatuma.dll
[2009/09/12 08:00:15 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\melasora.dll
[2009/09/12 08:00:14 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\movemora.dll
[2009/09/12 08:00:14 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fabeduyu.dll
[2009/09/11 12:36:29 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\sibomado.dll
[2009/09/11 12:36:29 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\fetepevo.dll
[2009/09/11 12:36:29 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\siveraja.dll
[2009/08/11 14:03:54 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/07/24 08:15:00 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsfocejctfpqrq.sys
[2008/12/18 12:33:25 | 00,000,074 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2008/07/05 02:14:48 | 00,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/07/05 02:14:44 | 03,591,168 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/07/05 02:13:16 | 00,708,096 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/06/22 08:34:00 | 00,177,664 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/06/13 02:39:38 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/06/12 09:36:38 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/10 16:07:20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/10 16:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/10 16:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 14:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/10/01 11:00:53 | 00,000,024 | ---- | C] () -- C:\WINDOWS\sysc_drv.ini
[2007/08/26 19:46:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2007/07/10 07:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/11/19 20:27:03 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/03 11:11:00 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2006/11/01 17:49:19 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/01 17:49:18 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/09/24 07:27:27 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/11 15:02:44 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/11 15:01:35 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/25 14:38:51 | 00,005,323 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/07/25 14:38:51 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/24 08:13:46 | 00,000,330 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/23 08:06:41 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/06/23 08:06:41 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/06/22 18:58:46 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/06/05 19:40:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/24 20:28:54 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/02/16 07:07:58 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/02/16 01:50:52 | 00,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/16 01:25:21 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/16 01:25:21 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/16 01:25:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/16 01:25:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/16 01:25:21 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/16 01:25:21 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/15 08:41:53 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/15 08:41:53 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/02/15 08:40:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/15 08:28:50 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/15 08:28:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/15 08:28:50 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/15 08:28:50 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/15 08:25:00 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/02/15 08:21:53 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/15 07:44:19 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/15 07:34:07 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/15 06:09:00 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/28 20:33:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 14:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 15:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/10/03 08:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009/06/21 07:50:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/07 11:06:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2009/07/26 16:52:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/02/16 01:55:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/07/08 09:21:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/07/17 16:01:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YesVideo
[2008/07/09 13:09:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eBookPro6
[2007/04/25 00:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2006/09/12 21:19:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2007/04/28 21:49:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Microgaming
[2009/11/04 15:26:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mjusbsp
[2009/12/07 11:08:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PureEdge
[2006/09/22 13:49:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro
[2009/04/22 09:47:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StumbleUpon
[2006/10/18 18:28:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\toshiba
[2009/07/09 10:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2007/07/20 09:08:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/12/12 10:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\detfbrjy.job
[2009/07/15 00:11:55 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/12/01 01:00:38 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2009/12/10 21:14:39 | 00,135,168 | ---- | M] () -- C:\dcgwhpoh.exe
[2009/12/10 21:14:38 | 00,045,056 | ---- | M] () -- C:\ddnany.exe
[2009/12/10 21:14:37 | 00,024,064 | ---- | M] (tzuk) -- C:\tdndhuv.exe
< MD5 for: AGP440.SYS >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: KR10N.SYS >
[2005/01/12 00:05:46 | 00,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\OemDir\KR10N.sys
[2005/01/12 00:05:46 | 00,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\system32\drivers\KR10N.sys
< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/10 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-12-09 18:57:53
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
OTL logfile created on: 12/12/2009 10:54:57 AM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
501.98 Mb Total Physical Memory | 208.61 Mb Available Physical Memory | 41.56% Memory free
1.20 Gb Paging File | 0.69 Gb Available in Paging File | 57.44% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.91 Gb Total Space | 75.13 Gb Free Space | 80.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-USER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Local Settings\Temp\JobMonitor\JobMonitor.exe ()
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\agrsmmsg.exe (Agere Systems)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\xm1985.dll (微软公司)
MOD - C:\WINDOWS\system32\yeyuvike.dll ()
MOD - C:\WINDOWS\system32\gikatuma.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\idle.dll (Yahoo! Inc.)
MOD - C:\Program Files\Yahoo!\Messenger\msvcr71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TDispVol.dll ()
========== Win32 Services (SafeList) ==========
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (NWCWorkstation) -- C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (NWRDR) -- C:\WINDOWS\system32\drivers\nwrdr.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (tbiosdrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (pwi_oflt) -- C:\WINDOWS\system32\drivers\pwi_oflt.sys (MCCI)
DRV - (pwi_serd) Curitel PC Card Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\pwi_serd.sys (MCCI)
DRV - (pwi_mdm) -- C:\WINDOWS\system32\drivers\pwi_mdm.sys (MCCI)
DRV - (pwi_mdfl) -- C:\WINDOWS\system32\drivers\pwi_mdfl.sys (MCCI)
DRV - (pwi_bus) Curitel PC Card Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\pwi_bus.sys (MCCI)
DRV - (KR10N) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/10/18 10:22:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EB379ABB-4B4B-452B-B391-6D8027D840B1}: C:\Documents and Settings\Owner\Local Settings\Application Data\{EB379ABB-4B4B-452B-B391-6D8027D840B1} [2009/04/23 08:01:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/08 08:33:03 | 00,000,000 | ---D | M]
[2007/10/18 10:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\36v0kjbz.default\extensions
[2007/10/18 10:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\36v0kjbz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/10/18 10:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\36v0kjbz.default\extensions\staged-xpis
O1 HOSTS File: (0 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\DLACTRLW.exe (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\IBM\Lotus Forms\Viewer\3.0\masqform.exe (IBM Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MsWerr] C:\WINDOWS\System32\xm1985.DLL (微软公司)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [net] C:\WINDOWS\System32\net.net (Company)
O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [serisejeh] C:\WINDOWS\System32\gikatuma.DLL ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\Owner\LOCALS~1\Temp\system.exe File not found
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EFI Job Monitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\efjm.DLL (EFI)
O4 - HKCU..\Run: [elrbuuus] C:\Documents and Settings\Owner\Local Settings\Application Data\ujescd\fivhsysguard.exe File not found
O4 - HKCU..\Run: [Installer] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1UQ0GYKQ\setup_243_3777_[1].exe File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [notepad] C:\DOCUME~1\NETWOR~1\ntload.DLL File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\Owner\LOCALS~1\Temp\gnqwi50.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.dll (Microsoft)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://scan.safety.l...lscbase5059.cab (Windows Live Safety Center Base Module)
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/IXP000.TMP/setup.cab (PowerTeam HTML Printing Behavior)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1151075700703 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1151075799687 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\gikatuma.dll) - C:\WINDOWS\system32\gikatuma.dll ()
O20 - AppInit_DLLs: (yeyuvike.dll) - C:\WINDOWS\System32\yeyuvike.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\kbupdate: DllName - kbupdate.dll - C:\WINDOWS\System32\kbupdate.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: ropabusup - {d30066a7-da20-40da-8dd5-b86f5b70b4b6} - C:\WINDOWS\system32\gikatuma.dll ()
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - gar873hruefrh87w3hjinhef87w3h7dfd - C:\WINDOWS\System32\q4qqp9.dll File not found
O22 - SharedTaskScheduler: {d30066a7-da20-40da-8dd5-b86f5b70b4b6} - jugezatag - C:\WINDOWS\system32\gikatuma.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/15 07:38:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2ea772d0-02df-11db-98f2-00038a000015}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O33 - MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\E\Shell\phone\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/02/15 07:38:14 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {11595080-8E73-46C5-B74F-411E5F229AF5} - Yahoo! Tracking for IE7
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9212D8B4-C3CF-43E1-A1FF-8EEA311633DC} - Reg Error: Value error.
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar for Internet Explorer
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{19FB76C6-DBEF-44B5-A053-ECDF5F855A07} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
========== Files/Folders - Created Within 30 Days ==========
[2009/12/11 16:25:26 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/11 14:56:33 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/12/11 14:04:25 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/12/11 14:04:07 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\VundoFix.exe
[2009/12/11 13:30:16 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/12/11 12:55:47 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/12/11 12:55:47 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/12/11 12:55:47 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/12/11 12:55:46 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/12/11 12:55:46 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/12/11 12:55:46 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/12/11 12:55:46 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/12/11 12:55:46 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/12/11 12:55:45 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/12/11 12:55:45 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/12/11 12:55:45 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/12/11 12:39:45 | 00,000,000 | ---D | C] -- C:\Cache
[2009/12/11 11:09:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\SmitfraudFix
[2009/12/11 01:37:52 | 00,000,000 | ---D | C] -- C:\backups
[2009/12/10 21:16:50 | 00,057,344 | ---- | C] (微软公司) -- C:\WINDOWS\System32\xm1985.dll
[2009/12/10 21:14:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ujescd
[2009/12/10 21:14:37 | 00,024,064 | ---- | C] (tzuk) -- C:\tdndhuv.exe
[2009/12/07 11:06:50 | 00,000,000 | ---D | C] -- C:\Program Files\IBM
[2009/11/26 22:20:05 | 00,000,000 | ---D | C] -- C:\SBS
[2009/05/11 00:16:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/02/13 07:14:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/12 07:15:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/17 15:40:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/08/22 13:15:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/07/21 12:17:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/02/15 08:25:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2006/02/15 07:41:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/02/15 07:38:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/09/23 23:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2004/11/24 10:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2009/12/12 10:57:13 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\jinowavu
[2009/12/12 10:54:20 | 00,021,063 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/12/12 10:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\detfbrjy.job
[2009/12/12 09:01:19 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/12 08:27:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\kboem32.dat
[2009/12/12 08:25:47 | 00,001,713 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Job Monitor.lnk
[2009/12/12 08:25:35 | 00,000,020 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
[2009/12/12 08:25:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/12 08:25:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/12 08:25:27 | 52,643,8400 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/12 08:23:39 | 05,242,880 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/12 08:23:39 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/12 08:10:16 | 00,004,874 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/12/12 08:10:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/12 08:02:47 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\yutobayu.dll
[2009/12/12 08:02:46 | 00,000,529 | -HS- | M] () -- C:\WINDOWS\System32\begadosi.exe
[2009/12/11 16:25:22 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/11 14:56:34 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/12/11 14:04:08 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\VundoFix.exe
[2009/12/11 11:08:42 | 01,814,829 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip
[2009/12/11 07:36:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR10.exe
[2009/12/11 07:36:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/11 07:36:33 | 00,002,854 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/11 01:41:15 | 00,000,209 | -HS- | M] () -- C:\boot.ini
[2009/12/11 01:38:22 | 11,317,882 | ---- | M] () -- C:\BACKUPS.gz
[2009/12/11 01:37:53 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/12/11 01:37:02 | 00,000,029 | ---- | M] () -- C:\sampath
[2009/12/10 21:16:51 | 00,057,344 | ---- | M] (微软公司) -- C:\WINDOWS\System32\xm1985.dll
[2009/12/10 21:15:43 | 00,000,649 | -HS- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.lnk
[2009/12/10 21:14:52 | 00,096,768 | ---- | M] () -- C:\WINDOWS\System32\kbdatat4.dll
[2009/12/10 21:14:52 | 00,017,920 | ---- | M] () -- C:\WINDOWS\System32\kbupdate.dll
[2009/12/10 21:14:51 | 00,168,960 | ---- | M] () -- C:\WINDOWS\System32\crt4.dll
[2009/12/10 21:14:39 | 00,135,168 | ---- | M] () -- C:\dcgwhpoh.exe
[2009/12/10 21:14:38 | 00,045,056 | ---- | M] () -- C:\ddnany.exe
[2009/12/10 21:14:37 | 00,024,064 | ---- | M] (tzuk) -- C:\tdndhuv.exe
[2009/12/10 14:15:32 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word.lnk
[2009/12/10 10:38:12 | 00,000,452 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2009/12/09 16:47:45 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Email password.doc
[2009/12/09 11:19:17 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$ail password.doc
[2009/12/09 11:05:26 | 00,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 11:05:26 | 00,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 11:05:25 | 00,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 10:57:17 | 02,003,997 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/12/09 10:57:17 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/07 13:26:38 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\stockvalu recommendations.doc
[2009/12/07 11:54:16 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/03 14:43:21 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\seattlesuperads.doc
[2009/12/03 09:55:44 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Correct verbiage on Congratulations page.doc
[2009/12/01 01:00:38 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/29 13:14:28 | 07,382,016 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Outlook backup.pst
[2009/11/29 13:00:30 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Outlook 2003.lnk
[2009/11/27 08:53:19 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\top down understanding.doc
[2009/11/23 22:29:55 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/11/21 11:25:01 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\I fear.doc
[2009/11/14 12:54:52 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Hopwood flyer side 2.doc
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009/12/12 08:02:47 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\yutobayu.dll
[2009/12/12 08:02:46 | 00,000,529 | -HS- | C] () -- C:\WINDOWS\System32\begadosi.exe
[2009/12/12 08:00:26 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\detfbrjy.job
[2009/12/11 12:55:46 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/12/11 12:55:46 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/12/11 12:55:45 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/12/11 11:10:17 | 00,004,874 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/12/11 11:08:47 | 01,814,829 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip
[2009/12/11 01:38:37 | 05,242,880 | ---- | C] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/11 01:38:37 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/12/11 01:37:55 | 11,317,882 | ---- | C] () -- C:\BACKUPS.gz
[2009/12/10 21:30:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR10.exe
[2009/12/10 21:30:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/10 21:19:52 | 00,002,854 | ---- | C] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/10 21:14:57 | 00,000,020 | ---- | C] () -- C:\WINDOWS\System32\crt.dat
[2009/12/10 21:14:52 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\kbupdate.dll
[2009/12/10 21:14:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\kboem32.dat
[2009/12/10 21:14:51 | 00,168,960 | ---- | C] () -- C:\WINDOWS\System32\crt4.dll
[2009/12/10 21:14:51 | 00,096,768 | ---- | C] () -- C:\WINDOWS\System32\kbdatat4.dll
[2009/12/10 21:14:37 | 00,135,168 | ---- | C] () -- C:\dcgwhpoh.exe
[2009/12/10 21:14:37 | 00,045,056 | ---- | C] () -- C:\ddnany.exe
[2009/12/10 10:38:12 | 00,000,452 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2009/12/09 11:19:17 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$ail password.doc
[2009/12/07 13:26:37 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\stockvalu recommendations.doc
[2009/12/03 14:43:20 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\seattlesuperads.doc
[2009/12/03 09:55:44 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Correct verbiage on Congratulations page.doc
[2009/12/02 10:17:44 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Email password.doc
[2009/11/26 16:10:24 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\top down understanding.doc
[2009/11/21 11:25:01 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\I fear.doc
[2009/11/14 12:54:51 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Hopwood flyer side 2.doc
[2009/09/12 08:05:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\yeyuvike.dll
[2009/09/12 08:05:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\wivovego.dll
[2009/09/12 08:05:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\jiyazami.dll
[2009/09/12 08:00:17 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\gikatuma.dll
[2009/09/12 08:00:15 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\melasora.dll
[2009/09/12 08:00:14 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\movemora.dll
[2009/09/12 08:00:14 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fabeduyu.dll
[2009/09/11 12:36:29 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\sibomado.dll
[2009/09/11 12:36:29 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\fetepevo.dll
[2009/09/11 12:36:29 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\siveraja.dll
[2009/08/11 14:03:54 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/07/24 08:15:00 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsfocejctfpqrq.sys
[2008/12/18 12:33:25 | 00,000,074 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2008/07/05 02:14:48 | 00,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/07/05 02:14:44 | 03,591,168 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/07/05 02:13:16 | 00,708,096 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/06/22 08:34:00 | 00,177,664 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/06/13 02:39:38 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/06/12 09:36:38 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/10 16:07:20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/10 16:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/10 16:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 14:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/10/01 11:00:53 | 00,000,024 | ---- | C] () -- C:\WINDOWS\sysc_drv.ini
[2007/08/26 19:46:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2007/07/10 07:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/11/19 20:27:03 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/03 11:11:00 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2006/11/01 17:49:19 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/01 17:49:18 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/09/24 07:27:27 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/11 15:02:44 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/11 15:01:35 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/25 14:38:51 | 00,005,323 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/07/25 14:38:51 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/24 08:13:46 | 00,000,330 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/23 08:06:41 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/06/23 08:06:41 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/06/22 18:58:46 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/06/05 19:40:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/24 20:28:54 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/02/16 07:07:58 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/02/16 01:50:52 | 00,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/16 01:25:21 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/16 01:25:21 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/16 01:25:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/16 01:25:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/16 01:25:21 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/16 01:25:21 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/15 08:41:53 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/15 08:41:53 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/02/15 08:40:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/15 08:28:50 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/15 08:28:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/15 08:28:50 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/15 08:28:50 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/15 08:25:00 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/02/15 08:21:53 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/15 07:44:19 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/15 07:34:07 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/15 06:09:00 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/28 20:33:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 14:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 15:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/10/03 08:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009/06/21 07:50:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/07 11:06:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2009/07/26 16:52:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/02/16 01:55:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/07/08 09:21:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/07/17 16:01:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YesVideo
[2008/07/09 13:09:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eBookPro6
[2007/04/25 00:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2006/09/12 21:19:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2007/04/28 21:49:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Microgaming
[2009/11/04 15:26:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mjusbsp
[2009/12/07 11:08:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PureEdge
[2006/09/22 13:49:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro
[2009/04/22 09:47:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StumbleUpon
[2006/10/18 18:28:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\toshiba
[2009/07/09 10:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2007/07/20 09:08:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/12/12 10:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\detfbrjy.job
[2009/07/15 00:11:55 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/12/01 01:00:38 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2009/12/10 21:14:39 | 00,135,168 | ---- | M] () -- C:\dcgwhpoh.exe
[2009/12/10 21:14:38 | 00,045,056 | ---- | M] () -- C:\ddnany.exe
[2009/12/10 21:14:37 | 00,024,064 | ---- | M] (tzuk) -- C:\tdndhuv.exe
< MD5 for: AGP440.SYS >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: KR10N.SYS >
[2005/01/12 00:05:46 | 00,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\OemDir\KR10N.sys
[2005/01/12 00:05:46 | 00,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\system32\drivers\KR10N.sys
< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/10 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-12-09 18:57:53
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
#3
Posted 12 December 2009 - 01:58 PM
Rorschach112
-
- Retired Staff
-
- 47,710 posts
Ralphie
hi
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
Run OTL
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
- Ensure all Firefox windows are closed.
- To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
- When prompted to run the scan, click Yes.
- GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL MOD - C:\WINDOWS\system32\xm1985.dll (微软公司) MOD - C:\WINDOWS\system32\yeyuvike.dll () MOD - C:\WINDOWS\system32\gikatuma.dll () O4 - HKLM..\Run: [serisejeh] C:\WINDOWS\System32\gikatuma.DLL () O4 - HKCU..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\Owner\LOCALS~1\Temp\system.exe File not found O4 - HKCU..\Run: [Installer] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1UQ0GYKQ\setup_243_3777_[1].exe File not found O4 - HKCU..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\Owner\LOCALS~1\Temp\gnqwi50.exe File not found O20 - AppInit_DLLs: (c:\windows\system32\gikatuma.dll) - C:\WINDOWS\system32\gikatuma.dll () O20 - AppInit_DLLs: (yeyuvike.dll) - C:\WINDOWS\System32\yeyuvike.dll () O20 - Winlogon\Notify\kbupdate: DllName - kbupdate.dll - C:\WINDOWS\System32\kbupdate.dll () O21 - SSODL: ropabusup - {d30066a7-da20-40da-8dd5-b86f5b70b4b6} - C:\WINDOWS\system32\gikatuma.dll () O22 - SharedTaskScheduler: {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - gar873hruefrh87w3hjinhef87w3h7dfd - C:\WINDOWS\System32\q4qqp9.dll File not found O22 - SharedTaskScheduler: {d30066a7-da20-40da-8dd5-b86f5b70b4b6} - jugezatag - C:\WINDOWS\system32\gikatuma.dll () O33 - MountPoints2\{2ea772d0-02df-11db-98f2-00038a000015}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found O33 - MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found O33 - MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\Shell\phone\command - "" = E:\autorun.exe -- File not found O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found O33 - MountPoints2\E\Shell\phone\command - "" = E:\autorun.exe -- File not found [2009/12/11 12:55:47 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe [2009/12/11 12:55:47 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe [2009/12/11 12:55:47 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe [2009/12/11 12:55:46 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe [2009/12/11 12:55:46 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe [2009/12/11 12:55:46 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe [2009/12/11 12:55:46 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe [2009/12/11 12:55:46 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe [2009/12/11 12:55:45 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe [2009/12/11 12:55:45 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe [2009/12/11 12:55:45 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe [2009/12/10 21:16:50 | 00,057,344 | ---- | C] (微软公司) -- C:\WINDOWS\System32\xm1985.dll [2009/12/10 21:14:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ujescd [2009/12/10 21:14:37 | 00,024,064 | ---- | C] (tzuk) -- C:\tdndhuv.exe [2009/12/12 10:57:13 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\jinowavu [2009/12/12 08:27:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\kboem32.dat [2009/12/12 08:02:47 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\System32\yutobayu.dll [2009/12/12 08:02:46 | 00,000,529 | -HS- | M] () -- C:\WINDOWS\System32\begadosi.exe [2009/12/11 07:36:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR10.exe [2009/12/11 07:36:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll [2009/12/11 07:36:33 | 00,002,854 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html [2009/12/10 21:16:51 | 00,057,344 | ---- | M] (微软公司) -- C:\WINDOWS\System32\xm1985.dll [2009/12/10 21:15:43 | 00,000,649 | -HS- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.lnk [2009/12/10 21:14:52 | 00,096,768 | ---- | M] () -- C:\WINDOWS\System32\kbdatat4.dll [2009/12/10 21:14:52 | 00,017,920 | ---- | M] () -- C:\WINDOWS\System32\kbupdate.dll [2009/12/10 21:14:51 | 00,168,960 | ---- | M] () -- C:\WINDOWS\System32\crt4.dll [2009/12/10 21:14:39 | 00,135,168 | ---- | M] () -- C:\dcgwhpoh.exe [2009/12/10 21:14:38 | 00,045,056 | ---- | M] () -- C:\ddnany.exe [2009/12/10 21:14:37 | 00,024,064 | ---- | M] (tzuk) -- C:\tdndhuv.exe [2009/12/12 08:02:47 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\yutobayu.dll [2009/12/12 08:02:46 | 00,000,529 | -HS- | C] () -- C:\WINDOWS\System32\begadosi.exe [2009/12/12 08:00:26 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\detfbrjy.job [2009/09/12 08:05:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\yeyuvike.dll [2009/09/12 08:05:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\wivovego.dll [2009/09/12 08:05:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\jiyazami.dll [2009/09/12 08:00:17 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\gikatuma.dll [2009/09/12 08:00:15 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\melasora.dll [2009/09/12 08:00:14 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\movemora.dll [2009/09/12 08:00:14 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fabeduyu.dll [2009/09/11 12:36:29 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\sibomado.dll [2009/09/11 12:36:29 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\fetepevo.dll [2009/09/11 12:36:29 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\siveraja.dll [2009/12/10 21:14:39 | 00,135,168 | ---- | M] () -- C:\dcgwhpoh.exe [2009/12/10 21:14:38 | 00,045,056 | ---- | M] () -- C:\ddnany.exe [2009/12/10 21:14:37 | 00,024,064 | ---- | M] (tzuk) -- C:\tdndhuv.exe :Services :Reg :Files :Commands [purity] [emptytemp] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#4
Posted 12 December 2009 - 03:30 PM
kevino1955
- Topic Starter
-
- Member
-
- 3 posts
New Member
Thank you!
Attached are the two logs
GooredFix by jpshortstuff (06.12.09.1)
Log created at 13:07 on 12/12/2009 (Owner)
Firefox version [Unable to determine]
========== GooredScan ==========
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{EB379ABB-4B4B-452B-B391-6D8027D840B1} -> Success!
Deleting C:\Documents and Settings\Owner\Local Settings\Application Data\{EB379ABB-4B4B-452B-B391-6D8027D840B1} -> Success!
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
(none)
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\36v0kjbz.default\extensions\
staged-xpis [18:23 18/10/2007]
{3112ca9c-de6d-4884-a869-9855de68056c} [18:23 18/10/2007]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3112ca9c-de6d-4884-a869-9855de68056c}"="C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}" [18:22 18/10/2007]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:51 07/07/2009]
-=E.O.F=-
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\serisejeh deleted successfully.
C:\WINDOWS\system32\gikatuma.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\asg984jgkfmgasi8ug98jgkfgfb deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Installer deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ygua8e7yhuiesfha876yfauy8fe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\gikatuma.dll deleted successfully.
File C:\WINDOWS\system32\gikatuma.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:yeyuvike.dll deleted successfully.
C:\WINDOWS\system32\yeyuvike.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kbupdate\ deleted successfully.
C:\WINDOWS\system32\kbupdate.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\ropabusup deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d30066a7-da20-40da-8dd5-b86f5b70b4b6}\ deleted successfully.
File C:\WINDOWS\system32\gikatuma.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{d30066a7-da20-40da-8dd5-b86f5b70b4b6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d30066a7-da20-40da-8dd5-b86f5b70b4b6}\ deleted successfully.
File C:\WINDOWS\system32\gikatuma.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ea772d0-02df-11db-98f2-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ea772d0-02df-11db-98f2-00038a000015}\ not found.
File E:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daa34b82-7442-11dd-9ad3-00a0d1438117}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daa34b82-7442-11dd-9ad3-00a0d1438117}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daa34b82-7442-11dd-9ad3-00a0d1438117}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\autorun.exe not found.
C:\WINDOWS\system32\IEDFix.C.exe moved successfully.
C:\WINDOWS\system32\o4Patch.exe moved successfully.
C:\WINDOWS\system32\Agent.OMZ.Fix.exe moved successfully.
C:\WINDOWS\system32\VCCLSID.exe moved successfully.
C:\WINDOWS\system32\VACFix.exe moved successfully.
C:\WINDOWS\system32\IEDFix.exe moved successfully.
C:\WINDOWS\system32\404Fix.exe moved successfully.
C:\WINDOWS\system32\swxcacls.exe moved successfully.
C:\WINDOWS\system32\SrchSTS.exe moved successfully.
C:\WINDOWS\system32\swreg.exe moved successfully.
C:\WINDOWS\system32\Process.exe moved successfully.
C:\WINDOWS\system32\xm1985.dll moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\ujescd folder moved successfully.
C:\tdndhuv.exe moved successfully.
C:\WINDOWS\system32\jinowavu moved successfully.
File move failed. C:\WINDOWS\system32\kboem32.dat scheduled to be moved on reboot.
C:\WINDOWS\system32\yutobayu.dll moved successfully.
C:\WINDOWS\system32\begadosi.exe moved successfully.
C:\WINDOWS\system32\AVR10.exe moved successfully.
C:\WINDOWS\system32\winhelper86.dll moved successfully.
C:\WINDOWS\system32\critical_warning.html moved successfully.
File C:\WINDOWS\System32\xm1985.dll not found.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.lnk moved successfully.
C:\WINDOWS\system32\kbdatat4.dll moved successfully.
File C:\WINDOWS\System32\kbupdate.dll not found.
C:\WINDOWS\system32\crt4.dll moved successfully.
C:\dcgwhpoh.exe moved successfully.
C:\ddnany.exe moved successfully.
File C:\tdndhuv.exe not found.
File C:\WINDOWS\System32\yutobayu.dll not found.
File C:\WINDOWS\System32\begadosi.exe not found.
C:\WINDOWS\tasks\detfbrjy.job moved successfully.
File C:\WINDOWS\System32\yeyuvike.dll not found.
C:\WINDOWS\system32\wivovego.dll moved successfully.
C:\WINDOWS\system32\jiyazami.dll moved successfully.
File C:\WINDOWS\System32\gikatuma.dll not found.
C:\WINDOWS\system32\melasora.dll moved successfully.
C:\WINDOWS\system32\movemora.dll moved successfully.
C:\WINDOWS\system32\fabeduyu.dll moved successfully.
C:\WINDOWS\system32\sibomado.dll moved successfully.
C:\WINDOWS\system32\fetepevo.dll moved successfully.
C:\WINDOWS\system32\siveraja.dll moved successfully.
File C:\dcgwhpoh.exe not found.
File C:\ddnany.exe not found.
File C:\tdndhuv.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Owner
->Temp folder emptied: 11216065 bytes
->Temporary Internet Files folder emptied: 12655519 bytes
->Java cache emptied: 18121015 bytes
->FireFox cache emptied: 3667877 bytes
->Google Chrome cache emptied: 856432 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 55825 bytes
Windows Temp folder emptied: 93249852 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10453692 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 113994 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 143.51 mb
OTL by OldTimer - Version 3.1.16.0 log created on 12122009_131156
Files\Folders moved on Reboot...
C:\WINDOWS\system32\kboem32.dat moved successfully.
File\Folder C:\WINDOWS\temp\mcmsc_Nj8vdwq2SJRjghd not found!
File\Folder C:\WINDOWS\temp\mcmsc_o5a0ypkktt1nGOQ not found!
Registry entries deleted on Reboot...
Attached are the two logs
GooredFix by jpshortstuff (06.12.09.1)
Log created at 13:07 on 12/12/2009 (Owner)
Firefox version [Unable to determine]
========== GooredScan ==========
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{EB379ABB-4B4B-452B-B391-6D8027D840B1} -> Success!
Deleting C:\Documents and Settings\Owner\Local Settings\Application Data\{EB379ABB-4B4B-452B-B391-6D8027D840B1} -> Success!
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
(none)
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\36v0kjbz.default\extensions\
staged-xpis [18:23 18/10/2007]
{3112ca9c-de6d-4884-a869-9855de68056c} [18:23 18/10/2007]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3112ca9c-de6d-4884-a869-9855de68056c}"="C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}" [18:22 18/10/2007]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:51 07/07/2009]
-=E.O.F=-
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\serisejeh deleted successfully.
C:\WINDOWS\system32\gikatuma.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\asg984jgkfmgasi8ug98jgkfgfb deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Installer deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ygua8e7yhuiesfha876yfauy8fe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\gikatuma.dll deleted successfully.
File C:\WINDOWS\system32\gikatuma.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:yeyuvike.dll deleted successfully.
C:\WINDOWS\system32\yeyuvike.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kbupdate\ deleted successfully.
C:\WINDOWS\system32\kbupdate.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\ropabusup deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d30066a7-da20-40da-8dd5-b86f5b70b4b6}\ deleted successfully.
File C:\WINDOWS\system32\gikatuma.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{d30066a7-da20-40da-8dd5-b86f5b70b4b6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d30066a7-da20-40da-8dd5-b86f5b70b4b6}\ deleted successfully.
File C:\WINDOWS\system32\gikatuma.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ea772d0-02df-11db-98f2-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ea772d0-02df-11db-98f2-00038a000015}\ not found.
File E:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daa34b82-7442-11dd-9ad3-00a0d1438117}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daa34b82-7442-11dd-9ad3-00a0d1438117}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa34b82-7442-11dd-9ad3-00a0d1438117}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daa34b82-7442-11dd-9ad3-00a0d1438117}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\autorun.exe not found.
C:\WINDOWS\system32\IEDFix.C.exe moved successfully.
C:\WINDOWS\system32\o4Patch.exe moved successfully.
C:\WINDOWS\system32\Agent.OMZ.Fix.exe moved successfully.
C:\WINDOWS\system32\VCCLSID.exe moved successfully.
C:\WINDOWS\system32\VACFix.exe moved successfully.
C:\WINDOWS\system32\IEDFix.exe moved successfully.
C:\WINDOWS\system32\404Fix.exe moved successfully.
C:\WINDOWS\system32\swxcacls.exe moved successfully.
C:\WINDOWS\system32\SrchSTS.exe moved successfully.
C:\WINDOWS\system32\swreg.exe moved successfully.
C:\WINDOWS\system32\Process.exe moved successfully.
C:\WINDOWS\system32\xm1985.dll moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\ujescd folder moved successfully.
C:\tdndhuv.exe moved successfully.
C:\WINDOWS\system32\jinowavu moved successfully.
File move failed. C:\WINDOWS\system32\kboem32.dat scheduled to be moved on reboot.
C:\WINDOWS\system32\yutobayu.dll moved successfully.
C:\WINDOWS\system32\begadosi.exe moved successfully.
C:\WINDOWS\system32\AVR10.exe moved successfully.
C:\WINDOWS\system32\winhelper86.dll moved successfully.
C:\WINDOWS\system32\critical_warning.html moved successfully.
File C:\WINDOWS\System32\xm1985.dll not found.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\scandisk.lnk moved successfully.
C:\WINDOWS\system32\kbdatat4.dll moved successfully.
File C:\WINDOWS\System32\kbupdate.dll not found.
C:\WINDOWS\system32\crt4.dll moved successfully.
C:\dcgwhpoh.exe moved successfully.
C:\ddnany.exe moved successfully.
File C:\tdndhuv.exe not found.
File C:\WINDOWS\System32\yutobayu.dll not found.
File C:\WINDOWS\System32\begadosi.exe not found.
C:\WINDOWS\tasks\detfbrjy.job moved successfully.
File C:\WINDOWS\System32\yeyuvike.dll not found.
C:\WINDOWS\system32\wivovego.dll moved successfully.
C:\WINDOWS\system32\jiyazami.dll moved successfully.
File C:\WINDOWS\System32\gikatuma.dll not found.
C:\WINDOWS\system32\melasora.dll moved successfully.
C:\WINDOWS\system32\movemora.dll moved successfully.
C:\WINDOWS\system32\fabeduyu.dll moved successfully.
C:\WINDOWS\system32\sibomado.dll moved successfully.
C:\WINDOWS\system32\fetepevo.dll moved successfully.
C:\WINDOWS\system32\siveraja.dll moved successfully.
File C:\dcgwhpoh.exe not found.
File C:\ddnany.exe not found.
File C:\tdndhuv.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Owner
->Temp folder emptied: 11216065 bytes
->Temporary Internet Files folder emptied: 12655519 bytes
->Java cache emptied: 18121015 bytes
->FireFox cache emptied: 3667877 bytes
->Google Chrome cache emptied: 856432 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 55825 bytes
Windows Temp folder emptied: 93249852 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10453692 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 113994 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 143.51 mb
OTL by OldTimer - Version 3.1.16.0 log created on 12122009_131156
Files\Folders moved on Reboot...
C:\WINDOWS\system32\kboem32.dat moved successfully.
File\Folder C:\WINDOWS\temp\mcmsc_Nj8vdwq2SJRjghd not found!
File\Folder C:\WINDOWS\temp\mcmsc_o5a0ypkktt1nGOQ not found!
Registry entries deleted on Reboot...
#5
Posted 13 December 2009 - 05:54 AM
Rorschach112
-
- Retired Staff
-
- 47,710 posts
Ralphie
hi
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
#6
Posted 16 December 2009 - 03:34 PM
Rorschach112
-
- Retired Staff
-
- 47,710 posts
Ralphie
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
