Vundo H, possibly others? [Solved]

(2 Pages)
1
2
→

Join to reply or start a new topic
This topic is locked

Vundo H, possibly others? [Solved] Browser Hijacking, Adware pop-ups, Anti-virals borked

#1 ImaginaryJimboWales

New Member

Group: Member
Posts: 8
Joined: 28-January 10
Operating System:Windows XP

Posted 28 January 2010 - 08:18 PM

Hi everyone. This is driving me up a wall.
Right now my browser searches (IE and Firefox are the only two I've tried) are usually hijacked by other searches, it changes a lot but searchfindsite is one that reoccurs. Pop ups for antiviral ads come up infrequently, as well as many other types of products. In fact, the only type I haven't seen come up are porn ads. If I enter the web address directly into the address bar I can usually connect without problems, but I can't connect at all to certain tech sites, this one for example, bleepingcomputer is another. I am using another computer right now, and shuttling programs and logs back and forth on a thumb drive. Generally everything is running very slowly, and freezing occurs regularly.
System Restore goes up to the 3rd(?) screen, the one where you've chosen the restore point and hit 'next' to start the restore process, only hitting 'next' doesn't do anything.

I have McAfee and I thought it was up to date, as it was set to automatically update. When I tried to actually use it I found that nothing would actually appear when I clicked on it. Trying to uninstall it results in freezing, and I can't install new a-v software with McAfee still on. So, right now I don't have a dedicated anti-virus program.

It took quite a while to figure out Anti-Malware, as I couldn't run it from my computer, and changing the setup name didn't work. I could run the installer directly from the web, but everything would install except mbam.exe...I downloaded a randomly named version of the exe file, Anti-Malware can run a successful scan now, and that's the most progress I've seen in two days. (I don't know if it needs to be said, but it doesn't appear that anything was fixed after the reboot)

I can't supply you with a GMER log, because GMER won't boot. I tried RKill, but 3 out of the 4 RKills don't work, I haven't tried the .pif version.

BTW, Vundofix did not find anything.

So, thanks for reading all that, thanks for any future help, apologies for grammatical errors because I am not really double-checking this, and without any further adieu, the logs:

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/28/2010 7:21:46 PM
mbam-log-2010-01-28 (19-21-46).txt

Scan type: Quick Scan
Objects scanned: 169139
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\govegomu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\lewadiye.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\SYSTEM32\yabuvasu.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5e6c721f-4889-4661-b70d-5667ea56efd3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\duharadak (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{5e6c721f-4889-4661-b70d-5667ea56efd3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\yuhipabod (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: govegomu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yabuvasu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\yabuvasu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\dabezoda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\govegomu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\japawisi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\kihugali.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lewadiye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\nosadepu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\reforola.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\towoyila.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vizalodu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wimisavi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yabuvasu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\zodetego.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ribehige.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

OTL logfile created on: 1/28/2010 8:08:51 PM - Run 2
OTL by OldTimer - Version 3.1.27.0 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 14.82 Gb Free Space | 19.90% Space Free | Partition Type: NTFS
Drive D: | 39.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 1.89 Gb Total Space | 1.87 Gb Free Space | 99.28% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DHXMGL31
Current User Name: James
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/28 14:48:50 | 00,548,864 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/01/08 10:49:45 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\James\Desktop\gmer.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:15 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\conime.exe
PRC - [2007/10/18 20:10:42 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/09/25 01:11:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2007/09/24 08:39:31 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/07/09 15:43:00 | 00,634,880 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
PRC - [2006/09/29 06:35:53 | 00,185,784 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/10/19 07:59:12 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
PRC - [2005/08/05 15:08:26 | 00,067,160 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2005/08/02 14:33:02 | 00,159,832 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\1132368428\ee\AOLHostManager.exe
PRC - [2005/08/02 14:33:02 | 00,151,640 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\1132368428\ee\AOLServiceHost.exe
PRC - [2005/02/16 22:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2004/12/07 21:39:31 | 00,385,024 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon Online\SupportCenter\SmartBridge\MotiveSB.exe
PRC - [2004/05/28 22:08:52 | 00,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
PRC - [2003/09/18 05:39:12 | 00,053,297 | ---- | M] () -- C:\lotus\notes\ntmulti.exe
PRC - [2003/08/29 03:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2003/06/24 10:46:30 | 00,245,760 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2003/05/15 18:41:15 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2002/10/08 12:00:24 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2000/08/08 15:00:00 | 00,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\gehufidu.dll
MOD - [2010/01/28 14:48:50 | 00,548,864 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2004/12/07 21:40:15 | 00,122,880 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon Online\SupportCenter\SmartBridge\SBHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - [2010/01/27 12:29:35 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/03/21 09:46:11 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/09/18 05:39:12 | 00,053,297 | ---- | M] () [Auto | Running] -- C:\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2002/10/08 12:00:24 | 00,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Driver Services (SafeList) ==========

DRV - [2009/12/02 08:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 11:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2008/06/20 06:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/01/18 13:36:59 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/05/04 20:40:22 | 00,215,040 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8187B.sys -- (RTL8187B)
DRV - [2005/10/19 07:59:12 | 00,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2005/03/28 20:57:32 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/12/13 09:44:04 | 00,014,848 | ---- | M] (NVIDIA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nvndis.sys -- (NvNdis)
DRV - [2004/10/11 11:28:18 | 00,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2004/08/04 00:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/06/21 05:40:48 | 00,051,088 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hpzid412.sys -- (HPZid412)
DRV - [2004/06/21 05:40:48 | 00,021,744 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - [2004/06/21 05:40:48 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - [2003/08/29 03:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/05/23 12:58:30 | 00,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/05/15 18:41:16 | 00,019,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\point32.sys -- (Point32)
DRV - [2003/04/15 09:40:54 | 00,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/04/15 09:40:46 | 00,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/02/28 09:17:18 | 00,545,024 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2002/11/08 13:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/08 12:00:46 | 00,019,140 | ---- | M] (America Online) [Kernel | On_Demand | Stopped] -- C:\Program Files\America Online 8.0\atwpkt2.sys -- (ATWPKT2)
DRV - [2002/10/08 11:57:40 | 00,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/02 09:57:12 | 00,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SjyPkt.sys -- (SjyPkt)
DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/08/29 05:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS -- (FsVga)
DRV - [2002/04/17 12:51:08 | 00,545,088 | R--- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tbcwdm.sys -- (tbcwdm)
DRV - [2002/04/17 12:51:08 | 00,144,768 | R--- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tbcspud.sys -- (tbcspud)
DRV - [2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2002/03/21 18:44:32 | 00,019,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys -- (vtdg46xx)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:03:32 | 00,030,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wceusbsh.sys -- (wceusbsh)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvu1.sys -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:11:06 | 00,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C AB D8 17 E3 9B CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.0.1.20090924050608
FF - prefs.js..extensions.enabledItems: tagiritoolbar@tagiri.jp:2.6.1
FF - prefs.js..network.proxy.no_proxies_on: "http://localhost,"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/26 15:13:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/08 10:49:56 | 00,000,000 | ---D | M]

[2009/11/05 17:27:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mozilla\Extensions
[2010/01/27 23:12:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\wyt83nhy.default\extensions
[2009/11/22 00:03:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\wyt83nhy.default\extensions\tagiritoolbar@tagiri.jp
[2010/01/28 01:28:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/29 06:37:21 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/11/05 17:26:43 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/09/24 21:10:26 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2007/09/19 21:28:36 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com
[2007/02/20 07:00:59 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/08/09 00:11:22 | 10,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/08/09 00:30:36 | 00,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

O1 HOSTS File: ([2002/08/29 05:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Mitter Toolbar) - {B3C48858-CC9C-452F-B6A4-48C95C59EB45} - C:\Program Files\Mitter Toolbar\ISLIEBand.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [duharadak] C:\WINDOWS\System32\gehufidu.DLL ()
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1132368428\ee\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\Verizon Online\SupportCenter\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinfernoUpdate] C:\Program Files\Common Files\Winferno\WSCUpdtr.exe (Winferno)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: DesktopStreaALUE ERROR. - {D80B3D84-E1EC-42ab-B630-F1E0C4E8BA97} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...ector/swdir.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (lewadiye.dll) - .Trashes [2009/12/16 09:48:12 | 00,000,000 | -H-D | M]
O20 - AppInit_DLLs: (c:\windows\system32\gehufidu.dll) - C:\WINDOWS\SYSTEM32\gehufidu.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: yategogad - {49160a9e-4785-4dba-a5c2-179e399a27cf} - C:\WINDOWS\SYSTEM32\gehufidu.dll ()
O22 - SharedTaskScheduler: {49160a9e-4785-4dba-a5c2-179e399a27cf} - tokatiluy - C:\WINDOWS\SYSTEM32\gehufidu.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/06/11 13:38:56 | 00,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4022c940-7e08-11d9-aa2b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4022c940-7e08-11d9-aa2b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4022c940-7e08-11d9-aa2b-806d6172696f}\Shell\AutoRun\command - "" = D:\kav2009.exe -- [2009/05/13 11:47:18 | 00,609,936 | R--- | M] (Kaspersky Labs GmbH)
O33 - MountPoints2\{794c69be-ff36-11da-aad0-00038a000015}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2003/10/01 19:07:02 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - .Trashes [2009/12/16 09:48:12 | 00,000,000 | -H-D | M]

CREATERESTOREPOINT
Error starting restore point: 3
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/01/28 18:55:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\Malwarebytes
[2010/01/28 18:54:11 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/28 18:54:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/28 18:54:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/28 18:34:37 | 01,394,000 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\James\Desktop\sMx7tVWTy.exe
[2010/01/27 23:29:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/27 23:28:33 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/27 23:25:36 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\James\Desktop\SysRestorePoint.exe
[2010/01/27 23:07:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/27 22:05:53 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\James\Desktop\jhgvfjkg.exe
[2010/01/27 18:30:54 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/01/27 18:30:44 | 00,119,808 | ---- | C] (Atribune.org) -- C:\VundoFix.exe
[2010/01/27 12:10:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/01/26 12:29:09 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/01/26 12:23:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/26 12:22:59 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/01/26 12:22:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/01/25 21:14:24 | 00,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/01/18 23:55:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Higurashi
[2010/01/12 21:35:51 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/05 12:59:56 | 00,000,000 | ---D | C] -- C:\Program Files\TweakNow RegCleaner
[2010/01/05 12:59:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\TweakNow RegCleaner
[2009/01/01 09:51:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/11/09 16:42:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Winferno
[2007/07/11 02:00:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/05/19 08:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2007/05/19 08:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2006/04/14 10:57:52 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/17 17:23:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/09/24 06:00:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/09/24 05:57:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[4 C:\Documents and Settings\James\My Documents\*.tmp files -> C:\Documents and Settings\James\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\gehufidu.dll
[2010/01/28 20:15:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/01/28 20:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\nminkyss.job
[2010/01/28 19:59:08 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/28 19:59:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/28 19:59:06 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/28 19:59:04 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/28 19:59:02 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/28 19:54:12 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/28 19:52:53 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/28 19:52:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/28 19:52:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/28 19:52:29 | 13,401,49760 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/28 19:51:28 | 08,388,608 | ---- | M] () -- C:\Documents and Settings\James\ntuser.dat
[2010/01/28 19:22:18 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\James\NTUSER.INI
[2010/01/28 19:17:48 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\hipomeka
[2010/01/28 18:54:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/28 16:00:00 | 00,000,424 | ---- | M] () -- C:\WINDOWS\tasks\{3F901249-4CD6-48F3-A42C-789CD412DD87}_DHXMGL31_EVIL ROBOT MINION #1.job
[2010/01/28 15:57:48 | 00,263,168 | ---- | M] () -- C:\Documents and Settings\James\Desktop\rkill.scr
[2010/01/28 15:39:12 | 01,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\James\Desktop\sMx7tVWTy.exe
[2010/01/28 14:48:32 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\James\Desktop\gmer.zip
[2010/01/27 22:01:36 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\James\Desktop\jhgvfjkg.exe
[2010/01/27 18:32:56 | 00,119,808 | ---- | M] (Atribune.org) -- C:\VundoFix.exe
[2010/01/26 14:26:02 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\James\My Documents\japa3sumthin.doc
[2010/01/26 12:23:32 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/25 21:11:32 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\housecall.guid.cache
[2010/01/25 00:33:01 | 00,226,816 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/25 00:22:44 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/22 16:00:00 | 00,000,424 | ---- | M] () -- C:\WINDOWS\tasks\{02715076-526E-43E9-AE34-04BBB4F7756E}_DHXMGL31_EVIL ROBOT MINION #1.job
[2010/01/22 12:14:26 | 00,022,371 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/22 09:00:00 | 00,000,424 | ---- | M] () -- C:\WINDOWS\tasks\{B9C32A25-A7B6-4FD7-ADD0-B79E4CC89B30}_DHXMGL31_EVIL ROBOT MINION #1.job
[2010/01/21 09:51:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/15 01:00:00 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/13 03:10:07 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/11 00:17:10 | 03,176,414 | -H-- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\IconCache.db
[2010/01/08 23:43:04 | 00,324,682 | ---- | M] () -- C:\Documents and Settings\James\My Documents\pixar-and-dreamworks.jpg
[2010/01/08 13:16:46 | 40,010,5733 | ---- | M] () -- C:\Documents and Settings\James\Desktop\[gg] Ookamikakushi - 01 [D9077B96].mkv
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/01 01:00:00 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[4 C:\Documents and Settings\James\My Documents\*.tmp files -> C:\Documents and Settings\James\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\gehufidu.dll
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\hipomeka
[2010/01/28 20:13:46 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\James\Desktop\gmer.zip
[2010/01/28 20:04:20 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\James\Desktop\gmer.exe
[2010/01/28 18:54:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/28 18:50:30 | 00,263,168 | ---- | C] () -- C:\Documents and Settings\James\Desktop\rkill.scr
[2010/01/28 02:01:49 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\nminkyss.job
[2010/01/27 22:59:01 | 13,401,49760 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/26 13:57:18 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/01/26 13:48:16 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\James\My Documents\japa3sumthin.doc
[2010/01/26 13:18:02 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/26 12:30:42 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/26 12:30:41 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/26 12:30:41 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/26 12:30:39 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/26 12:23:32 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/25 21:11:32 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\housecall.guid.cache
[2010/01/25 00:22:44 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/20 22:55:18 | 00,350,720 | ---- | C] () -- C:\Documents and Settings\James\Desktop\hjsplit.exe
[2010/01/08 23:43:16 | 00,324,682 | ---- | C] () -- C:\Documents and Settings\James\My Documents\pixar-and-dreamworks.jpg
[2010/01/08 12:36:31 | 40,010,5733 | ---- | C] () -- C:\Documents and Settings\James\Desktop\[gg] Ookamikakushi - 01 [D9077B96].mkv
[2009/05/21 02:31:10 | 00,000,022 | ---- | C] () -- C:\WINDOWS\pspvc_path.ini
[2009/01/13 22:26:22 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Bass Reduction
[2009/01/13 22:26:22 | 00,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Bundle
[2009/01/13 22:26:21 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/01/05 01:52:01 | 00,226,816 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/26 22:02:41 | 00,000,021 | ---- | C] () -- C:\WINDOWS\THUMBV~1.INI
[2007/03/26 21:55:23 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/03/26 21:51:40 | 00,001,851 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2007/03/26 21:51:36 | 00,000,295 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2007/03/26 21:50:17 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/03/26 19:32:16 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/26 12:06:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/01/19 09:11:37 | 00,002,945 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/22 14:36:26 | 00,001,089 | ---- | C] () -- C:\WINDOWS\atm.ini
[2005/10/11 13:01:52 | 00,000,066 | ---- | C] () -- C:\WINDOWS\ESPR200.ini
[2005/10/11 12:29:38 | 00,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2005/05/11 12:54:34 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\fusioncache.dat
[2005/02/13 16:10:18 | 00,008,142 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/09/06 09:34:43 | 00,000,104 | ---- | C] () -- C:\WINDOWS\notesnsd.ini
[2004/08/11 05:49:23 | 00,016,013 | ---- | C] () -- C:\WINDOWS\MediaShout EV2.ini
[2004/08/11 05:49:23 | 00,000,038 | ---- | C] () -- C:\WINDOWS\ShoutWriter EV2.ini
[2004/08/11 05:49:23 | 00,000,038 | ---- | C] () -- C:\WINDOWS\ShoutSinger EV2.ini
[2004/06/26 12:44:48 | 00,006,328 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2004/01/09 20:35:58 | 00,029,309 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/10/13 12:47:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\FoneSync.INI
[2003/10/12 20:43:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/08 16:02:01 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/10/01 19:47:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/10/01 19:41:58 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/10/01 19:41:57 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/01 19:28:05 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/01 19:27:50 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/01 19:14:46 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/07/11 09:59:46 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/07/11 09:57:52 | 00,000,839 | ---- | C] () -- C:\WINDOWS\ORUN32.INI

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/01/28 19:52:24 | 00,006,180 | ---- | M] () -- C:\aaw7boot.log
[2002/09/03 08:59:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/09/23 21:27:47 | 00,000,211 | -HS- | M] () -- C:\BOOT.INI
[2002/09/03 08:38:46 | 00,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2007/01/27 21:15:54 | 00,074,752 | ---- | M] () -- C:\b_1639a_us0_spine_insrt_1_in.doc
[2002/09/03 08:59:58 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/02/15 12:12:29 | 00,000,000 | ---- | M] () -- C:\CreateMarkers.log
[2003/10/01 19:18:38 | 00,005,154 | RH-- | M] () -- C:\DELL.SDR
[2008/01/08 11:51:02 | 00,005,459 | ---- | M] () -- C:\error.log
[2010/01/28 19:52:29 | 13,401,49760 | -HS- | M] () -- C:\hiberfil.sys
[2003/12/08 12:15:56 | 00,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll
[2002/09/03 08:59:58 | 00,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/03/26 19:34:27 | 00,001,329 | -H-- | M] () -- C:\IPH.PH
[2004/01/13 11:45:33 | 00,025,570 | ---- | M] () -- C:\MDacLog.txt
[2002/09/03 08:59:58 | 00,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/09/23 21:17:14 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/23 10:19:28 | 00,250,048 | RHS- | M] () -- C:\NTLDR
[2008/01/08 11:52:13 | 00,013,788 | ---- | M] () -- C:\output.log
[2010/01/28 19:52:25 | 40,265,3184 | -HS- | M] () -- C:\pagefile.sys
[2009/05/08 12:14:09 | 00,001,355 | ---- | M] () -- C:\plgdbgrpt.log
[2006/07/07 06:32:25 | 00,000,016 | ---- | M] () -- C:\s130
[2006/03/09 03:22:39 | 00,000,000 | ---- | M] () -- C:\s15g
[2006/09/06 02:59:22 | 00,000,000 | ---- | M] () -- C:\s18s
[2005/10/13 17:57:49 | 00,000,016 | ---- | M] () -- C:\s1bo
[2006/10/19 18:39:38 | 00,000,000 | ---- | M] () -- C:\s1bo.1
[2006/12/08 18:43:17 | 00,000,016 | ---- | M] () -- C:\s1d0
[2006/05/24 22:34:37 | 00,000,000 | ---- | M] () -- C:\s1hs
[2005/11/16 23:06:36 | 00,000,016 | ---- | M] () -- C:\s1l8
[2007/01/12 00:44:58 | 00,000,016 | ---- | M] () -- C:\s1m4
[2006/08/17 01:39:01 | 00,000,016 | ---- | M] () -- C:\s1p0
[2006/07/27 18:10:02 | 00,000,000 | ---- | M] () -- C:\s1pk
[2005/04/17 21:25:25 | 00,000,016 | ---- | M] () -- C:\s1ss
[2006/05/26 18:59:59 | 00,000,016 | ---- | M] () -- C:\s21k
[2006/09/06 17:36:05 | 00,000,016 | ---- | M] () -- C:\s25o
[2007/03/07 14:11:07 | 00,000,016 | ---- | M] () -- C:\s26k
[2006/08/16 12:13:17 | 00,000,000 | ---- | M] () -- C:\s26o
[2007/02/28 13:51:03 | 00,000,016 | ---- | M] () -- C:\s27k
[2006/05/10 02:07:32 | 00,000,000 | ---- | M] () -- C:\s280
[2006/08/26 14:42:35 | 00,000,016 | ---- | M] () -- C:\s290
[2007/02/27 06:38:14 | 00,000,000 | ---- | M] () -- C:\s298
[2006/05/16 06:36:17 | 00,000,000 | ---- | M] () -- C:\s2a0
[2007/03/10 09:50:24 | 00,000,016 | ---- | M] () -- C:\s2bc
[2006/05/20 02:39:40 | 00,000,016 | ---- | M] () -- C:\s2e0
[2006/04/28 08:16:40 | 00,000,016 | ---- | M] () -- C:\s2ik
[2006/07/07 14:56:43 | 00,000,016 | ---- | M] () -- C:\s2jc
[2006/12/13 11:55:40 | 00,000,016 | ---- | M] () -- C:\s2k0
[2007/03/01 08:09:58 | 00,000,016 | ---- | M] () -- C:\s2no
[2006/05/24 17:39:20 | 00,000,016 | ---- | M] () -- C:\s2ns
[2007/01/05 08:48:17 | 00,000,016 | ---- | M] () -- C:\s2o8
[2006/04/27 22:46:11 | 00,005,393 | ---- | M] () -- C:\s2q8
[2007/01/05 17:45:47 | 00,000,016 | ---- | M] () -- C:\s2qg
[2006/10/29 02:42:34 | 00,000,016 | ---- | M] () -- C:\s2s8
[2007/02/28 18:23:16 | 00,000,016 | ---- | M] () -- C:\s2to
[2006/06/29 12:10:36 | 00,000,000 | ---- | M] () -- C:\s2u8
[2006/06/17 20:54:31 | 00,000,016 | ---- | M] () -- C:\s2v4
[2007/01/11 01:58:53 | 00,000,016 | ---- | M] () -- C:\s30c
[2006/01/19 07:40:13 | 00,000,016 | ---- | M] () -- C:\s31s
[2006/11/24 20:59:29 | 00,000,016 | ---- | M] () -- C:\s324
[2007/09/03 15:47:14 | 00,000,016 | ---- | M] () -- C:\s32o
[2007/03/07 05:29:33 | 00,000,000 | ---- | M] () -- C:\s33o
[2006/05/12 12:45:02 | 00,000,016 | ---- | M] () -- C:\s33s
[2006/08/16 16:42:32 | 00,000,016 | ---- | M] () -- C:\s34k
[2006/10/28 22:06:23 | 00,000,000 | ---- | M] () -- C:\s34s
[2006/06/13 01:19:44 | 00,000,000 | ---- | M] () -- C:\s35g
[2006/11/07 23:07:56 | 00,000,000 | ---- | M] () -- C:\s360
[2006/01/21 05:48:45 | 00,000,016 | ---- | M] () -- C:\s380
[2006/06/30 06:54:44 | 00,000,016 | ---- | M] () -- C:\s38c
[2007/03/08 08:40:33 | 00,000,016 | ---- | M] () -- C:\s3bk
[2006/07/07 01:50:13 | 00,000,016 | ---- | M] () -- C:\s3c4
[2006/12/10 20:16:34 | 00,000,016 | ---- | M] () -- C:\s3co
[2006/05/25 03:19:46 | 00,000,016 | ---- | M] () -- C:\s3d4
[2006/12/01 17:41:49 | 00,000,000 | ---- | M] () -- C:\s3ds
[2006/04/28 12:40:52 | 00,000,016 | ---- | M] () -- C:\s3fs
[2007/03/06 06:37:11 | 00,000,016 | ---- | M] () -- C:\s3fs.1
[2006/12/08 23:05:32 | 00,000,016 | ---- | M] () -- C:\s3g0
[2006/05/19 21:41:31 | 00,000,016 | ---- | M] () -- C:\s3g4
[2006/08/25 01:54:42 | 00,000,016 | ---- | M] () -- C:\s3g8
[2006/12/13 07:46:27 | 00,000,016 | ---- | M] () -- C:\s3g8.1
[2007/01/05 04:36:06 | 00,000,016 | ---- | M] () -- C:\s3gc
[2006/01/23 07:10:26 | 00,000,000 | ---- | M] () -- C:\s3i0
[2007/04/05 11:31:04 | 00,000,016 | ---- | M] () -- C:\s3ic
[2007/01/05 13:27:31 | 00,000,016 | ---- | M] () -- C:\s3kg
[2006/08/26 19:18:46 | 00,000,016 | ---- | M] () -- C:\s3mc
[2006/06/17 12:09:07 | 00,000,000 | ---- | M] () -- C:\s3mg
[2007/02/22 13:40:32 | 00,000,016 | ---- | M] () -- C:\s3mk
[2006/10/20 23:11:33 | 00,000,000 | ---- | M] () -- C:\s3mo
[2006/07/06 21:27:02 | 00,000,016 | ---- | M] () -- C:\s3nc
[2006/07/29 10:36:27 | 00,000,016 | ---- | M] () -- C:\s3nc.1
[2007/01/19 19:21:25 | 00,000,000 | ---- | M] () -- C:\s3oc
[2007/02/22 05:01:00 | 00,000,016 | ---- | M] () -- C:\s3ok
[2007/02/22 18:13:08 | 00,000,016 | ---- | M] () -- C:\s3ok.1
[2006/07/06 02:13:24 | 00,000,000 | ---- | M] () -- C:\s3po
[2006/12/17 04:20:07 | 00,000,016 | ---- | M] () -- C:\s3po.1
[2006/02/23 06:49:30 | 00,000,000 | ---- | M] () -- C:\s3q0
[2006/08/26 23:37:57 | 00,000,016 | ---- | M] () -- C:\s3rg
[2007/03/08 03:54:21 | 00,000,016 | ---- | M] () -- C:\s3rs
[2006/10/06 16:18:03 | 00,000,016 | ---- | M] () -- C:\s3t0
[2006/10/31 02:03:07 | 00,000,016 | ---- | M] () -- C:\s44c
[2006/06/29 21:49:18 | 00,000,016 | ---- | M] () -- C:\s4go
[2007/03/30 14:19:35 | 00,000,000 | ---- | M] () -- C:\s5k4
[2006/12/26 17:18:39 | 00,000,016 | ---- | M] () -- C:\s5ng
[2006/07/06 11:59:49 | 00,000,016 | ---- | M] () -- C:\s60
[2006/06/28 17:25:39 | 00,000,016 | ---- | M] () -- C:\s6k
[2006/12/20 13:40:43 | 00,000,016 | ---- | M] () -- C:\s84
[2007/02/27 10:48:31 | 00,000,016 | ---- | M] () -- C:\s88
[2006/06/13 17:58:23 | 00,024,064 | ---- | M] () -- C:\Scene_1_polio.doc
[2006/01/20 15:37:50 | 00,000,000 | ---- | M] () -- C:\se4
[2005/12/09 10:30:21 | 00,000,000 | ---- | M] () -- C:\sg0
[2005/12/28 13:39:17 | 00,000,000 | ---- | M] () -- C:\sgk
[2003/10/08 14:12:13 | 00,000,509 | ---- | M] () -- C:\Shortcut to NotesUsers on The MacDonald Family Computer (Macdonaldfamily).lnk
[2007/12/08 19:39:47 | 00,015,517 | ---- | M] () -- C:\SIE2007.log
[2006/08/31 04:49:35 | 00,000,000 | ---- | M] () -- C:\sis
[2007/02/27 19:38:01 | 00,000,016 | ---- | M] () -- C:\sis.1
[2006/06/15 10:48:35 | 00,000,000 | ---- | M] () -- C:\su0
[2010/01/27 18:32:56 | 00,119,808 | ---- | M] (Atribune.org) -- C:\VundoFix.exe
[2010/01/27 22:56:37 | 00,000,400 | ---- | M] () -- C:\VundoFix.txt
[2009/09/25 22:11:48 | 18,353,5350 | ---- | M] () -- C:\[a.f.k.] The Melancholy of Haruhi Suzumiya 2 - 10.avi
[2009/09/25 22:31:30 | 23,441,0270 | ---- | M] () -- C:\[AonE]_Sora_no_Manimani_05_[CCFD48F2].mkv
[2009/09/22 19:14:07 | 37,151,4655 | ---- | M] () -- C:\[gg]_Bakemonogatari_-_11_[E3AAF21C].mkv
[2009/09/27 22:22:09 | 37,153,2170 | ---- | M] () -- C:\[gg]_Bakemonogatari_-_12_[4F8856B0].mkv
[2009/12/12 23:35:32 | 13,145,462 | ---- | M] () -- C:\[Yuurisan-Subs]_Dance_In_The_Vampire_Bund_PV_[04F3EA23].mkv
[2007/11/21 11:13:36 | 00,002,334 | ---- | M] () -- C:\_Sid.txt

< MD5 for: AGP440.SYS >
[2004/09/23 21:11:56 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2009/03/23 10:11:53 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2004/09/23 21:11:56 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/03/23 10:11:53 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 13:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 05:00:00 | 10,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 05:00:00 | 10,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2004/09/23 21:11:56 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2009/03/23 10:11:53 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2004/09/23 21:11:56 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/03/23 10:11:53 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/01/31 15:43:30 | 00,087,040 | ---- | M] (Microsoft Corporation) MD5=3C33F5479520844A186C2D43ECFFD477 -- C:\I386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002/08/29 05:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 05:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002/08/29 05:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2009/03/08 04:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll
[2009/12/21 14:14:03 | 00,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\iepeers.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/01/18 21:20:41 | 00,000,000 | ---D | M] -- C:\Program Files\07th_Expansion
[2008/07/21 16:04:52 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/03/26 22:05:45 | 00,000,000 | ---D | M] -- C:\Program Files\AIM
[2005/04/04 17:44:58 | 00,000,000 | ---D | M] -- C:\Program Files\America Online 8.0
[2005/11/18 21:45:51 | 00,000,000 | ---D | M] -- C:\Program Files\AOD
[2005/11/18 21:47:45 | 00,000,000 | ---D | M] -- C:\Program Files\AOL
[2003/10/01 19:44:17 | 00,000,000 | ---D | M] -- C:\Program Files\AOL Companion
[2008/01/04 09:36:09 | 00,000,000 | ---D | M] -- C:\Program Files\AOL Games
[2008/12/28 11:54:35 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/01/13 22:24:03 | 00,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2007/09/19 21:27:55 | 00,000,000 | ---D | M] -- C:\Program Files\AvantGo Connect
[2009/11/26 08:23:58 | 00,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2008/12/28 11:58:59 | 00,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2003/10/01 19:12:26 | 00,000,000 | ---D | M] -- C:\Program Files\Britannica
[2003/10/01 19:40:11 | 00,000,000 | ---D | M] -- C:\Program Files\Broadcom Management Programs
[2006/09/11 08:16:10 | 00,000,000 | ---D | M] -- C:\Program Files\Cartoon Network
[2009/11/26 08:25:51 | 00,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
[2009/01/13 22:27:48 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2003/10/01 19:12:24 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2005/05/02 21:18:14 | 00,000,000 | ---D | M] -- C:\Program Files\Dell
[2003/10/01 19:42:18 | 00,000,000 | ---D | M] -- C:\Program Files\Dell Computer
[2009/07/11 19:27:09 | 00,000,000 | ---D | M] -- C:\Program Files\DesignPro
[2004/04/04 10:04:58 | 00,000,000 | ---D | M] -- C:\Program Files\Disney
[2006/03/30 07:14:26 | 00,000,000 | ---D | M] -- C:\Program Files\EPSON
[2009/12/09 10:38:44 | 00,000,000 | ---D | M] -- C:\Program Files\EPSON Print CD
[2005/10/11 13:40:29 | 00,000,000 | ---D | M] -- C:\Program Files\EPSON Software
[2010/01/27 23:29:01 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2007/09/19 21:28:06 | 00,000,000 | ---D | M] -- C:\Program Files\Finale 2002
[2008/01/30 20:30:17 | 00,000,000 | ---D | M] -- C:\Program Files\Finale 2006b
[2009/05/08 12:09:24 | 00,000,000 | ---D | M] -- C:\Program Files\Finale 2008
[2007/12/23 22:00:09 | 00,000,000 | ---D | M] -- C:\Program Files\Finale Performance Assessment
[2009/01/01 14:47:13 | 00,000,000 | ---D | M] -- C:\Program Files\FLV Player
[2003/10/12 20:41:07 | 00,000,000 | ---D | M] -- C:\Program Files\FoneSync
[2009/12/09 00:11:28 | 00,000,000 | ---D | M] -- C:\Program Files\Free Mp3 Wma Ogg Converter
[2008/02/26 21:49:23 | 00,000,000 | ---D | M] -- C:\Program Files\Garritan Instruments for Finale
[2007/12/11 21:05:29 | 00,000,000 | ---D | M] -- C:\Program Files\GMD2K5
[2009/07/14 00:59:47 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2005/05/04 21:46:09 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2004/08/15 19:33:53 | 00,000,000 | ---D | M] -- C:\Program Files\HighMAT CD Writing Wizard
[2008/01/30 18:21:49 | 00,000,000 | ---D | M] -- C:\Program Files\HP
[2009/11/23 11:49:02 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/08/16 16:19:59 | 00,000,000 | ---D | M] -- C:\Program Files\InstantPublisherColor Helper
[2010/01/22 03:20:35 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/12/28 12:04:57 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/07/10 20:03:59 | 00,000,000 | ---D | M] -- C:\Program Files\ipsXP
[2008/12/28 12:05:26 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2003/10/01 19:41:30 | 00,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2009/07/14 01:02:20 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2008/01/30 21:08:35 | 00,000,000 | ---D | M] -- C:\Program Files\Kontakt Player 2
[2006/05/21 19:44:25 | 00,000,000 | ---D | M] -- C:\Program Files\KORG
[2010/01/26 12:22:59 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2010/01/28 18:55:07 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/01/30 20:56:44 | 00,000,000 | ---D | M] -- C:\Program Files\Maxis
[2010/01/28 19:29:55 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee
[2007/12/09 16:48:27 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2007/09/19 21:28:01 | 00,000,000 | ---D | M] -- C:\Program Files\MediaShout EV
[2009/03/23 11:33:11 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2007/09/19 21:27:56 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/05/10 02:04:52 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2003/10/01 19:12:26 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2004/09/04 21:42:48 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2009/10/27 21:11:41 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/02/05 19:49:44 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Picture It! PhotoPub
[2006/11/20 07:26:31 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
[2003/10/12 20:43:20 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2003/10/12 20:36:48 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2001
[2009/11/23 11:50:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mitter Toolbar
[2003/10/01 19:41:15 | 00,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2004/10/13 11:09:01 | 00,000,000 | ---D | M] -- C:\Program Files\Motive
[2009/03/23 10:26:33 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/01/28 20:06:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/07/29 14:04:19 | 00,000,000 | ---D | M] -- C:\Program Files\MP3 Converter Pro
[2009/05/21 02:09:23 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/10/27 21:10:40 | 00,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/02/19 21:27:45 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2003/10/01 19:12:22 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/03/02 17:38:14 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2006/01/06 10:25:32 | 00,000,000 | ---D | M] -- C:\Program Files\MsnMusic
[2006/11/19 03:04:38 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2005/11/19 18:08:49 | 00,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2006/03/13 19:31:26 | 00,000,000 | ---D | M] -- C:\Program Files\Musicnotes
[2006/03/22 14:15:21 | 00,000,000 | ---D | M] -- C:\Program Files\Native Instruments
[2009/03/23 10:23:23 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2007/03/26 21:51:21 | 00,000,000 | ---D | M] -- C:\Program Files\NewSoft
[2009/01/13 22:27:18 | 00,000,000 | ---D | M] -- C:\Program Files\Nikon
[2005/02/13 17:15:34 | 00,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2005/05/07 12:26:34 | 00,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate11
[2003/10/01 19:12:24 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/08/13 02:07:12 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2005/05/07 09:36:45 | 00,000,000 | ---D | M] -- C:\Program Files\Overland
[2009/11/26 08:23:12 | 00,000,000 | ---D | M] -- C:\Program Files\pspvc
[2003/10/01 19:42:01 | 00,000,000 | ---D | M] -- C:\Program Files\QUICKENW
[2008/12/28 11:58:30 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/01/02 16:10:16 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime(2)
[2003/10/01 19:44:57 | 00,000,000 | ---D | M] -- C:\Program Files\Real
[2009/05/21 01:59:45 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/03/24 20:28:12 | 00,000,000 | ---D | M] -- C:\Program Files\Replay Media Catcher
[2008/06/17 13:19:06 | 00,000,000 | ---D | M] -- C:\Program Files\Sibelius Software
[2005/11/25 15:07:04 | 00,000,000 | ---D | M] -- C:\Program Files\Skype
[2003/10/12 21:53:08 | 00,000,000 | ---D | M] -- C:\Program Files\SmartMusic
[2009/06/29 18:53:37 | 00,000,000 | ---D | M] -- C:\Program Files\SmileDownloader
[2006/03/13 20:02:07 | 00,000,000 | ---D | M] -- C:\Program Files\Sunhawk
[2005/04/17 21:21:24 | 00,000,000 | ---D | M] -- C:\Program Files\Symantec
[2003/12/15 16:36:39 | 00,000,000 | ---D | M] -- C:\Program Files\THQ
[2009/07/13 04:00:16 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2008/01/18 13:36:16 | 00,000,000 | ---D | M] -- C:\Program Files\TRENDnet
[2004/06/26 13:08:50 | 00,000,000 | ---D | M] -- C:\Program Files\Turtle Beach
[2010/01/05 13:07:04 | 00,000,000 | ---D | M] -- C:\Program Files\TweakNow RegCleaner
[2004/07/05 20:26:39 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2004/10/13 11:08:40 | 00,000,000 | ---D | M] -- C:\Program Files\Verizon Online
[2009/01/05 20:11:40 | 00,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2004/03/29 07:06:06 | 00,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2004/06/26 13:04:43 | 00,000,000 | ---D | M] -- C:\Program Files\Voyetra Turtle Beach
[2009/06/22 14:05:30 | 00,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2004/03/05 16:57:43 | 00,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2007/11/29 22:36:02 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live Favorites
[2007/11/29 22:36:21 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2008/07/21 13:30:58 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/03/23 10:23:18 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/03/23 10:23:17 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/12 21:02:23 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/12/08 23:43:44 | 00,000,000 | ---D | M] -- C:\Program Files\Winferno
[2009/02/17 00:34:51 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2003/10/01 19:13:02 | 00,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 11
[2008/01/08 11:44:58 | 00,000,000 | ---D | M] -- C:\Program Files\Worship Kitchen
[2003/10/01 19:12:02 | 00,000,000 | ---D | M] -- C:\Program Files\XEROX
[2006/05/16 06:33:29 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2006/01/27 17:27:35 | 00,000,000 | ---D | M] -- C:\Program Files\YAMAHA

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-22 08:02:56

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BootVerificationProgram /s >

< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug /s >
"Auto" = 1
"Debugger" = drwtsn32 -p %ld -e %ld -g -- [2002/08/29 05:00:00 | 00,045,568 | ---- | M] (Microsoft Corporation)
"UserDebuggerHotKey" = 0

========== Files - Unicode (All) ==========
[2009/09/02 22:09:45 | 07,977,827 | ---- | M] ()(C:\Documents and Settings\James\Desktop\?y??‰1???“?z?F?S?Z‰d?y?I???W?i???z.mp3) -- C:\Documents and Settings\James\Desktop\y‹¾‰¹ƒŠƒ“z˜FS—Z‰ðyƒIƒŠƒWƒiƒ‹z.mp3
[2009/09/02 22:08:06 | 07,977,827 | ---- | C] ()(C:\Documents and Settings\James\Desktop\?y??‰1???“?z?F?S?Z‰d?y?I???W?i???z.mp3) -- C:\Documents and Settings\James\Desktop\y‹¾‰¹ƒŠƒ“z˜FS—Z‰ðyƒIƒŠƒWƒiƒ‹z.mp3
< End of report >

OTL Extras logfile created on: 1/28/2010 3:12:28 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 14.90 Gb Free Space | 20.01% Space Free | Partition Type: NTFS
Drive D: | 39.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 1.89 Gb Total Space | 1.87 Gb Free Space | 99.17% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DHXMGL31
Current User Name: James
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\aol\1132368428\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\aol\1132368428\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\aol\1132368428\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\aol\1132368428\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\WINDOWS\SYSTEM32\winlogon.exe" = C:\WINDOWS\SYSTEM32\winlogon.exe:*:Enabled:winlogon -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\logonui.exe" = C:\WINDOWS\SYSTEM32\logonui.exe:*:Enabled:logonui -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{02A232A7-07E1-47B7-AA38-C34FE6E44499}" = SoundCheck
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA DVD Decoder
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
"{15D9EB74-998E-4A04-B468-51C2E7B32182}" = Microsoft Picture It! Publishing 2001
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B81F3FE-94DC-4725-9F7E-4FB000247864}" = Dolet Light for Finale 2006
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{32CCF5D6-30F7-4570-93A4-2B897ADDB22B}" = Lotus Notes 6.5
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4DF2AFE3-7348-4C17-8A51-C66A88B251A0}" = KORG TR Voice Name List
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64116298-93C5-401D-B06C-39D8E3338508}" = DAO
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{783033B0-D8E6-11D5-9293-0050BA073EEC}" = Presto! ImageFolio 4.2
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{8A0BD487-D185-4316-92CE-9E415C3AC6DB}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{962DE60D-D080-4E77-BD0C-F97A179C50B7}" = Microsoft Windows Vista Upgrade Advisor
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D58580-EA01-11D3-9318-008048B86EFE}" = Turtle Beach Santa Cruz Driver
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AFA50277-FC1D-4A68-BAFB-5C901363442B}" = Presto! Mr.Photo 3
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43421C0-0DCB-4F26-8A3B-BF16155F9879}" = TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0
"{D2EB7405-329E-49AF-A076-CF1C72994A51}" = KORG USB-MIDI Driver Tools for Windows XP
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D76E927F-E292-434B-9661-3858F5D7BF63}" = EPSON PhotoCenter
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA7BBDA3-EE10-4E6A-9B83-DEE0D80BD5EC}" = Mitter Toolbar
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"America Online us" = America Online
"AOL Explorer" = AOL Explorer
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Toolbar" = AOL Toolbar 2.0
"AolCoach" = AOL Coach Version 1.0(Build:20020823.1)
"AviSynth" = AviSynth 2.5
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Combined Community Codec Pack BETA_is1" = Combined Community Codec Pack BETA 2009-09-19
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Finale 2002" = Finale 2002
"Finale 2008" = Finale 2008
"Finale Performance Assessment" = Finale Performance Assessment
"FLV Player" = FLV Player 2.0 (build 25)
"FoneSync" = FoneSync
"Free Mp3 Wma Ogg Converter_is1" = Free Mp3 Wma Ogg Converter 7.0.1
"Galaris Musicians Directory_is1" = Galaris Musicians Directory 2005
"Garritan Instruments for Finale" = Garritan Instruments for Finale
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"InstallShield_{C43421C0-0DCB-4F26-8A3B-BF16155F9879}" = TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility
"InstantPublisherColor Web Helper" = InstantPublisherColor Web Helper
"ips XP_is1" = ips XP 1.11.2600
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaShout EV" = MediaShout EV
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MP3 Converter Pro full version update_is1" = MP3 Converter Pro full version update 1.1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Musicnotes Player_is1" = Musicnotes Player V1.22.2
"Native Instruments Finale GPO" = Native Instruments Finale GPO
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PSPVC" = PSPVC :: PSP Video Converter v3.75
"Quicken 2002 New User Edition" = Quicken 2002 New User Edition
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"Replay Media Catcher 3.02" = Replay Media Catcher 3.02
"Shockwave" = Shockwave
"SmileDownloader_is1" = SmileDownloader Version 1.23
"Solero Music Viewer_is1" = Solero Music Viewer
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"Verizon.MCCInstall" = Verizon Online Support Center
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"Windows CE Services" = Microsoft ActiveSync 3.5
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Worship Kitchen" = Worship Kitchen
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/30/2009 11:32:52 AM | Computer Name = DHXMGL31 | Source = Application Error | ID = 1000
Description = Faulting application btdownloadgui.exe, version 0.0.0.0, faulting
module unknown, version 0.0.0.0, fault address 0x00b26a63.

Error - 10/2/2009 12:34:36 AM | Computer Name = DHXMGL31 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/18/2009 10:36:28 PM | Computer Name = DHXMGL31 | Source = Application Hang | ID = 1002
Description = Hanging application instsub.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2009 11:12:10 PM | Computer Name = DHXMGL31 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting
module googletoolbardynamic_32_d5b8545f3cfb02d4.dll, version 6.2.1910.1554, fault
address 0x00146347.

Error - 10/23/2009 11:08:34 PM | Computer Name = DHXMGL31 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/24/2009 9:56:44 PM | Computer Name = DHXMGL31 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/24/2009 9:56:44 PM | Computer Name = DHXMGL31 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/24/2009 9:56:45 PM | Computer Name = DHXMGL31 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/24/2009 9:56:45 PM | Computer Name = DHXMGL31 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/24/2009 9:56:58 PM | Computer Name = DHXMGL31 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 1/28/2010 3:57:00 PM | Computer Name = DHXMGL31 | Source = Service Control Manager | ID = 7000
Description = The McAfee Network Agent service failed to start due to the following
error: %%1053

Error - 1/28/2010 3:57:00 PM | Computer Name = DHXMGL31 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee Proxy Service
service to connect.

Error - 1/28/2010 3:57:00 PM | Computer Name = DHXMGL31 | Source = Service Control Manager | ID = 7000
Description = The McAfee Proxy Service service failed to start due to the following
error: %%1053

Error - 1/28/2010 3:57:00 PM | Computer Name = DHXMGL31 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee Real-time Scanner
service to connect.

Error - 1/28/2010 3:57:00 PM | Computer Name = DHXMGL31 | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%1053

Error - 1/28/2010 3:57:00 PM | Computer Name = DHXMGL31 | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 1/28/2010 3:57:29 PM | Computer Name = DHXMGL31 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 1/28/2010 3:57:29 PM | Computer Name = DHXMGL31 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 1/28/2010 4:00:22 PM | Computer Name = DHXMGL31 | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.

Error - 1/28/2010 4:02:22 PM | Computer Name = DHXMGL31 | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.

< End of report >

#2 Rorschach112

Ralphie

Group: GeekU Moderator
Posts: 47,362
Joined: 23-March 07
Location:Dublin
Operating System:XP

Posted 29 January 2010 - 07:58 AM

where else have you posted for help ?

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
MOD - [2099/01/01 12:00:00 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\gehufidu.dll
O4 - HKLM..\Run: [duharadak] C:\WINDOWS\System32\gehufidu.DLL ()
O20 - AppInit_DLLs: (lewadiye.dll) - .Trashes [2009/12/16 09:48:12 | 00,000,000 | -H-D | M]
O20 - AppInit_DLLs: (c:\windows\system32\gehufidu.dll) - C:\WINDOWS\SYSTEM32\gehufidu.dll ()
O21 - SSODL: yategogad - {49160a9e-4785-4dba-a5c2-179e399a27cf} - C:\WINDOWS\SYSTEM32\gehufidu.dll ()
O22 - SharedTaskScheduler: {49160a9e-4785-4dba-a5c2-179e399a27cf} - tokatiluy - C:\WINDOWS\SYSTEM32\gehufidu.dll ()
O32 - AutoRun File - [2008/06/11 13:38:56 | 00,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4022c940-7e08-11d9-aa2b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4022c940-7e08-11d9-aa2b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4022c940-7e08-11d9-aa2b-806d6172696f}\Shell\AutoRun\command - "" = D:\kav2009.exe -- [2009/05/13 11:47:18 | 00,609,936 | R--- | M] (Kaspersky Labs GmbH)
O33 - MountPoints2\{794c69be-ff36-11da-aad0-00038a000015}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
[2099/01/01 12:00:00 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\gehufidu.dll
[2010/01/28 19:17:48 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\hipomeka
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\winlogon.exe"=-
"C:\WINDOWS\SYSTEM32\logonui.exe"=-

:Services



:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Do you recognise these files

[2006/07/07 06:32:25 | 00,000,016 | ---- | M] () -- C:\s130
[2006/03/09 03:22:39 | 00,000,000 | ---- | M] () -- C:\s15g
[2006/09/06 02:59:22 | 00,000,000 | ---- | M] () -- C:\s18s
[2005/10/13 17:57:49 | 00,000,016 | ---- | M] () -- C:\s1bo

#3 ImaginaryJimboWales

New Member

Group: Member
Posts: 8
Joined: 28-January 10
Operating System:Windows XP

Posted 29 January 2010 - 01:12 PM

Hi, thanks for your help. This is the only forum I've posted on.
I did that, and attached its log below. Computer seems to be doing the same things (tried to boot gmer, tried to access geekstogo, received a nice internet survey ad for my trouble).
I don't recognize those files, but there sure are a lot of them.

ˇ˛A

Edit: Okay, I'm not sure why, but it's not posting my log. It shows up fine in the window, but "ˇ˛A" is the only part of it that goes through.

This post has been edited by ImaginaryJimboWales: 29 January 2010 - 01:18 PM

#4 Rorschach112

Ralphie

Group: GeekU Moderator
Posts: 47,362
Joined: 23-March 07
Location:Dublin
Operating System:XP

Posted 29 January 2010 - 05:19 PM

hi

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum

Click on "New Topic"
Put your name, e-mail address, and this as the title: "C:\s130"
Put a link to this topic in the description box.
Then next to the file box, at the bottom, click the browse button, then navigate to this file:
- C:\s130
Click Open.
Click Post.

Thank you!

Download ComboFix here :

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix\ComboFix.txt log in your next reply.

#5 ImaginaryJimboWales

New Member

Group: Member
Posts: 8
Joined: 28-January 10
Operating System:Windows XP

Posted 30 January 2010 - 02:13 AM

Well, this is pretty exciting, I'm now able to view geekstogo on the infected(?) computer, everything seems to be going fairly smoothly. No pop ups, although the computer has blue screened a couple times in the middle of gmer scans (I thought I'd put that up too, but the multiple crashes made me decide against it)

ComboFix 10-01-29.05 - James 9/2010 Fri 23:58:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1278.717 [GMT -5:00]
Running from: c:\documents and settings\James\Desktop\asaegdgag31433fe.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll
c:\documents and settings\All Users\Application Data\h8srtmainqt.dll
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\EventSystem.log
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\H8SRTukfoxwnqla.sys
c:\windows\system32\gehufidu.dll
c:\windows\system32\H8SRThnphagimkx.dll
c:\windows\system32\H8SRTkwrsdplhoy.dll
c:\windows\system32\H8SRTqltxekrlaq.dat
c:\windows\system32\H8SRTrnytdwuowu.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTswrhvmkxcs.dll
c:\windows\Tasks\nminkyss.job

----- BITS: Possible infected sites -----

hxxp://82.98.235.39
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys

((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-28 23:55 . 2010-01-28 23:55 -------- d-----w- c:\documents and settings\James\Application Data\Malwarebytes
2010-01-28 23:54 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-28 23:54 . 2010-01-28 23:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 23:54 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-28 06:48 . 2010-01-28 06:48 -------- d-sh--w- c:\documents and settings\EVIL ROBOT MINION #1\PrivacIE
2010-01-28 06:46 . 2010-01-28 06:46 -------- d-sh--w- c:\documents and settings\EVIL ROBOT MINION #1\IETldCache
2010-01-28 04:28 . 2010-01-28 04:29 -------- d-----w- c:\program files\ERUNT
2010-01-28 04:07 . 2010-01-28 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-27 23:30 . 2010-01-27 23:30 -------- d-----w- C:\VundoFix Backups
2010-01-27 23:30 . 2010-01-27 23:32 119808 ----a-w- C:\VundoFix.exe
2010-01-27 23:00 . 2010-01-27 23:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-01-27 17:10 . 2010-01-27 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-27 03:33 . 2010-01-27 03:33 -------- d-----w- c:\documents and settings\Administrator.DHXMGL31\Local Settings\Application Data\Apple Computer
2010-01-26 20:13 . 2010-01-26 20:13 -------- d-----w- c:\documents and settings\Administrator.DHXMGL31\Local Settings\Application Data\Mozilla
2010-01-26 18:57 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-26 17:29 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-26 17:23 . 2010-01-26 17:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-26 17:22 . 2010-01-26 17:22 -------- d-----w- c:\program files\Lavasoft
2010-01-26 17:22 . 2010-01-26 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-26 02:14 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-01-26 00:33 . 2010-01-26 00:33 -------- d-sh--w- c:\documents and settings\Administrator.DHXMGL31\PrivacIE
2010-01-26 00:33 . 2010-01-26 00:33 -------- d-sh--w- c:\documents and settings\Administrator.DHXMGL31\IETldCache
2010-01-19 04:55 . 2010-01-19 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Higurashi
2010-01-13 02:35 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-05 17:59 . 2010-01-05 18:07 -------- d-----w- c:\program files\TweakNow RegCleaner
2010-01-05 17:59 . 2010-01-05 17:59 -------- d-----w- c:\documents and settings\James\Application Data\TweakNow RegCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 03:51 . 2009-07-14 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-29 00:29 . 2007-12-09 21:47 -------- d-----w- c:\program files\McAfee
2010-01-28 06:49 . 2003-10-10 21:34 171872 ----a-w- c:\documents and settings\EVIL ROBOT MINION #1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-28 06:48 . 2010-01-28 06:48 15256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2010-01-28 06:48 . 2010-01-28 06:48 15256 ----a-w- c:\documents and settings\EVIL ROBOT MINION #1\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2010-01-28 04:14 . 2010-01-28 04:14 152576 ----a-w- c:\documents and settings\James\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-28 04:14 . 2010-01-28 04:14 79488 ----a-w- c:\documents and settings\James\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-27 20:50 . 2007-12-09 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-01-19 02:20 . 2009-10-19 02:24 -------- d-----w- c:\program files\07th_Expansion
2009-12-21 19:14 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-09 15:38 . 2005-10-11 18:44 -------- d-----w- c:\program files\EPSON Print CD
2009-12-09 05:11 . 2009-12-09 05:11 -------- d-----w- c:\documents and settings\James\Application Data\Free Mp3 Wma Ogg Converter
2009-12-09 05:11 . 2009-12-09 05:11 -------- d-----w- c:\program files\Free Mp3 Wma Ogg Converter
2009-12-07 14:10 . 2010-01-26 17:23 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-11-05 13:53 . 2003-10-08 16:39 171872 ----a-w- c:\documents and settings\Doris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 05:11 . 2009-08-09 05:11 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-08-09 05:30 . 2009-08-09 05:30 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-08 28739]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-24 68856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2006-01-24 7094272]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-06-24 245760]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-08-08 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-08-08 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-08 28739]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"Motive SmartBridge"="c:\progra~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2004-12-08 385024]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"HostManager"="c:\program files\Common Files\AOL\1132368428\ee\AOLHostManager.exe" [2005-08-02 159832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-29 185784]
"WinfernoUpdate"="c:\program files\Common Files\Winferno\WSCUpdtr.exe" [2007-01-09 1482752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 8.0 Tray Icon.lnk - c:\program files\America Online 8.0\aoltray.exe [2003-10-1 36939]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-8-8 65588]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-8-8 24633]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
Verizon Online Support Center.lnk - c:\program files\Verizon Online\SupportCenter\bin\matcli.exe [2004-10-13 204800]
Wireless Configuration Utility HW.14.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2007-7-9 634880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Common Files\\aol\\1132368428\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/26/2010 12:29 PM 64288]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\SYSTEM32\DRIVERS\RTL8187B.sys [1/18/2008 1:37 PM 215040]
R3 SjyPkt;SjyPkt;c:\windows\SYSTEM32\DRIVERS\SjyPkt.sys [10/2/2002 9:57 AM 13532]
R3 tbcspud;Santa Cruz Driver;c:\windows\SYSTEM32\DRIVERS\tbcspud.sys [6/26/2004 12:38 PM 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\SYSTEM32\DRIVERS\tbcwdm.sys [6/26/2004 12:38 PM 545088]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]
S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [6/26/2004 1:02 PM 19232]
.
Contents of the 'Scheduled Tasks' folder

2010-01-30 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:29]

2010-01-30 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:29]

2010-01-30 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:29]

2010-01-30 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:29]

2010-01-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:29]

2010-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-30 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2010-01-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 14:46]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-29 17:22]

2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-29 17:22]

2010-01-22 c:\windows\Tasks\{02715076-526E-43E9-AE34-04BBB4F7756E}_DHXMGL31_EVIL ROBOT MINION BB356053E240771DC2BD19F380F73A9B2BE32237.job
- c:\windows\System32\MOBSYNC.EXE [2002-08-29 00:12]

2010-01-28 c:\windows\Tasks\{3F901249-4CD6-48F3-A42C-789CD412DD87}_DHXMGL31_EVIL ROBOT MINION BB356053E240771DC2BD19F380F73A9B2BE32237.job
- c:\windows\System32\MOBSYNC.EXE [2002-08-29 00:12]

2010-01-29 c:\windows\Tasks\{B9C32A25-A7B6-4FD7-ADD0-B79E4CC89B30}_DHXMGL31_EVIL ROBOT MINION BB356053E240771DC2BD19F380F73A9B2BE32237.job
- c:\windows\System32\MOBSYNC.EXE [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = hxxp://localhost;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{644B7837-F1E9-4dba-853C-7E304F51968B}
IE: {{D80B3D84-E1EC-42ab-B630-F1E0C4E8BA97}
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\wyt83nhy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\Doris\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-duharadak - c:\windows\system32\gehufidu.dll
SharedTaskScheduler-{49160a9e-4785-4dba-a5c2-179e399a27cf} - c:\windows\system32\gehufidu.dll
SSODL-yategogad-{49160a9e-4785-4dba-a5c2-179e399a27cf} - c:\windows\system32\gehufidu.dll
SafeBoot-MCODS
AddRemove-AdobeESD - c:\program files\Common Files\Adobe\ESD\uninst.exe
AddRemove-Combined Community Codec Pack_is1 - e:\combined community codec pack\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 00:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???(???????x???x???????????x???????????x???x??????????? ??????????????????????????????w????????????j??w????x???x??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3944)
c:\windows\system32\WININET.dll
c:\progra~1\VERIZO~1\SUPPOR~1\SMARTB~1\SBHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\lotus\notes\ntmulti.exe
c:\windows\wanmpsvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\conime.exe
c:\windows\BCMSMMSG.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\AOL\1132368428\ee\AOLServiceHost.exe
c:\program files\Verizon Online\SupportCenter\bin\mpbtn.exe
c:\program files\Common Files\AOL\1132368428\ee\AOLServiceHost.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Completion time: 2010-01-30 00:43:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-30 05:43

Pre-Run: 15,845,879,808 bytes free
Post-Run: 19,483,217,920 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 89FF94D319A485EFF7625F1C659EFFD9

#6 Rorschach112

Ralphie

Group: GeekU Moderator
Posts: 47,362
Joined: 23-March 07
Location:Dublin
Operating System:XP

Posted 30 January 2010 - 06:01 AM

hi

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2006/07/07 06:32:25 | 00,000,016 | ---- | M] () -- C:\s130
[2006/03/09 03:22:39 | 00,000,000 | ---- | M] () -- C:\s15g
[2006/09/06 02:59:22 | 00,000,000 | ---- | M] () -- C:\s18s
[2005/10/13 17:57:49 | 00,000,016 | ---- | M] () -- C:\s1bo
[2006/10/19 18:39:38 | 00,000,000 | ---- | M] () -- C:\s1bo.1
[2006/12/08 18:43:17 | 00,000,016 | ---- | M] () -- C:\s1d0
[2006/05/24 22:34:37 | 00,000,000 | ---- | M] () -- C:\s1hs
[2005/11/16 23:06:36 | 00,000,016 | ---- | M] () -- C:\s1l8
[2007/01/12 00:44:58 | 00,000,016 | ---- | M] () -- C:\s1m4
[2006/08/17 01:39:01 | 00,000,016 | ---- | M] () -- C:\s1p0
[2006/07/27 18:10:02 | 00,000,000 | ---- | M] () -- C:\s1pk
[2005/04/17 21:25:25 | 00,000,016 | ---- | M] () -- C:\s1ss
[2006/05/26 18:59:59 | 00,000,016 | ---- | M] () -- C:\s21k
[2006/09/06 17:36:05 | 00,000,016 | ---- | M] () -- C:\s25o
[2007/03/07 14:11:07 | 00,000,016 | ---- | M] () -- C:\s26k
[2006/08/16 12:13:17 | 00,000,000 | ---- | M] () -- C:\s26o
[2007/02/28 13:51:03 | 00,000,016 | ---- | M] () -- C:\s27k
[2006/05/10 02:07:32 | 00,000,000 | ---- | M] () -- C:\s280
[2006/08/26 14:42:35 | 00,000,016 | ---- | M] () -- C:\s290
[2007/02/27 06:38:14 | 00,000,000 | ---- | M] () -- C:\s298
[2006/05/16 06:36:17 | 00,000,000 | ---- | M] () -- C:\s2a0
[2007/03/10 09:50:24 | 00,000,016 | ---- | M] () -- C:\s2bc
[2006/05/20 02:39:40 | 00,000,016 | ---- | M] () -- C:\s2e0
[2006/04/28 08:16:40 | 00,000,016 | ---- | M] () -- C:\s2ik
[2006/07/07 14:56:43 | 00,000,016 | ---- | M] () -- C:\s2jc
[2006/12/13 11:55:40 | 00,000,016 | ---- | M] () -- C:\s2k0
[2007/03/01 08:09:58 | 00,000,016 | ---- | M] () -- C:\s2no
[2006/05/24 17:39:20 | 00,000,016 | ---- | M] () -- C:\s2ns
[2007/01/05 08:48:17 | 00,000,016 | ---- | M] () -- C:\s2o8
[2006/04/27 22:46:11 | 00,005,393 | ---- | M] () -- C:\s2q8
[2007/01/05 17:45:47 | 00,000,016 | ---- | M] () -- C:\s2qg
[2006/10/29 02:42:34 | 00,000,016 | ---- | M] () -- C:\s2s8
[2007/02/28 18:23:16 | 00,000,016 | ---- | M] () -- C:\s2to
[2006/06/29 12:10:36 | 00,000,000 | ---- | M] () -- C:\s2u8
[2006/06/17 20:54:31 | 00,000,016 | ---- | M] () -- C:\s2v4
[2007/01/11 01:58:53 | 00,000,016 | ---- | M] () -- C:\s30c
[2006/01/19 07:40:13 | 00,000,016 | ---- | M] () -- C:\s31s
[2006/11/24 20:59:29 | 00,000,016 | ---- | M] () -- C:\s324
[2007/09/03 15:47:14 | 00,000,016 | ---- | M] () -- C:\s32o
[2007/03/07 05:29:33 | 00,000,000 | ---- | M] () -- C:\s33o
[2006/05/12 12:45:02 | 00,000,016 | ---- | M] () -- C:\s33s
[2006/08/16 16:42:32 | 00,000,016 | ---- | M] () -- C:\s34k
[2006/10/28 22:06:23 | 00,000,000 | ---- | M] () -- C:\s34s
[2006/06/13 01:19:44 | 00,000,000 | ---- | M] () -- C:\s35g
[2006/11/07 23:07:56 | 00,000,000 | ---- | M] () -- C:\s360
[2006/01/21 05:48:45 | 00,000,016 | ---- | M] () -- C:\s380
[2006/06/30 06:54:44 | 00,000,016 | ---- | M] () -- C:\s38c
[2007/03/08 08:40:33 | 00,000,016 | ---- | M] () -- C:\s3bk
[2006/07/07 01:50:13 | 00,000,016 | ---- | M] () -- C:\s3c4
[2006/12/10 20:16:34 | 00,000,016 | ---- | M] () -- C:\s3co
[2006/05/25 03:19:46 | 00,000,016 | ---- | M] () -- C:\s3d4
[2006/12/01 17:41:49 | 00,000,000 | ---- | M] () -- C:\s3ds
[2006/04/28 12:40:52 | 00,000,016 | ---- | M] () -- C:\s3fs
[2007/03/06 06:37:11 | 00,000,016 | ---- | M] () -- C:\s3fs.1
[2006/12/08 23:05:32 | 00,000,016 | ---- | M] () -- C:\s3g0
[2006/05/19 21:41:31 | 00,000,016 | ---- | M] () -- C:\s3g4
[2006/08/25 01:54:42 | 00,000,016 | ---- | M] () -- C:\s3g8
[2006/12/13 07:46:27 | 00,000,016 | ---- | M] () -- C:\s3g8.1
[2007/01/05 04:36:06 | 00,000,016 | ---- | M] () -- C:\s3gc
[2006/01/23 07:10:26 | 00,000,000 | ---- | M] () -- C:\s3i0
[2007/04/05 11:31:04 | 00,000,016 | ---- | M] () -- C:\s3ic
[2007/01/05 13:27:31 | 00,000,016 | ---- | M] () -- C:\s3kg
[2006/08/26 19:18:46 | 00,000,016 | ---- | M] () -- C:\s3mc
[2006/06/17 12:09:07 | 00,000,000 | ---- | M] () -- C:\s3mg
[2007/02/22 13:40:32 | 00,000,016 | ---- | M] () -- C:\s3mk
[2006/10/20 23:11:33 | 00,000,000 | ---- | M] () -- C:\s3mo
[2006/07/06 21:27:02 | 00,000,016 | ---- | M] () -- C:\s3nc
[2006/07/29 10:36:27 | 00,000,016 | ---- | M] () -- C:\s3nc.1
[2007/01/19 19:21:25 | 00,000,000 | ---- | M] () -- C:\s3oc
[2007/02/22 05:01:00 | 00,000,016 | ---- | M] () -- C:\s3ok
[2007/02/22 18:13:08 | 00,000,016 | ---- | M] () -- C:\s3ok.1
[2006/07/06 02:13:24 | 00,000,000 | ---- | M] () -- C:\s3po
[2006/12/17 04:20:07 | 00,000,016 | ---- | M] () -- C:\s3po.1
[2006/02/23 06:49:30 | 00,000,000 | ---- | M] () -- C:\s3q0
[2006/08/26 23:37:57 | 00,000,016 | ---- | M] () -- C:\s3rg
[2007/03/08 03:54:21 | 00,000,016 | ---- | M] () -- C:\s3rs
[2006/10/06 16:18:03 | 00,000,016 | ---- | M] () -- C:\s3t0
[2006/10/31 02:03:07 | 00,000,016 | ---- | M] () -- C:\s44c
[2006/06/29 21:49:18 | 00,000,016 | ---- | M] () -- C:\s4go
[2007/03/30 14:19:35 | 00,000,000 | ---- | M] () -- C:\s5k4
[2006/12/26 17:18:39 | 00,000,016 | ---- | M] () -- C:\s5ng
[2006/07/06 11:59:49 | 00,000,016 | ---- | M] () -- C:\s60
[2006/06/28 17:25:39 | 00,000,016 | ---- | M] () -- C:\s6k
[2006/12/20 13:40:43 | 00,000,016 | ---- | M] () -- C:\s84
[2007/02/27 10:48:31 | 00,000,016 | ---- | M] () -- C:\s88
[2006/01/20 15:37:50 | 00,000,000 | ---- | M] () -- C:\se4
[2005/12/09 10:30:21 | 00,000,000 | ---- | M] () -- C:\sg0
[2005/12/28 13:39:17 | 00,000,000 | ---- | M] () -- C:\sgk
[2006/08/31 04:49:35 | 00,000,000 | ---- | M] () -- C:\sis
[2007/02/27 19:38:01 | 00,000,016 | ---- | M] () -- C:\sis.1
[2006/06/15 10:48:35 | 00,000,000 | ---- | M] () -- C:\su0
[2010/01/27 18:32:56 | 00,119,808 | ---- | M] (Atribune.org) -- C:\VundoFix.exe
[2010/01/27 22:56:37 | 00,000,400 | ---- | M] () -- C:\VundoFix.txt

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

#7 ImaginaryJimboWales

New Member

Group: Member
Posts: 8
Joined: 28-January 10
Operating System:Windows XP

Posted 01 February 2010 - 01:53 PM

Hey, I just wanted to give a status update so I don't completely disappear off the radar. I'm up to the Kaspersky online scan part of the process, but a)this is a really, really long scan and b) both times I've run it overnight firefox has crashed. I'm trying it with IE right now. By the way, the last time I tried it (last night) I went to bed with it at six hours and 8% completed. Is this a normal length of time for this? Anyway, here's MBAM:

Malwarebytes' Anti-Malware 1.44
Database version: 3665
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/30/2010 11:15:14 PM
mbam-log-2010-01-30 (23-15-14).txt

Scan type: Quick Scan
Objects scanned: 175012
Time elapsed: 42 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 Rorschach112

Ralphie

Group: GeekU Moderator
Posts: 47,362
Joined: 23-March 07
Location:Dublin
Operating System:XP

Posted 01 February 2010 - 06:43 PM

it takes a while

if you cant get it working we can skip it

#9 ImaginaryJimboWales

New Member

Group: Member
Posts: 8
Joined: 28-January 10
Operating System:Windows XP

Posted 02 February 2010 - 05:05 PM

Here's the Kaspersky log. I was also able to uninstall the remains of McAfee, and I have a new copy of Kaspersky AV lying around that can be installed whenever.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, February 2, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, February 01, 2010 13:54:30
Records in database: 3393933
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 297585
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 19:10:58

File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\H8SRTukfoxwnqla.sys.vir Infected: Rootkit.Win32.TDSS.ac 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\H8SRThnphagimkx.dll.vir Infected: Packed.Win32.TDSS.aa 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\H8SRTrnytdwuowu.dll.vir Infected: Packed.Win32.TDSS.aa 1

Selected area has been scanned.

#10 Rorschach112

Ralphie

Group: GeekU Moderator
Posts: 47,362
Joined: 23-March 07
Location:Dublin
Operating System:XP

Posted 02 February 2010 - 05:06 PM

any redirects ?

#11 ImaginaryJimboWales

New Member

Group: Member
Posts: 8
Joined: 28-January 10
Operating System:Windows XP

Posted 02 February 2010 - 06:17 PM

No, everything looks pretty good. Think that's it? Oh, also, do I need to manually remove the stuff that's quarantined or is it okay to leave it?

Edit: Okay, I do have a slight issue which is kind of related. I was able to get through the uninstall for McAfee (there are still files left over in the McAfee folder however), but Kaspersky still picks it up and prevents an install. It's not listed in the add remove program list either. Tweaknow removed some registry files for McAfee, but I'm not sure what else can be done. mcctxmnu.dll, which is in the McAfee Virus Scan folder is a file that I'm unable to remove.

This post has been edited by ImaginaryJimboWales: 02 February 2010 - 09:35 PM

#12 Rorschach112

Ralphie

Group: GeekU Moderator
Posts: 47,362
Joined: 23-March 07
Location:Dublin
Operating System:XP

Posted 03 February 2010 - 12:39 PM

hi

[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

and run the mcafee removal tool

http://majorgeeks.com/McAfee_Consumer_Prod...Tool_d5420.html

#13 ImaginaryJimboWales

New Member

Group: Member
Posts: 8
Joined: 28-January 10
Operating System:Windows XP

Posted 03 February 2010 - 02:14 PM

McAfee removed, thanks

OTL logfile created on: 2/3/2010 2:57:07 PM - Run 3
OTL by OldTimer - Version 3.1.27.0 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 18.50 Gb Free Space | 24.84% Space Free | Partition Type: NTFS
Drive D: | 39.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 1.89 Gb Total Space | 1.87 Gb Free Space | 99.03% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DHXMGL31
Current User Name: James
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/28 14:48:50 | 00,548,864 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/01/27 12:29:37 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/27 12:29:35 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:15 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\conime.exe
PRC - [2007/10/18 20:10:42 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/09/25 01:11:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2007/09/24 08:39:31 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/07/09 15:43:00 | 00,634,880 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
PRC - [2006/09/29 06:35:53 | 00,185,784 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/10/19 07:59:12 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
PRC - [2005/08/05 15:08:26 | 00,067,160 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2005/08/02 14:33:02 | 00,159,832 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\1132368428\ee\AOLHostManager.exe
PRC - [2005/08/02 14:33:02 | 00,151,640 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\1132368428\ee\AOLServiceHost.exe
PRC - [2005/02/16 22:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2004/12/07 21:39:31 | 00,385,024 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon Online\SupportCenter\SmartBridge\MotiveSB.exe
PRC - [2004/05/28 22:08:52 | 00,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
PRC - [2003/09/18 05:39:12 | 00,053,297 | ---- | M] () -- C:\lotus\notes\ntmulti.exe
PRC - [2003/08/29 03:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2003/05/15 18:41:15 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2002/10/08 12:00:24 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/08/29 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE
PRC - [2002/08/09 18:00:58 | 00,221,184 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
PRC - [2000/08/08 15:00:00 | 00,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

========== Modules (SafeList) ==========

MOD - [2010/01/28 14:48:50 | 00,548,864 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2004/12/07 21:40:15 | 00,122,880 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon Online\SupportCenter\SmartBridge\SBHook.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/01/27 12:29:35 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/03/21 09:46:11 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/09/18 05:39:12 | 00,053,297 | ---- | M] () [Auto | Running] -- C:\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2002/10/08 12:00:24 | 00,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 57 48 C0 63 A1 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.0.1.20090924050608
FF - prefs.js..extensions.enabledItems: tagiritoolbar@tagiri.jp:2.6.1
FF - prefs.js..network.proxy.no_proxies_on: "http://localhost,"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/26 15:13:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/08 10:49:56 | 00,000,000 | ---D | M]

[2009/11/05 17:27:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mozilla\Extensions
[2010/02/03 11:58:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\wyt83nhy.default\extensions
[2009/11/22 00:03:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\wyt83nhy.default\extensions\tagiritoolbar@tagiri.jp
[2010/02/03 11:58:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/29 06:37:21 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/11/05 17:26:43 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/09/24 21:10:26 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2007/09/19 21:28:36 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com
[2007/02/20 07:00:59 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/08/09 00:11:22 | 10,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/08/09 00:30:36 | 00,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

O1 HOSTS File: ([2010/01/30 13:33:24 | 00,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Mitter Toolbar) - {B3C48858-CC9C-452F-B6A4-48C95C59EB45} - C:\Program Files\Mitter Toolbar\ISLIEBand.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1132368428\ee\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\Verizon Online\SupportCenter\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinfernoUpdate] C:\Program Files\Common Files\Winferno\WSCUpdtr.exe (Winferno)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: DesktopStreaALUE ERROR. - {D80B3D84-E1EC-42ab-B630-F1E0C4E8BA97} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...ector/swdir.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/06/11 13:38:56 | 00,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/30 03:36:59 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/30 01:20:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/01/30 00:53:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\gmer
[2010/01/29 23:38:49 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/29 23:36:49 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/29 23:36:49 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/29 23:36:49 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/29 23:36:49 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/29 23:35:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/28 18:55:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\Malwarebytes
[2010/01/28 18:54:11 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/28 18:54:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/28 18:54:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/27 23:29:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/27 23:28:33 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/27 23:25:36 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\James\Desktop\SysRestorePoint.exe
[2010/01/27 23:07:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/27 22:05:53 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\James\Desktop\jhgvfjkg.exe
[2010/01/27 18:30:54 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/01/27 12:10:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/01/26 12:29:09 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/01/26 12:23:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/26 12:22:59 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/01/26 12:22:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/01/25 21:14:24 | 00,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/01/01 09:51:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/11/09 16:42:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Winferno
[2007/07/11 02:00:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/05/19 08:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2007/05/19 08:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2006/04/14 10:57:52 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/17 17:23:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/09/24 06:00:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/09/24 05:57:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[4 C:\Documents and Settings\James\My Documents\*.tmp files -> C:\Documents and Settings\James\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/03 14:15:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/02/03 14:14:57 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/03 14:14:56 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/03 14:14:56 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/03 14:14:55 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/03 14:14:54 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/03 14:12:55 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/03 14:12:14 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/03 14:12:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/03 14:11:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/03 14:11:53 | 13,401,49760 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/03 14:10:59 | 08,388,608 | ---- | M] () -- C:\Documents and Settings\James\ntuser.dat
[2010/02/03 14:10:59 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\James\NTUSER.INI
[2010/02/03 09:00:00 | 00,000,424 | ---- | M] () -- C:\WINDOWS\tasks\{B9C32A25-A7B6-4FD7-ADD0-B79E4CC89B30}_DHXMGL31_EVIL ROBOT MINION #1.job
[2010/02/02 16:00:00 | 00,000,424 | ---- | M] () -- C:\WINDOWS\tasks\{3F901249-4CD6-48F3-A42C-789CD412DD87}_DHXMGL31_EVIL ROBOT MINION #1.job
[2010/02/01 06:45:59 | 00,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/02/01 06:45:59 | 00,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/02/01 01:02:15 | 00,226,816 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/01 01:00:00 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/01/31 20:20:05 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\James\My Documents\japa310.doc
[2010/01/30 13:33:24 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2010/01/30 01:09:52 | 03,873,280 | ---- | M] () -- C:\7da11e193329f0.bup
[2010/01/30 00:29:05 | 00,000,420 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/30 00:25:59 | 03,873,280 | ---- | M] () -- C:\7da11e0193b1960.bup
[2010/01/29 23:58:05 | 00,003,072 | ---- | M] () -- C:\7da11d173a51770.bup
[2010/01/29 23:38:57 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/01/28 18:54:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/28 15:57:48 | 00,263,168 | ---- | M] () -- C:\Documents and Settings\James\Desktop\rkill.scr
[2010/01/27 22:01:36 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\James\Desktop\jhgvfjkg.exe
[2010/01/26 14:26:02 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\James\My Documents\japa3sumthin.doc
[2010/01/26 12:23:32 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/25 21:11:32 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\housecall.guid.cache
[2010/01/25 00:22:44 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/22 16:00:00 | 00,000,424 | ---- | M] () -- C:\WINDOWS\tasks\{02715076-526E-43E9-AE34-04BBB4F7756E}_DHXMGL31_EVIL ROBOT MINION #1.job
[2010/01/21 09:51:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\Documents and Settings\James\My Documents\*.tmp files -> C:\Documents and Settings\James\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/01 06:35:16 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/02/01 06:35:16 | 00,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/01/31 20:20:04 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\James\My Documents\japa310.doc
[2010/01/30 01:09:51 | 03,873,280 | ---- | C] () -- C:\7da11e193329f0.bup
[2010/01/30 00:25:59 | 03,873,280 | ---- | C] () -- C:\7da11e0193b1960.bup
[2010/01/29 23:58:05 | 00,003,072 | ---- | C] () -- C:\7da11d173a51770.bup
[2010/01/29 23:38:57 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/29 23:38:50 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/29 23:36:49 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/29 23:36:49 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/29 23:36:49 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/29 23:36:49 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/29 23:36:49 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/29 13:46:11 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/29 13:46:10 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/28 18:54:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/28 18:50:30 | 00,263,168 | ---- | C] () -- C:\Documents and Settings\James\Desktop\rkill.scr
[2010/01/27 22:59:01 | 13,401,49760 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/26 13:57:18 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/01/26 13:48:16 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\James\My Documents\japa3sumthin.doc
[2010/01/26 12:30:41 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/26 12:30:41 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/26 12:30:39 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/26 12:23:32 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/25 21:11:32 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\housecall.guid.cache
[2010/01/25 00:22:44 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/20 22:55:18 | 00,350,720 | ---- | C] () -- C:\Documents and Settings\James\Desktop\hjsplit.exe
[2009/05/21 02:31:10 | 00,000,022 | ---- | C] () -- C:\WINDOWS\pspvc_path.ini
[2009/01/13 22:26:22 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Bass Reduction
[2009/01/13 22:26:22 | 00,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Bundle
[2009/01/13 22:26:21 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/01/05 01:52:01 | 00,226,816 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/26 22:02:41 | 00,000,021 | ---- | C] () -- C:\WINDOWS\THUMBV~1.INI
[2007/03/26 21:55:23 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/03/26 21:51:40 | 00,001,851 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2007/03/26 21:51:36 | 00,000,295 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2007/03/26 21:50:17 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/03/26 19:32:16 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/26 12:06:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/01/19 09:11:37 | 00,002,945 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/22 14:36:26 | 00,001,089 | ---- | C] () -- C:\WINDOWS\atm.ini
[2005/10/11 13:01:52 | 00,000,066 | ---- | C] () -- C:\WINDOWS\ESPR200.ini
[2005/10/11 12:29:38 | 00,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2005/05/11 12:54:34 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\fusioncache.dat
[2005/02/13 16:10:18 | 00,008,142 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/09/06 09:34:43 | 00,000,104 | ---- | C] () -- C:\WINDOWS\notesnsd.ini
[2004/08/11 05:49:23 | 00,016,013 | ---- | C] () -- C:\WINDOWS\MediaShout EV2.ini
[2004/08/11 05:49:23 | 00,000,038 | ---- | C] () -- C:\WINDOWS\ShoutWriter EV2.ini
[2004/08/11 05:49:23 | 00,000,038 | ---- | C] () -- C:\WINDOWS\ShoutSinger EV2.ini
[2004/06/26 12:44:48 | 00,006,328 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2004/01/09 20:35:58 | 00,029,309 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/10/13 12:47:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\FoneSync.INI
[2003/10/12 20:43:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/08 16:02:01 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/10/01 19:47:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/10/01 19:41:58 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/10/01 19:41:57 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/01 19:28:05 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/01 19:27:50 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/01 19:14:46 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/07/11 09:59:46 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/07/11 09:57:52 | 00,000,839 | ---- | C] () -- C:\WINDOWS\ORUN32.INI

========== LOP Check ==========

[2008/01/08 11:46:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigiCont
[2009/01/13 22:26:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/01/19 00:06:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Higurashi
[2006/04/14 16:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MVTLogs
[2009/01/13 22:27:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/08/18 20:35:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ONScripter-En
[2009/07/29 13:59:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pianosoft
[2009/01/13 22:26:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/08/18 20:51:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Umineko1newdemo
[2009/10/28 13:48:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Umineko4final
[2007/04/18 21:12:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/01/08 11:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Worship Kitchen
[2008/12/28 12:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/01/26 12:23:36 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/01/05 17:07:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\.BitTornado
[2009/01/27 16:18:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Aim
[2009/12/09 00:11:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Free Mp3 Wma Ogg Converter
[2009/11/23 11:49:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\TAGIRI
[2010/01/05 12:59:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\TweakNow RegCleaner
[2010/02/03 14:14:54 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/02/03 14:14:55 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/02/03 14:14:56 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/02/03 14:14:56 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/02/03 14:14:57 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/02/03 14:15:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2010/01/15 01:00:00 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/02/01 01:00:00 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/01/22 16:00:00 | 00,000,424 | ---- | M] () -- C:\WINDOWS\Tasks\{02715076-526E-43E9-AE34-04BBB4F7756E}_DHXMGL31_EVIL ROBOT MINION #1.job
[2010/02/02 16:00:00 | 00,000,424 | ---- | M] () -- C:\WINDOWS\Tasks\{3F901249-4CD6-48F3-A42C-789CD412DD87}_DHXMGL31_EVIL ROBOT MINION #1.job
[2010/02/03 09:00:00 | 00,000,424 | ---- | M] () -- C:\WINDOWS\Tasks\{B9C32A25-A7B6-4FD7-ADD0-B79E4CC89B30}_DHXMGL31_EVIL ROBOT MINION #1.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2009/09/22 21:44:25 | 37,444,7393 | ---- | M] ()(C:\[qIIq]a??_Bakemonogataria??_-a??_03a??_[720p][h264][6901BDDB]a??.mkv) -- C:\[qIIq]â€‹_Bakemonogatariâ€‹_-â€‹_03â€‹_[720p][h264][6901BDDB]â€‹.mkv
[2009/09/22 21:20:50 | 37,444,7393 | ---- | C] ()(C:\[qIIq]a??_Bakemonogataria??_-a??_03a??_[720p][h264][6901BDDB]a??.mkv) -- C:\[qIIq]â€‹_Bakemonogatariâ€‹_-â€‹_03â€‹_[720p][h264][6901BDDB]â€‹.mkv
[2009/09/02 22:09:45 | 07,977,827 | ---- | M] ()(C:\Documents and Settings\James\Desktop\?y??‰1???“?z?F?S?Z‰d?y?I???W?i???z.mp3) -- C:\Documents and Settings\James\Desktop\y‹¾‰¹ƒŠƒ“z˜FS—Z‰ðyƒIƒŠƒWƒiƒ‹z.mp3
[2009/09/02 22:08:06 | 07,977,827 | ---- | C] ()(C:\Documents and Settings\James\Desktop\?y??‰1???“?z?F?S?Z‰d?y?I???W?i???z.mp3) -- C:\Documents and Settings\James\Desktop\y‹¾‰¹ƒŠƒ“z˜FS—Z‰ðyƒIƒŠƒWƒiƒ‹z.mp3
< End of report >

#14 Rorschach112

Ralphie

Group: GeekU Moderator
Posts: 47,362
Joined: 23-March 07
Location:Dublin
Operating System:XP

Posted 03 February 2010 - 02:20 PM

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Below I have included a number of recommendations for how to protect your computer against malware infections.

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

#15 ImaginaryJimboWales

New Member

Group: Member
Posts: 8
Joined: 28-January 10
Operating System:Windows XP

Posted 03 February 2010 - 02:27 PM

Awesome, thank you so much for all of your help.

Edit: I guess I can't really use paypal anonymously, and it didn't let me attach a note either, so let me say again that I really appreciate the time you spent to help me, and best to you.

This post has been edited by ImaginaryJimboWales: 03 February 2010 - 02:31 PM