"XP Smart Security 2010 Alert" Malware Problem [Closed]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

"XP Smart Security 2010 Alert" Malware Problem [Closed]

#1 cify1964

Group: Member
Posts: 7
Joined: 03-April 10

Posted 03 April 2010 - 06:24 AM

Hi,

I have this virus that is called Xp security tool. It pops up with fake popups saying"virus infection" or other things like that trying to trick me into buying whatever. ive tried the malware self removal guide. But I'm not sure what I should do next. Looks like I have a root kit infection too. Please help.

OTL log attached.

ark.txt (4.17K)
Number of downloads: 120ARK log attached.

OTL.Txt (112.09K)
Number of downloads: 143

OTL.Txt (112.09K)
Number of downloads: 143

I cannot get malware bytes to run because it can't find the MBAM.exe file. I check the unzipped folder and it is not in there.

OTL logfile created on: 4/3/2010 7:20:40 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = G:\download\Utilities\virus malware
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.45 Gb Total Space | 9.37 Gb Free Space | 34.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 97.65 Gb Total Space | 85.31 Gb Free Space | 87.36% Space Free | Partition Type: NTFS
Drive G: | 97.63 Gb Total Space | 77.08 Gb Free Space | 78.96% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DKHOME
Current User Name: Kans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/03 05:32:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- G:\download\Utilities\virus malware\OTL.exe
PRC - [2009/12/06 20:18:40 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) -- F:\SandraLite\RpcAgentSrv.exe
PRC - [2007/08/31 14:13:41 | 000,988,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2007/08/31 13:58:50 | 000,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

========== Modules (SafeList) ==========

MOD - [2010/04/03 05:32:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- G:\download\Utilities\virus malware\OTL.exe
MOD - [2010/01/02 21:16:37 | 000,065,536 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\maguwewo\maguwewo.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/06 20:18:40 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/12/06 20:18:37 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/11/16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) [Auto | Running] -- F:\SandraLite\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.90
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2008/09/11 06:03:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/08 16:24:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/13 09:23:18 | 000,000,000 | ---D | M]

[2009/06/13 09:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\Mozilla\Extensions
[2009/06/16 09:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\Mozilla\Firefox\Profiles\ez0txv14.default\extensions
[2009/06/13 09:29:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Kans\Application Data\Mozilla\Firefox\Profiles\ez0txv14.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/06/13 09:23:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/05/21 06:16:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
[2007/11/09 16:10:22 | 000,079,440 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/11/09 16:10:24 | 000,075,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/11/09 16:10:50 | 000,034,384 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/11/09 16:11:08 | 000,333,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/11/09 16:11:38 | 000,030,288 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/01/23 12:31:45 | 000,372,853 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 12875 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - No CLSID value found.
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {ae5e807a-8733-4e2d-8e9d-1c16cf4fe557} - C:\Documents and Settings\All Users\Application Data\topitavi\topitavi.dll File not found
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - F:\VeohTV\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ratafedatu] File not found
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.09\RivaTuner.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [UIWatcher] G:\Ashampoo\UnInstallerP2\UIWatcher.exe (ashampoo GmbH & Co. KG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Kans\Start Menu\Programs\Startup\QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\BS2000\qshelf2k.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\NPJPI150_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://citgo2.cdc.g...AWEB/icaweb.cab (Citrix ICA Client)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\Documents and Settings\All Users\Application Data\gedofano\gedofano.dll) - C:\Documents and Settings\All Users\Application Data\gedofano\gedofano.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Kans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/21 18:39:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/11/21 18:38:44 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (206158430208)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/03 06:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kans\Application Data\Malwarebytes
[2010/04/03 06:18:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/03 06:18:35 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/03 06:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/03 06:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/03 06:08:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/03 06:08:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/03 06:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/03 06:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/03 06:05:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/03 06:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/03 05:55:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kans\Recent
[2010/04/02 21:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\topitavi
[2010/04/02 21:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\maguwewo
[2010/04/02 21:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gedofano
[2009/03/16 14:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/02/19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 14 Days ==========

[2010/04/03 07:14:40 | 000,001,166 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH
[2010/04/03 07:08:34 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/04/03 07:08:34 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/04/03 07:02:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/03 06:54:09 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Kans\NTUSER.DAT
[2010/04/03 06:18:38 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 06:16:11 | 000,000,172 | -HS- | M] () -- C:\Documents and Settings\Kans\ntuser.ini
[2010/04/03 06:04:09 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Kans\Desktop\NTREGOPT.lnk
[2010/04/03 06:04:08 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Kans\Desktop\ERUNT.lnk
[2010/04/03 05:00:12 | 000,000,298 | ---- | M] () -- C:\Documents and Settings\Kans\Desktop\exefix.reg
[2010/04/03 04:33:56 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Kans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/03 04:26:58 | 000,000,058 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2010/04/03 04:25:03 | 000,000,004 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/04/02 05:50:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/27 15:59:45 | 000,139,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

========== Files Created - No Company Name ==========

[2010/04/03 06:18:38 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 06:04:09 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Kans\Desktop\NTREGOPT.lnk
[2010/04/03 06:04:08 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Kans\Desktop\ERUNT.lnk
[2010/04/03 05:04:03 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\Kans\Desktop\exefix.reg
[2010/04/03 04:26:58 | 000,000,058 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/04/03 02:49:15 | 000,001,166 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH
[2009/02/23 19:18:33 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/02/23 19:18:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/02/23 19:18:25 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2009/02/23 19:18:25 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009/02/23 19:18:04 | 000,000,004 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/02/23 18:13:21 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/02/23 18:10:01 | 000,002,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/02/23 06:40:00 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\itevio.dll
[2008/12/16 05:59:04 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Kans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/26 10:20:27 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/31 08:48:06 | 007,118,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2008/06/25 05:14:43 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2008/06/13 09:54:05 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\NVStrap.sys
[2008/05/27 06:48:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/05/27 05:28:39 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/05/27 05:28:39 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/05/02 22:46:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/02 22:46:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/02 22:46:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/02 22:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/02 22:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 10:42:48 | 000,004,827 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI
[2008/04/12 07:51:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/11 19:00:02 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/10/19 19:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/19 19:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/19 19:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/10/18 04:02:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/01 15:29:31 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\Kans\Application Data\AdobeDLM.log
[2007/01/01 15:29:31 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Kans\Application Data\dm.ini
[2006/12/24 10:01:54 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Kans\Local Settings\Application Data\fusioncache.dat
[2006/12/16 11:38:08 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/11/25 12:57:29 | 000,000,620 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/25 07:44:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2006/11/10 08:08:50 | 000,028,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/02/02 11:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2010/04/02 21:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gedofano
[2010/04/02 21:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\maguwewo
[2008/04/28 11:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Movielink
[2008/05/27 06:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/09/11 06:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2008/05/27 05:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/04/02 21:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\topitavi
[2009/12/06 20:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/03/24 14:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/12/06 20:18:11 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/02/02 11:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\Ashampoo
[2009/12/06 20:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\Cool YouTube To Mp3 Converter
[2009/01/13 17:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\GlarySoft
[2008/07/08 08:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\ICAClient
[2008/09/28 11:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\InfraRecorder
[2008/05/27 06:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\pdf995
[2008/06/21 06:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\Scooter Software
[2008/05/27 06:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\TaxCut
[2009/12/06 20:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\TuneUp Software
[2010/04/03 07:08:34 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010/04/03 07:08:34 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0029\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0030\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/06/28 13:25:42 | 000,088,960 | ---- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\NF4systemdriver\IDE\Win2K\NvAtaBus.sys
[2005/06/28 13:25:44 | 000,088,960 | ---- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\NF4systemdriver\IDE\WinXP\NvAtaBus.sys

< MD5 for: NVRAID.SYS >
[2005/06/28 13:25:42 | 000,068,992 | ---- | M] (NVIDIA Corporation) MD5=30DD670C6FFA1E0EF51955C08A7FE5BF -- C:\NF4systemdriver\IDE\Win2K\nvraid.sys
[2005/06/28 13:25:44 | 000,068,992 | ---- | M] (NVIDIA Corporation) MD5=30DD670C6FFA1E0EF51955C08A7FE5BF -- C:\NF4systemdriver\IDE\WinXP\nvraid.sys

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/27 23:41:58 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/21 12:27:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/11/21 12:27:39 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/11/21 12:27:39 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

OTL Extras logfile created on: 4/3/2010 7:20:40 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = G:\download\Utilities\virus malware
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.45 Gb Total Space | 9.37 Gb Free Space | 34.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 97.65 Gb Total Space | 85.31 Gb Free Space | 87.36% Space Free | Partition Type: NTFS
Drive G: | 97.63 Gb Total Space | 77.08 Gb Free Space | 78.96% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DKHOME
Current User Name: Kans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AOL\Active Virus Shield\avp.exe" = C:\Program Files\AOL\Active Virus Shield\avp.exe:*:Enabled:Active Virus Shield -- File not found
"F:\GameSpy Arcade\Aphex.exe" = F:\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- File not found
"C:\Program Files\GIGABYTE\ET5\update.exe" = C:\Program Files\GIGABYTE\ET5\update.exe:*:Enabled:ftptest -- File not found
"G:\GameSpy Arcade\Aphex.exe" = G:\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"F:\VeohTV\VeohClient.exe" = F:\VeohTV\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe" = C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:*:Enabled:World in Conflict -- (Massive Entertainment AB)
"C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe" = C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - Online Only -- (Massive Entertainment AB)
"C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe" = C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server -- ()
"F:\SandraLite\RpcAgentSrv.exe" = F:\SandraLite\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"F:\1942\BF1942.exe" = F:\1942\BF1942.exe:*:Enabled:BF1942 -- ()
"F:\SandraLite\WNt500x86\RpcSandraSrv.exe" = F:\SandraLite\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0C98E73E-D495-CA87-EF1D-50D3A719351E}" = CCC Help Dutch
"{0FF1802B-4FE0-81D5-D28F-5095543CB57B}" = Skins
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{173A4BD8-B1E5-252A-FE86-C84C7E7B5F2E}" = CCC Help English
"{17986CD6-070C-BE3E-E4D6-C36DDEEAA37C}" = Catalyst Control Center Graphics Previews Common
"{20D1D37A-817B-3A45-FDF5-507BD8A79680}" = CCC Help Chinese Traditional
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21879F6C-52F6-7A6F-6736-A7C912653608}" = CCC Help Danish
"{21E4AB1F-C62E-C5C1-96A3-F4378A763C5B}" = CCC Help Chinese Standard
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}" = Citrix Presentation Server Client - Web Only
"{272DDF13-3B89-D0D8-B668-CEC4FB34C1E7}" = Catalyst Control Center Localization All
"{2743B5EB-7C1C-36CC-FBBB-A02F2F4EC52D}" = ccc-utility
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15
"{32A3A4F4-B792-11D6-A78A-00B0D0150150}" = J2SE Development Kit 5.0 Update 15
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{38DCE347-CE45-219E-56AD-30FCB04CF71A}" = CCC Help Hungarian
"{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester
"{3F9FCFE0-4979-6377-771D-E8A3F3B197E7}" = CCC Help Portuguese
"{417E7710-C77B-4CB9-839A-D586A12C64E2}" = Smart Guardian
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5C844F60-CFF2-33DE-FD0D-09F3C392679B}" = Catalyst Control Center HydraVision Full
"{5F723D64-4042-ABAE-2A9E-1FEBA1FE4B00}" = CCC Help Korean
"{61709405-4DB8-410C-53DC-A76945D7EBC1}" = CCC Help Turkish
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6B02CBC4-C620-463F-A7EF-8AA4FC3F5989}" = Brother HL-2140
"{6CDB4B41-9244-EC3F-5FBC-550A8BC697F4}" = CCC Help Japanese
"{6EF0B467-8FDD-845E-F168-C7F0C6124C26}" = CCC Help Finnish
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74FF7813-4878-AB41-8503-22287CF11F37}" = Catalyst Control Center Graphics Light
"{79469AEF-FF16-C52B-F7F8-E1E203A036E5}" = CCC Help Italian
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{83E08A1E-963B-8846-8082-88B996FC060E}" = CCC Help Swedish
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A96172-A963-4A37-9FFB-DA6805BB915A}" = VeohTV BETA
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9ABF04DC-A40D-B4DA-189B-89497B599AB7}" = CCC Help French
"{9D56C31A-C9C8-394C-0804-670B0D2E0E1F}" = CCC Help Norwegian
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B59A1FFA-4EE2-805D-7B48-806DE73AAE03}" = CCC Help Thai
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite XII.SP2c
"{C37810F2-3983-B864-EB7F-DCCB67703FB0}" = Catalyst Control Center Graphics Full New
"{C7EEC93A-2A61-4B1E-B696-A264680A889D}" = MobileMe Control Panel
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEF6D9C4-EFA6-F0EC-8E56-8C85609D267D}" = ccc-core-preinstall
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D1C2B2A9-6FC3-69A6-DDCC-10179BD2A978}" = CCC Help German
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D5C8DB90-573F-A4E4-6EBF-728B634E3E07}" = CCC Help Polish
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DD76E812-359A-FEA9-FB17-2E55EBB36543}" = Catalyst Control Center Core Implementation
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E83971BF-8FEE-F2A6-E0CC-5187C1ECBD4D}" = CCC Help Greek
"{E9C6DC23-56C9-2B27-5FEC-4EEDD107D2D6}" = ccc-core-static
"{EAC31CB7-575E-8C31-468D-10D5FB31CD1A}" = Catalyst Control Center Graphics Full Existing
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F07717A3-8376-AA87-6BE2-D560F1EBABF0}" = CCC Help Spanish
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
"{F371C899-B40A-811A-2825-30BE7E941CC9}" = CCC Help Czech
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF6486A6-608F-F80C-BE5C-17D07E2D49BF}" = CCC Help Russian
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)
"AI RoboForm" = AI RoboForm (All Users)
"All ATI Software" = ATI - Software Uninstall Utility
"Ashampoo Burning Studio 2008_is1" = Ashampoo Burning Studio 2008
"Ashampoo UnInstaller Platinum 2" = Ashampoo UnInstaller Platinum 2
"Ashampoo WinOptimizer 4_is1" = Ashampoo WinOptimizer 4.51
"ATI Display Driver" = ATI Display Driver
"ATITool" = ATITool Overclocking Utility
"BC2_is1" = Beyond Compare Version 2.5.2
"Bookshelf 2k" = Bookshelf 2000
"CCleaner" = CCleaner
"Cool YouTube To Mp3 Converter_is1" = Cool YouTube To Mp3 Converter 2.5.1.1
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"Glary Utilities_is1" = Glary Utilities Pro 2.9.0.518
"hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InfraRecorder" = InfraRecorder
"InstallShield_{97A96172-A963-4A37-9FFB-DA6805BB915A}" = VeohTV BETA
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC Wizard 2008_is1" = PC Wizard 2008.1.85.1
"RivaTuner" = RivaTuner v2.09
"SpeedFan" = SpeedFan (remove only)
"TaxACT 2007" = TaxACT 2007
"TaxACT Georgia 2007" = TaxACT Georgia 2007
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 0.9.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2010 10:17:24 PM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/2/2010 10:17:28 PM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/2/2010 10:17:29 PM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/2/2010 10:22:06 PM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/2/2010 10:22:15 PM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/2/2010 10:22:17 PM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/3/2010 3:23:17 AM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/3/2010 3:23:22 AM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/3/2010 3:23:24 AM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/3/2010 3:23:25 AM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

[ Application Events ]
Error - 4/2/2010 10:17:24 PM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/2/2010 10:17:28 PM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/2/2010 10:17:29 PM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/2/2010 10:22:06 PM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/2/2010 10:22:15 PM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/2/2010 10:22:17 PM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/3/2010 3:23:17 AM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/3/2010 3:23:22 AM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/3/2010 3:23:24 AM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 4/3/2010 3:23:25 AM | Computer Name = DKHOME | Source = Microsoft IntelliPoint | ID = 1000
Description =

[ System Events ]
Error - 3/27/2010 10:46:51 AM | Computer Name = DKHOME | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 3/27/2010 4:31:13 PM | Computer Name = DKHOME | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 3/27/2010 4:50:22 PM | Computer Name = DKHOME | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 4/2/2010 10:14:50 PM | Computer Name = DKHOME | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 4/2/2010 10:22:08 PM | Computer Name = DKHOME | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 4/3/2010 3:14:40 AM | Computer Name = DKHOME | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

[ TuneUp Events ]
Error - 4/3/2010 7:18:41 AM | Computer Name = DKHOME | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-03 06:18:41', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3820',0)

< End of report >

#2 Essexboy

Group: GeekU Moderator
Posts: 56,107
Joined: 31-May 06

Posted 03 April 2010 - 06:38 AM

OK lets give this a whirl

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - No CLSID value found.
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {ae5e807a-8733-4e2d-8e9d-1c16cf4fe557} - C:\Documents and Settings\All Users\Application Data\topitavi\topitavi.dll File not found
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - No CLSID value found.
O4 - HKLM..\Run: [ratafedatu] File not found
O20 - AppInit_DLLs: (C:\Documents and Settings\All Users\Application Data\gedofano\gedofano.dll) - C:\Documents and Settings\All Users\Application Data\gedofano\gedofano.dll ()
[2010/04/02 21:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\topitavi
[2010/04/02 21:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\maguwewo
[2010/04/02 21:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gedofano
[2010/04/03 07:14:40 | 000,001,166 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH
[2010/04/02 21:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gedofano
[2010/04/02 21:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\maguwewo

:Files
C:\Documents and Settings\All Users\Application Data\tijisiku

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Retry MBAM

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#3 cify1964

Group: Member
Posts: 7
Joined: 03-April 10

Posted 03 April 2010 - 08:59 AM

Thanks for your help!

Ok,I followed your instructions. It still wouldn't let me install mbam-setup.exe I downloaded from the location in your reply. It kept saying the file was corupt but I know it wasn't becasue I could installed it on one of my other computers.

Here is the latest log after applying the custom fix you sent me.

OTL logfile created on: 4/3/2010 10:39:25 AM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = G:\download\Utilities\virus malware
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.45 Gb Total Space | 9.37 Gb Free Space | 34.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 97.65 Gb Total Space | 85.31 Gb Free Space | 87.36% Space Free | Partition Type: NTFS
Drive G: | 97.63 Gb Total Space | 77.08 Gb Free Space | 78.95% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DKHOME
Current User Name: Kans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/03 05:32:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- G:\download\Utilities\virus malware\OTL.exe
PRC - [2009/12/06 20:18:40 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) -- F:\SandraLite\RpcAgentSrv.exe
PRC - [2007/08/31 14:13:41 | 000,988,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2007/08/31 13:58:50 | 000,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/09/23 22:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

========== Modules (SafeList) ==========

MOD - [2010/04/03 05:32:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- G:\download\Utilities\virus malware\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/06 20:18:40 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/12/06 20:18:37 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/11/16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) [Auto | Running] -- F:\SandraLite\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2009/04/28 01:13:23 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/01/15 08:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/28 13:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.09\RivaTuner32.sys -- (RivaTuner32)
DRV - [2008/03/10 19:30:36 | 000,021,408 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- F:\SandraLite\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2007/08/31 14:15:45 | 000,018,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2007/08/08 11:54:10 | 000,028,968 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2007/07/12 05:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/06/14 16:41:58 | 004,429,312 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/02 08:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/01/12 10:54:50 | 000,010,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\download\DFI_P35_T2RL_drivers\Winflash192\WinFlash.sys -- (WINFLASH)
DRV - [2006/12/28 11:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/05 20:26:56 | 000,168,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/03 22:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2001/08/23 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/08/17 08:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/01/22 14:23:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\zntport.sys -- (zntport)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.90
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2008/09/11 06:03:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/08 16:24:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/13 09:23:18 | 000,000,000 | ---D | M]

[2009/06/13 09:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\Mozilla\Extensions
[2009/06/16 09:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\Mozilla\Firefox\Profiles\ez0txv14.default\extensions
[2009/06/13 09:29:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Kans\Application Data\Mozilla\Firefox\Profiles\ez0txv14.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/06/13 09:23:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/05/21 06:16:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
[2007/11/09 16:10:22 | 000,079,440 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/11/09 16:10:24 | 000,075,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/11/09 16:10:50 | 000,034,384 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/11/09 16:11:08 | 000,333,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/11/09 16:11:38 | 000,030,288 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/01/23 12:31:45 | 000,372,853 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 12875 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - No CLSID value found.
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {ae5e807a-8733-4e2d-8e9d-1c16cf4fe557} - C:\Documents and Settings\All Users\Application Data\topitavi\topitavi.dll File not found
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - F:\VeohTV\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ratafedatu] File not found
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.09\RivaTuner.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [UIWatcher] G:\Ashampoo\UnInstallerP2\UIWatcher.exe (ashampoo GmbH & Co. KG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Kans\Start Menu\Programs\Startup\QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\BS2000\qshelf2k.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\NPJPI150_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://citgo2.cdc.g...AWEB/icaweb.cab (Citrix ICA Client)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\documents and settings\all users\application data\gedofano\gedofano.dll) - c:\Documents and Settings\All Users\Application Data\gedofano\gedofano.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Kans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/21 18:39:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/03 06:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kans\Application Data\Malwarebytes
[2010/04/03 06:18:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/03 06:18:35 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/03 06:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/03 06:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/03 06:08:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/03 06:08:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/03 06:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/03 06:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/03 06:05:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/03 06:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/03 05:55:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kans\Recent
[2010/04/02 21:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gedofano
[2009/03/16 14:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/02/19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010/04/03 10:39:59 | 000,006,456 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\tijisiku
[2010/04/03 10:36:00 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/04/03 10:36:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/04/03 10:35:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/03 10:35:02 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Kans\NTUSER.DAT
[2010/04/03 10:35:02 | 000,000,172 | -HS- | M] () -- C:\Documents and Settings\Kans\ntuser.ini
[2010/04/03 06:18:38 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 06:04:09 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Kans\Desktop\NTREGOPT.lnk
[2010/04/03 06:04:08 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Kans\Desktop\ERUNT.lnk
[2010/04/03 05:00:12 | 000,000,298 | ---- | M] () -- C:\Documents and Settings\Kans\Desktop\exefix.reg
[2010/04/03 04:33:56 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Kans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/03 04:26:58 | 000,000,058 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2010/04/03 04:25:03 | 000,000,004 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/04/02 05:50:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/27 15:59:45 | 000,139,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

========== Files Created - No Company Name ==========

[2010/04/03 06:18:38 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 06:04:09 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Kans\Desktop\NTREGOPT.lnk
[2010/04/03 06:04:08 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Kans\Desktop\ERUNT.lnk
[2010/04/03 05:04:03 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\Kans\Desktop\exefix.reg
[2010/04/03 04:26:58 | 000,000,058 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/01/02 21:16:35 | 000,006,456 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\tijisiku
[2009/02/23 19:18:33 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/02/23 19:18:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/02/23 19:18:25 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2009/02/23 19:18:25 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009/02/23 19:18:04 | 000,000,004 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/02/23 18:13:21 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/02/23 18:10:01 | 000,002,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/02/23 06:40:00 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\itevio.dll
[2008/12/16 05:59:04 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Kans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/26 10:20:27 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/31 08:48:06 | 007,118,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2008/06/25 05:14:43 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2008/06/13 09:54:05 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\NVStrap.sys
[2008/05/27 06:48:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/05/27 05:28:39 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/05/27 05:28:39 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/05/02 22:46:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/02 22:46:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/02 22:46:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/02 22:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/02 22:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 10:42:48 | 000,004,827 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI
[2008/04/12 07:51:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/11 19:00:02 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/10/19 19:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/19 19:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/19 19:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/10/18 04:02:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/01 15:29:31 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\Kans\Application Data\AdobeDLM.log
[2007/01/01 15:29:31 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Kans\Application Data\dm.ini
[2006/12/24 10:01:54 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Kans\Local Settings\Application Data\fusioncache.dat
[2006/12/16 11:38:08 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/11/25 12:57:29 | 000,000,620 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/25 07:44:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2006/11/10 08:08:50 | 000,028,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >

#4 Essexboy

Group: GeekU Moderator
Posts: 56,107
Joined: 31-May 06

Posted 03 April 2010 - 09:25 AM

OK this one is playing hard to get as some elements have been replaced after removal

Download Combofix from any of the links below. You must rename it before saving rename it to Gotcha before saving it to your desktop.

Link 1
Link 2

==================================
Posted Image

Double click on the renamed ComboFix.exe & follow the prompts.

Please post the C:\ComboFix.txt so we can continue cleaning the system.

#5 cify1964

Group: Member
Posts: 7
Joined: 03-April 10

Posted 04 April 2010 - 07:27 AM

I downloading combofix from the two locations on another pc and rename it both times, and negitave, it will not allow me to install combofix renamed to Gotch or any other name. Wow, now I'm beging to understand why they call it smart. I'm pretty computher savry so it's personal, I don't want to let this virus beat us. I also tried going into safe mode to install it too. Any other suggestions. I wish I know more about how these root kits take control of your PC. Thanks for all your help:-)

#6 Essexboy

Group: GeekU Moderator
Posts: 56,107
Joined: 31-May 06

Posted 04 April 2010 - 07:39 AM

OK lets use a slightly larger hammer

1. Please download The Avenger by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Files to delete:
C:\Documents and Settings\All Users\Application Data\topitavi\topitavi.dll
C:\Documents and Settings\All Users\Application Data\gedofano\gedofano.dll

Folders to delete:
C:\Documents and Settings\All Users\Application Data\topitavi
C:\Documents and Settings\All Users\Application Data\maguwewo
C:\Documents and Settings\All Users\Application Data\gedofano
C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH
C:\Documents and Settings\All Users\Application Data\tijisiku

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply

#7 cify1964

Group: Member
Posts: 7
Joined: 03-April 10

Posted 04 April 2010 - 01:03 PM

Ok, I was able to install and run avenger. Here is the log:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: could not open file "C:\Documents and Settings\All Users\Application Data\topitavi\topitavi.dll"
Deletion of file "C:\Documents and Settings\All Users\Application Data\topitavi\topitavi.dll" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

File "C:\Documents and Settings\All Users\Application Data\gedofano\gedofano.dll" deleted successfully.

Error: folder "C:\Documents and Settings\All Users\Application Data\topitavi" not found!
Deletion of folder "C:\Documents and Settings\All Users\Application Data\topitavi" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Documents and Settings\All Users\Application Data\maguwewo" not found!
Deletion of folder "C:\Documents and Settings\All Users\Application Data\maguwewo" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\Documents and Settings\All Users\Application Data\gedofano" deleted successfully.

Error: "C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH" is not a folder! It may instead be a file.
Deletion of folder "C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file

Error: "C:\Documents and Settings\All Users\Application Data\tijisiku" is not a folder! It may instead be a file.
Deletion of folder "C:\Documents and Settings\All Users\Application Data\tijisiku" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file

Completed script processing.

*******************

Finished! Terminate.

#8 Essexboy

Group: GeekU Moderator
Posts: 56,107
Joined: 31-May 06

Posted 04 April 2010 - 03:42 PM

Could you now re-run OTL please and then retry MBAM

#9 cify1964

Group: Member
Posts: 7
Joined: 03-April 10

Posted 06 April 2010 - 08:24 PM

Hello, looks like were getting there. after following your last advise I was able to install and run MBAM. I have attached both the OTL and MBAM logs for your review. I delete the 4 threats that came MBAM found along with a file call AVE.EXE. I am longer getting security warnings looks like that part of the virus is gone. Now my problem is that I can't open any .EXE file under the user that had the virus. However, I can open .exe filse for all other user. Please advise and many thanks for all your outstanding help!

new OTL log:
OTL logfile created on: 4/3/2010 10:39:25 AM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = G:\download\Utilities\virus malware
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.45 Gb Total Space | 9.37 Gb Free Space | 34.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 97.65 Gb Total Space | 85.31 Gb Free Space | 87.36% Space Free | Partition Type: NTFS
Drive G: | 97.63 Gb Total Space | 77.08 Gb Free Space | 78.95% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DKHOME
Current User Name: Kans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/03 05:32:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- G:\download\Utilities\virus malware\OTL.exe
PRC - [2009/12/06 20:18:40 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) -- F:\SandraLite\RpcAgentSrv.exe
PRC - [2007/08/31 14:13:41 | 000,988,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2007/08/31 13:58:50 | 000,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/09/23 22:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

========== Modules (SafeList) ==========

MOD - [2010/04/03 05:32:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- G:\download\Utilities\virus malware\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/06 20:18:40 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/12/06 20:18:37 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/11/16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) [Auto | Running] -- F:\SandraLite\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2009/04/28 01:13:23 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/01/15 08:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/28 13:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.09\RivaTuner32.sys -- (RivaTuner32)
DRV - [2008/03/10 19:30:36 | 000,021,408 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- F:\SandraLite\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2007/08/31 14:15:45 | 000,018,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2007/08/08 11:54:10 | 000,028,968 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2007/07/12 05:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/06/14 16:41:58 | 004,429,312 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/02 08:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/01/12 10:54:50 | 000,010,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\download\DFI_P35_T2RL_drivers\Winflash192\WinFlash.sys -- (WINFLASH)
DRV - [2006/12/28 11:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/05 20:26:56 | 000,168,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/03 22:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2001/08/23 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/08/17 08:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/01/22 14:23:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\zntport.sys -- (zntport)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.90
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2008/09/11 06:03:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/08 16:24:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/13 09:23:18 | 000,000,000 | ---D | M]

[2009/06/13 09:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\Mozilla\Extensions
[2009/06/16 09:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\Mozilla\Firefox\Profiles\ez0txv14.default\extensions
[2009/06/13 09:29:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Kans\Application Data\Mozilla\Firefox\Profiles\ez0txv14.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/06/13 09:23:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/05/21 06:16:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
[2007/11/09 16:10:22 | 000,079,440 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/11/09 16:10:24 | 000,075,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/11/09 16:10:50 | 000,034,384 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/11/09 16:11:08 | 000,333,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/11/09 16:11:38 | 000,030,288 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/01/23 12:31:45 | 000,372,853 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 12875 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - No CLSID value found.
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {ae5e807a-8733-4e2d-8e9d-1c16cf4fe557} - C:\Documents and Settings\All Users\Application Data\topitavi\topitavi.dll File not found
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - F:\VeohTV\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ratafedatu] File not found
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.09\RivaTuner.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [UIWatcher] G:\Ashampoo\UnInstallerP2\UIWatcher.exe (ashampoo GmbH & Co. KG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Kans\Start Menu\Programs\Startup\QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\BS2000\qshelf2k.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\NPJPI150_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://citgo2.cdc.g...AWEB/icaweb.cab (Citrix ICA Client)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\documents and settings\all users\application data\gedofano\gedofano.dll) - c:\Documents and Settings\All Users\Application Data\gedofano\gedofano.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Kans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/21 18:39:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/03 06:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kans\Application Data\Malwarebytes
[2010/04/03 06:18:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/03 06:18:35 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/03 06:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/03 06:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/03 06:08:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/03 06:08:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/03 06:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/03 06:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/03 06:05:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/03 06:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/03 05:55:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kans\Recent
[2010/04/02 21:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gedofano
[2009/03/16 14:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/02/19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010/04/03 10:39:59 | 000,006,456 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\tijisiku
[2010/04/03 10:36:00 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/04/03 10:36:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/04/03 10:35:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/03 10:35:02 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Kans\NTUSER.DAT
[2010/04/03 10:35:02 | 000,000,172 | -HS- | M] () -- C:\Documents and Settings\Kans\ntuser.ini
[2010/04/03 06:18:38 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 06:04:09 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Kans\Desktop\NTREGOPT.lnk
[2010/04/03 06:04:08 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Kans\Desktop\ERUNT.lnk
[2010/04/03 05:00:12 | 000,000,298 | ---- | M] () -- C:\Documents and Settings\Kans\Desktop\exefix.reg
[2010/04/03 04:33:56 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Kans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/03 04:26:58 | 000,000,058 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2010/04/03 04:25:03 | 000,000,004 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/04/02 05:50:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/27 15:59:45 | 000,139,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

========== Files Created - No Company Name ==========

[2010/04/03 06:18:38 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 06:04:09 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Kans\Desktop\NTREGOPT.lnk
[2010/04/03 06:04:08 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Kans\Desktop\ERUNT.lnk
[2010/04/03 05:04:03 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\Kans\Desktop\exefix.reg
[2010/04/03 04:26:58 | 000,000,058 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/01/02 21:16:35 | 000,006,456 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\tijisiku
[2009/02/23 19:18:33 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/02/23 19:18:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/02/23 19:18:25 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2009/02/23 19:18:25 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009/02/23 19:18:04 | 000,000,004 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/02/23 18:13:21 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/02/23 18:10:01 | 000,002,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/02/23 06:40:00 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\itevio.dll
[2008/12/16 05:59:04 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Kans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/26 10:20:27 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/31 08:48:06 | 007,118,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2008/06/25 05:14:43 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2008/06/13 09:54:05 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\NVStrap.sys
[2008/05/27 06:48:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/05/27 05:28:39 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/05/27 05:28:39 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/05/02 22:46:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/02 22:46:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/02 22:46:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/02 22:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/02 22:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 10:42:48 | 000,004,827 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI
[2008/04/12 07:51:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/11 19:00:02 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/10/19 19:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/19 19:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/19 19:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/10/18 04:02:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/01 15:29:31 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\Kans\Application Data\AdobeDLM.log
[2007/01/01 15:29:31 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Kans\Application Data\dm.ini
[2006/12/24 10:01:54 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Kans\Local Settings\Application Data\fusioncache.dat
[2006/12/16 11:38:08 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/11/25 12:57:29 | 000,000,620 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/25 07:44:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2006/11/10 08:08:50 | 000,028,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >

MBAM log:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

4/5/2010 6:06:36 AM
mbam-log-2010-04-05 (06-06-36).txt

Scan type: Quick scan
Objects scanned: 129759
Time elapsed: 1 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\Gamevance (Adware.Gamevance) -> No action taken.

Files Infected:
(No malicious items detected)

#10 Essexboy

Group: GeekU Moderator
Posts: 56,107
Joined: 31-May 06

Posted 07 April 2010 - 12:47 PM

What the malware has done is corrupted the registry entry for that user - could you run OTL from the infected users login. I will give you a link for a version of OTL that should run under that logon

But first

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - No CLSID value found.
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O4 - HKLM..\Run: [ratafedatu] File not found
O20 - AppInit_DLLs: (c:\documents and settings\all users\application data\gedofano\gedofano.dll) - c:\Documents and Settings\All Users\Application Data\gedofano\gedofano.dll ()
[2010/04/03 10:39:59 | 000,006,456 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\tijisiku

:Files
c:\documents and settings\all users\application data\gedofano

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

From the infected users account

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Ensure all Users is selected
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

#11 cify1964

Group: Member
Posts: 7
Joined: 03-April 10

Posted 08 April 2010 - 03:37 AM

Ok I followed your instruction above.

Here is the log from OTL run from admin account below. I downloaded and ran otc.com from the user account and it ran but did not create any report. The user account that was infected still will not allow me to open .exe files. Thanks for your help!

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ratafedatu not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\documents and settings\all users\application data\gedofano\gedofano.dll deleted successfully.
File c:\Documents and Settings\All Users\Application Data\gedofano\gedofano.dll not found.
File C:\Documents and Settings\All Users\Application Data\tijisiku not found.
========== FILES ==========
File\Folder c:\documents and settings\all users\application data\gedofano not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: CDC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: dnetuser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kans
->Temp folder emptied: 587193 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: CDC
->Flash cache emptied: 0 bytes

User: Default User

User: dnetuser
->Flash cache emptied: 0 bytes

User: Kans
->Flash cache emptied: 0 bytes

User: LocalService

User: NetUser
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.1.37.3 log created on 04082010_051458

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#12 Essexboy

Group: GeekU Moderator
Posts: 56,107
Joined: 31-May 06

Posted 08 April 2010 - 12:32 PM

OK lets see if I can sneak around it

First though can you check to see if the OTL log was placed on the desktop of the infected account, if not running from the admin account

Run OTL and ensure that all users is selected and click run scan (not the quick scan )

#13 cify1964

Group: Member
Posts: 7
Joined: 03-April 10

Posted 09 April 2010 - 04:18 PM

Ok, here is OTL.com run from admin user.

OTL logfile created on: 4/9/2010 6:13:36 PM - Run 4
OTL by OldTimer - Version 3.2.1.0 Folder = G:\download\Utilities\virus malware
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.45 Gb Total Space | 9.28 Gb Free Space | 33.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 97.65 Gb Total Space | 85.31 Gb Free Space | 87.36% Space Free | Partition Type: NTFS
Drive G: | 97.63 Gb Total Space | 77.07 Gb Free Space | 78.94% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DKHOME
Current User Name: Kans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/08 05:08:56 | 000,561,664 | ---- | M] (OldTimer Tools) -- G:\download\Utilities\virus malware\OTL1.com
PRC - [2009/12/06 20:18:40 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) -- F:\SandraLite\RpcAgentSrv.exe
PRC - [2007/08/31 14:16:47 | 000,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2007/08/31 14:13:41 | 000,988,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/09/23 22:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

========== Modules (SafeList) ==========

MOD - [2010/04/08 05:08:56 | 000,561,664 | ---- | M] (OldTimer Tools) -- G:\download\Utilities\virus malware\OTL1.com
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/06 20:18:40 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/12/06 20:18:37 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/11/16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) [Auto | Running] -- F:\SandraLite\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2009/04/28 01:13:23 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/01/15 08:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/28 13:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.09\RivaTuner32.sys -- (RivaTuner32)
DRV - [2008/03/10 19:30:36 | 000,021,408 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- F:\SandraLite\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2007/08/31 14:15:45 | 000,018,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2007/08/08 11:54:10 | 000,028,968 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2007/07/12 05:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/06/14 16:41:58 | 004,429,312 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/02 08:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/01/12 10:54:50 | 000,010,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\download\DFI_P35_T2RL_drivers\Winflash192\WinFlash.sys -- (WINFLASH)
DRV - [2006/12/28 11:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/05 20:26:56 | 000,168,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/03 22:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2001/08/23 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/08/17 08:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/01/22 14:23:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\zntport.sys -- (zntport)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-515967899-1677128483-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-515967899-1677128483-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-515967899-1677128483-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-515967899-1677128483-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-515967899-1677128483-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-515967899-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.90
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2008/09/11 06:03:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/08 16:24:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/13 09:23:18 | 000,000,000 | ---D | M]

[2009/06/13 09:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\Mozilla\Extensions
[2009/06/16 09:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\Mozilla\Firefox\Profiles\ez0txv14.default\extensions
[2009/06/13 09:29:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Kans\Application Data\Mozilla\Firefox\Profiles\ez0txv14.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/06/13 09:23:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/05/21 06:16:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
[2007/11/09 16:10:22 | 000,079,440 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/11/09 16:10:24 | 000,075,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/11/09 16:10:50 | 000,034,384 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/11/09 16:11:08 | 000,333,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/11/09 16:11:38 | 000,030,288 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/01/23 12:31:45 | 000,372,853 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 12875 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - F:\VeohTV\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-515967899-1677128483-839522115-1003\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.09\RivaTuner.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-515967899-1677128483-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-515967899-1677128483-839522115-1003..\Run: [UIWatcher] G:\Ashampoo\UnInstallerP2\UIWatcher.exe (ashampoo GmbH & Co. KG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Kans\Start Menu\Programs\Startup\QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\BS2000\qshelf2k.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\NetUser\Start Menu\Programs\Startup\TeaTimer.lnk = G:\Spybot\TeaTimer.exe (Safer Networking Limited)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm T糣䒌�燁쏀漼毺에�獾늫處뮣捕劀幣埍䔁ﲴ纄餀ṏ벋ᲁ썮ⵢṠ筼挻ׄ团멐늶䄧렘帆矛뎎雋硽࢙㩵瓽겡쎔艎풡랁旭龤새닍䳽ꙏ≜�몎阪೑Ꮯ۽씥幇ꢽႼ嬌喐ႃ鵗㡢詈ႉ轲↸⹴쒂祀䃜⡥窆㦺Ðꋠ␪馹峪䚒䒖঵ꚹ剙儓ꠓⒹꗥ䓁དྷ㥼痰撫쪭ꌶ揞와扦墕癗ঢᰣﲟ쏮૽㳡봞ὔ圻昂⎦ꗹꙙ雃融躡└迍듖잱砘ﵭ鐕ၐ氈뤯萴⸰侚훽皹㑿鷉䫮䝏㎄Ⱇ㗁宓ᅮࣈ븄�곋Ꮽ湞䭈ーۣ㱛Ầ棄ㇸ微怂㖁❏林�鉬ꬲ뺡ꂉ㮒싔升쵏ᅍꄟ삓첹㔃辢ⷎⴕ튵곋睨嬇夌묒캺藼ᣄ坠칡מּ∿분쉿學㛮ᚮ㻽匓납᭽䲷䢧焘钉喃躗辰པ彈量镇픓㠃䥭믷쀉묋쒗᳢藟村둍檶肠䊮鹻苸寈໺쨰陧밄躲쵇隿䦟톼ᨄ岰筛泪ꬤ뽴្߭삐Ꙕ蹾瘌甂铜뵜蠪崊⦥喏暇ꮾᧅ캞䤽畍⺕�\ꥦ撷㝗ꒀ몸ީ矝鿢퀅돩赀쥫碱埛柝彉兽㉆�਎䠺ꍋࡳ퍑鸶ፐ翵畎輂ࡲ亹轙庶찐葱�酵왢赗텛㗛殎췕敡⃖�鿈ሎ佸௟鵉ￊ↢先孉㮢ዶ굍뻎찍ꥵ몊愆벵趌桼儏ʭ㩪䄊我憥㑌ﰄ囉૲놎☐ヮ䚖䑊ธ챰쭡䞷糍쵃ᦇ䂒家㌥೤菔远䄗嘨璿኎魨鲝閪恴汁⑪䱉順쩾箻雱첕巅w᡾愣�吵ꖕ雨ч깁艥鏁옷⴯ꥋ䢂棓ᎅ㑼⡜젱⿟�急ᶧ훚禃⛊᭰釯꨾醁鴐꣘䰳퐦ಕ폞ऺ꘿�듎呮㞛柇ᴼᯞຑ꒞佔瓛蘶聓�ጅ햳⹒逸ロ◝ﾂ轷㭺꿷韄䲃쇃藬ሶ瑙콠緲럀ꧢ㗝鲺Σ웾郢齿푦ᐪ孽㐡ᵉ⿄ᆭ䁁ꇄ祲䎸¢䴈숌繐饮ႋꦂ㿾ᥔ٣숮㍌䎏�覆Ủ谱ၰ鿀ᚔ갋轡⺏艾뎾礚砜昀躕神瓀ዲࡦ☗͌閘䈽귤�㊥焛渦䬔캚嚵쥁಍獛ຶ갏驽柙ㅺ쵏々炊ᩱ䄍鲢௷荗ധ⮂뢿贅▄롸燂謊비퉿琗�䞫捠諻ᯪ晫ỗ쯺⤁ᢄꦃ뙖ﰲꑞ퀶掻ס䖪킱琤얜耞뱑頮欱㤺問ꐂ�畽ꫦᠾ䩏�빧랲㣅斄鳋뛀琟ፆ੽䱢퓷ꖫ霄䤨ພ窰飊浞砖쪍゚﹪�㢱뜖嬝ᶸ턚涏⧜宲鷺릠駋B燐০㙚蟔厎疫▹嫄漶鷁㛷㫹송⾲唔ꬢ㘅뛅쁔踠迣䅽嗡읆崣爤磫榋嫭툵Ď⢯뎔ຓ密֓쾓많翟�ﻓ�桇槧毄譟嫊钖ᐎ�硧핵䚏蔇痛ꗱ䘒籅┏Ⓐ⠊动鷖繣슚ꖎ组㯁椩쩌苰뿶爝轞拐궗犓䄊䍘蠹ܒ뭶�ꜥ䞌섡諸숓蠟웊다學䋘崩㔆튽忖钕樯륻잋壇숌좣涮긩옽冭�냹鳵ꁀ鄝岪ﳒ弔יּ�趀갍챞쵞㶲ᨖ氍ꌌ旚ޙヨꧼ៎ᘺ鯻䅙ꏙ恑唌ၥ᪪隔綹�湒招癘䝡뚏掍痴免铅㭎晿∠䞃┨ռဆ넺⺜�튷䮪ԛ燼溸度嚀뽋弸崀鷤鐺捴�憽钯鐥㈟냃㯍ᇏ䙏粐붿练퀓䊽⧇䝣鉹ㆋ菴웖㿯辜ଧᱪ瑐ֺ㧵᭮篛ꢂ黖�췻衝떻ᅙ蛂ڤ詑谜ꘛ郉䧧塄ǀ�㭳䴉竨뤐⑒ｹ轃갑礨Ძ㞋类돞櫯噜勆ィؓ社벵砾꾪ꏽ퐹팩骊秵㟫⌕Ҡ喇垴缦쉽쐆횿냕륲㕬䑣媱뼒徇酰՛ﻣ됊긍阂士�團䉌넯萟Շถ怿獹ᬛ欪偽蒒蒱햋꺤䮾틡⡉沘镹ﭩ笠鰗Ȇ윚殟靸霵实ᒗ蔅ࠪ�렡죬�欥뛾㷟ꎤ꾪邕薳鞗⩱蕂└ᴉ眭䵸漺縇唶㣩ꓰ襤섁⼡䩛礛鿀嚶�⨞⨟䬀㊜뙟ᨔ蟸떈산⭏쟼ၬ뙪ऐ瑿᷏祮펌佧㩽๼⿬靮흹꙲蘻텇쇏䔴㺠萔႞걧␙내쨳賭�ꃽ�⓬쉙�椥付︅�꧅㉛윽翭訷ⷒ셒☝삉쏚檊෸⡎ᗱ⼉⎷�Ի㟆皮枡ꝑാƊꯩ馓凑沧ैꙀ੘枴뽚ꥋ╱䎞蛉쒑ヶ芸㩽䈃뤑狃蹬ᧉ㼺ﯪ沓಺뺜휧濏탢愒獮龏넢岟덴塾ﳮﲹඛ皵酔ﱨ먦♪䯱玢詑㷆Ↄຒ�僫웳藤ﵟ耷陟Ἥᨄꓐḝゐ얞�ﯦꏦ叔⡄葑難�ֆូ엛锢ⴿ먨╂댸᚟Ʌ⯢嶆짧됙挩ᜄා鸶ʰ슶ﮎ㧷篚ັꞧ隃䓼홪ћꤦ쨊๼茪犡仙碽髹ረ䁖잏ﷂ䑩㥵됝᳷픍돭뱜氖뾃鴾䁣彵�膭좖�첐�位䃳蓔鰙䚽⠒⤷醿�￩뢞⊩빨ᗞㅼ溡峊焓囊ឿ쎧욗ꀗ⧐ꭣᏰ⣯垕谺䤴뵠귗㬠䭂泳鵑兘�鿀ꣂ餪䐘ꭏ娪覠澬޶明ෆ틭蜅ᚺ籗❕畱㡁䏰嵗땲ྚ᣿렯₄ⴻ紙䆁�퀆蓪쁂㳖恽㡗蘔璲Ǟ墷䖸וּ螇訃探栙뾔嚣鋶ﴡ�癘曈躍嫆烍嶃폔쥴굲䖅俕漢劂索ꉣ뼎韁퓍近䧴꺖쾹٢睱㍁礹ﲏ俊។ᵈ䶥጗⸊᱓쏲਑ᎌ쇧螜䰦㇦췰䢜巬麓［�고놾빮馃궀��榎⧮䃚႟䔎눛ힰ孌苘럷梷睋혀鹃ﻡ㦿⥐菋㩵嗖㒻⚫䇳ꇃ奪篐䱛�縟ᗚ⢿熁짯웅論鲱篧䳭萿줪㕣胓폙횤ﴙ놲ᯗꪮ임ぃ�ӄ뚨�☦Cኘ寳㨍觱灵ਸ਼鿨腎븂૗꒺쮉蓃緣ퟙ耍誩䷩軇篚阪兤ﳋ褌圳鏵䞌胢Рૣ�ᳪ䱬礤ᒶ㢅ᣮ혰뺘ᝑ豫�棻ຂ켐쪢௑俖捍饣綟䊻絝讜됧浤䝀�郾槡髛溜˴쥀꾫⡇䜦럱倓䝲릗㙙풸늗펃䢋꛰묋钪렿䯎潓骑᥾କꆲ뛩Ŝ杭엗迟䍵킗�嫭虠༊际ꁿ튴�⑎겲藭඀�ీ㇉釳㵼笤ᅽফ፰䱁쭵훞밷�㷯拻넝㱨�ꔛ놃繤﫾嚿⚭㦣Ⱛ귶眢ߴ깋腭㛼㋧请ꝏ㷩뿌㣂⛿쮶샦޿ꢏᨯ쥆禋⋃ℏ칟칸殨폀郇덋ᓊ专糊醝붑櫳ꮓ宐〝�퐶阶귙�개ᨺﱝ륄�૭ৼꚲ즁ꡃ蓇ꎠ섗ꏴ䖖୰�죜박⋕᥄჆♟⽃冞찉諵㤒ṱꕎᨎ핋ፗ暉웡총奞�想ﻂ땉᝽⯃钯秈֋㼓懸锆脾�ꃭ썰댹丶ਬ絎膑븋왭蠓➆濏蕷ⵣ虒㨀讫䎎텸쯭黊㛣桄៼㧶맀㹔௬麚灢珗姁쁫猄榲ꕴ㷕竪⓷圙졡ߌ颜탷桸ԡ龔巨锚᫒掶�믵濢ꪬ嵨諼⌂ꠂ鿩㱂毝랓뚥ꐕ⇮捻ꀵ鬷믞☞툨ﴰ鯥鰛价貇㺣㦧୙㜋紛敥鲮㙙溄扈팞!쀺�僽鶸ᡂ䯶槷盕ꛈ照뚛鶚ᢳ�壹ꏩﱆⶌ䈬甠囶濯籟杹ᚃ羣�韯ퟬ㡆엄鈚ܣ垕穓牽ᚎ瀮㢣Ꮁ푁ꎉꄩ龢晨䁫᡾囼凼夡ⲅ赣࣓鵉뜿΂╢⮎˛ᥦᵄ�ꪍ滄༥䁧搸ᆓ柞祯黑ᖓ⼸Ͼ×븴ଋ㗴罌옢쇚텾먄蔬⨡춦랄쳴揢䟄㯐䉹䉥好ꆋ반莢᝻ዽ亂셿蒝♒耲栳꫓ⷵअᝨ樂맓ꄢ⓰ﳼ㡣⼔헂罔ඦᐳ妢ܜ槻㚳鶽耎ꏔ륤䤍甗뵭ⴱ횱깘럀ዐᇫ읬�㝞쭚鳘눻ᐗ뙏涫䤔頔ᬱ뙣찼餿댼㎚i昨懅纗�犴禘Ꝅ欎퍙꛲�᳧쬷垡䓑퇬쪏䧔碮ㆰ퍤ū�㲮蹜읨覨┕ᬥ㯺ቩ䳺⍱킯還←藩㘏㓀ꭰ災爴ꬌ蕬샔탻믨ᴅ㍤猪똶庶㦡턞递덏�忖临릙⿪뫪䨵醨ᥕ㶤䅤㨒驝Ԋ⍆沥扭ꄍൊ덼郐颓磼峬뤃쉋民敉捺髲진嘅蝯郗훴蘸벧ᱝ㮪厑ꬄ䡃樄캇⫊虜ﱥ肵燽ꯁ错�쟟ፔᩒῡ�앇欝毛뻖俤鮚媰䋜ꦕꐸ籀謂쥚ᢑ례ၷﲑ㳱蚌쮄웟㛪䆳뱈乾䲱蟘컵ȉᔾٹ郏⾗ƫ䄖䭃䔤䑤霔檧輼롉ꍚൔꏩ혣袡鑂ປ벰䖼Ｆ耘㍦뺢�낎銴壼霎ﮛ墒既푊⊉ﳱ䠈��뷣䋽娋׻䲀Ⰶ镮芠㮱妔痶�璬஍࿸丱ᄰ媞⣄垐硂⇚锼㴂˨Ⴥ礽쳕ꫡ콇谢僼㚓虦ﬧ㌹ї䅹�攽娥ꆅᕯ主�㤝桢ᨮ繂↼棦ꌟ쇿ꛗᓜ䪛仓�┷ﴥ嘶坤㳨蠉ᦤⴞ㺔ꪏᬎ菬奡볌纾�ᙢ菸些ʂ豆妠諩턡ኦ⭀毘⼌䶥ᧃ䘕▧狫�৆慉喧垚浾ࡧ몤ₗ漯鏃큿�劃ꦣ툇䉵嗾䥜窘錎鬎숻挔⹳㠒뻡뭫�눞Ⲫ㶯还뢕šᖉ묎鿄싯亜䵉❛�෺씗嫈颊ㇹꏈ腬譴딵椓䭫탤ଟ邚ፕ᳁˝嫲⧭蘕㄁㸈�諐ѹ苴炫咠㋒૝얎嘯䷎��衘鿐鞠훮砠꺯☄㵅ﳏ즻遵⎏�響草䢏먒尝믞岶朋ᯠ숺鳑ّ謁鯠ƀ될ధ쪍Ҧ孜웂趣퉶4』侃ꗡ覗换●坹瑱㱋뻧ཕ蠇됈鱤⺎쒻ɒ묙깷浛惠悂椠词兺�笺胭蒹휛ꍵ㼒〦䷲퍇漆拾ꆡ찎꧜餠턻㜂뮝檉▯뒃䋪췘㯥坉賦삜콬苖흋렒ᚌ깤薪戥䟬햄랤햋㿺냷὾激葃聪痦騚Ᾱ읻�ꔫ᭿笮㘢勱穐稣應ᓢ栾祷塞랂ᙣ鱻귅㣃囜Ẅ⡢愭ꅕʥ赶톻��劇疺᠀䒲줧䞤苲⻥؍ﾼ꨿궨煵⻐띞ᩴ텸壾蚂븤莏⣈ᆗ箛㱰ᜰ�⅞俜鉜툕됡䙯㦡傆鶕龼୻ꢨ琜㎧䇇纯뾰ർ䡾㖐嬗厃骵쎆篶眥售귊鮅�탲歋躚쭍憆䀳茜꼊Ჳⷷ뜕橮劐驣ჾꚻ꘳鞡靣䪋ꦨ䯻퍷䊬좙븠奠亽ᡨ嗮䎄䩍咭葜칌塜巷聁鶯቟켞ꮦ쉰迡클闤봰鰚෌൶ܧ筸빽㡋ﱹ체渇꛺均硧℥ⷬ嶻岜輟ퟄ䎢绖떿嘲㽔㡊倯걂邋욚κ�웡蕥힔ᣬ峧⸚诵︲甩墄묩៫妨ܲ푙࿉�ꨁ燾こ뢤헥选啓ᔚ뼏㰫᯻䬥烥겒㥊蛊뾿榥ᴏ蝪锥턀㕅梥캰哆㶈ƺꢨ᪶렏퓞뮵쬙⻩徲ڛ᣻ႶО瀙뾊䪦蔻ʛ칒괷㾒귗妫ｐ㱆甥힪섐崷友崅㙻菆᮱Ϻ⶛葪ᰠ畛荬ꝧᚎ좹魫෿ꢅ啋�馽횁杣웭ﵫ뉫俻浞廷ů讲㣺횩菵ဲ�ę쿼䤕텠롶鯳榿�驿욒㒞着᫅䥴忧ﵐ쟈쫉㼝濭嘋璘蠧渆双ῐ呐ꅄꦕꊯⴄ荫唆圣㝫쓒㖤ｼ妓ᥳ뱧૟簸Ŭ泓䒞嬗됩컧ꄥ຺믻잤㤩큽瑆艭쐸楸愦놽䁁帬䩱窡㉴䎐魎᭷瓶孟丩蚌끚፭㇊쁇ﯰ乨錍灨啹ꏂﺛ꭪㦭ꖜ㤓뒺鯘ꐐ豐쫀自⩩⮞뎨튧դ܅⇋ᬚⴍ쀶岒弐꽟ќ廕潕东ᚬ�蝖瞳�䉩促䭣뭳별쥽᭿Ꝗᗌ첑ㆺ뿎螿徢ⳉ枘㺣龤㢬ⵌ抆Ø⏆剝偂끵⹀૓죑䠀嗋ꥼ텷변ꃲ렺㆒�⯊㕸䝮ᬔ匾鄊瓕㴍῎﫢�ᗏ㬊쉗鸡펹ᄌ࣮罍㯴ྪ볉䍗뱪딌森췄ꅷ캬ꉜ�䮔諊엱ុ瘍ᔋ명ﵝ枚ᄐ⾒ᇙ๪뾡儝묊�囉�㐔릏୓ﶪ됁Ꙙ髹䱌凅ẬྭⅪ쐷颁쇫晸䍑偐�䀹ᾍ睽瑟孹阸츀࿣컑杺ꊺꎵ骕蟯䭒眒㶗㧔呝�熝떫릘㏍踴ꡡ⩛홛٥炴瓯�⾑�㝐㌌좑汻厪ﳄ骛u鯤�㜕픤㢳䈦篰䲬ꯗ滿⛟쾚宦対奢檓ᴯ넘种鏤袖᧡୳贳蔔⭠옊俖䐑﫚쵅쉄ﲴᗺ驪僉띏ꐽ貜쀻ẕ㟉悺設䮫᷷䁜맻篔冁ﮱ౸垲㦬䗹䮶ⱓ盲ᘞ뒖崯幊薂ϥ鴙쒰辅寧Ṽ䥯㝪ж泿퓰倜ㅑ佯캳憸䐽ꆝ潖髹퐟멠띐爁ᛵ郤緪ⶶ︟몒蓆魷㲱緈䝛隨₥떃뙭䲔摚췤㇗뜨뎟⽻⡟긠䔊綱ꍚﵠᓫ瓋숑構쥉榺ꞎ᪂ꗬ㋜ぷ呚螫㴃΢㡏䟊㇃찯Ȕ輋桝ॠ暧昐㮐鉔㽭奩�셋ಜ滈郖ᅜὴ섒㷐ꍉ⌸䨧ꔍἿ熎謞崼塚랺㛠䈺膝蓷๸汴鶔㶊╎䬚⟔罤舶鳅張睧ࢦ烙Ἅ㦊꒭᱒꩓냖癃簖㔩鸠졤쫂깳狼齀貀߁螵潐幚刃델唨䡰⫕ጡ䰩ᎅ奧犄䢏㳕얼ꅩ㉹꛼༑ꙡ笛䘽症燤簈ސ㛘旌⾢Ꙡⴓ븼ﮥ⩨续䐣䅰昫䉜먶祅硻排Ტ힯䏖ﭨ᜖닺禃ꆧ൙鏁��鶀웫蒞ㅱ鋼ര剪ࢸ��ꋗ搃凫ﻩī쨐최윒竢㍩Ǿ鍬넪莕꺣됗᥼졑㙘��촓⩚礀㧈⊓䝔멗堞铨桨Ꮫꀹ赜᫛ꀨ訮爼猼嫊⒑껋玐✍頽歫믩蹛聀ࣲ✳䠇ꆹ�ྗ痢饛샆朡騨둥೉婘醉Ὓ䂮ҕ醛ꟳῲ몹�拣鸘綩폒澩뤉ళష썹ᎍ薊䮔鰲ꈨ➒頁ﾯ踟禆�ඦ뺇羆䍅⭁耋圊鼂�ㄠ៚ṃ�狪繵ﲱ﬌ᖁ븭悸옇붐亰噖롩憘붯⨛竽양り䮡勢ぁ轝ʡ២覺킳Æ଄≝�ꕶ扦⏺苘鑟ꆤ沝�쐶涤댻⭔泤믪䱲銎殙䄇Ҟ弖柽啗拸濈�贴끺⧴歒铎팆೶荙�Ƙ쮜꠷雚彃≆ګ葻蘬∻䮽ୄ᭹䟬琛큙璓厞碥Ư侐欃瀞储纀ⴙḞ൏�훍槖さ誒艉8邴㺹埀掎䭽ꆵ娗鰋঄ᝯ鑶ꭔ빼旀슆뿜首礳夷䨰᪵曮⌒㖛㥋秚귉骜䔼ᬦᴬ려᳊相髤㆕ͧ瘥꯯◮餚浡⎤迂喐ആ焈픈젌례붵뵯凃ꩰ⯸䫞龗딊ﬞ굟뙘妘ۦፘȷ㶿뫚쿥䈒ޙچ轴謦䔹亚ﺸꓵࢮ殉臸梃餃맖೨ꍅ⠡삄좝霬வ紙ᵻꦑ彵�ꡍ퍧ⲅ苨ᜂ緻㛷霯㞇ꗝ毕眛ڗ循棶썝椖봅ྲྀ믿卲꫖ﯓ␗緶⌡㵩ً擯⵺ᑲ긚骟驪ﭒ퍨밷䚨陪疄㤊ᕖ⧹⧉孉検蹯ꯄ뒀覡삢假㦺ꄌߖ꒏뀟㘞䖛︮鼖谐⟟뺡ྠ脲嶃麋퓵싄扩諡ڬ㍕녕꾛쐲고᰷锾矜鞕䀲๤�ᰪ积隽褨䄉覤�㞌��Ԑ始粴鎍槔떛찍䜉䩳ⱘ锕㥎⬎偠ל꟭볕惈ண趛㔇䥞跨炪摆ꫩﭔ휘퐃駺鲹蝷δₚ㖟�⌐Â꣈됄꾤䙎鿥쌾㱥ਾ䎞戭钋렕㍋뵧歛鼲쎰ﳴ�挍꼪븠퐤掑ࢼ借풶१듅ᖂ踸�邅굿勰麋⤟쨉⇾⪼뫶᪨ệ裆笘袭�⬡皽ㄣ菙㎌Ȯ壘삖㜬챭Ẉ蚓酵橜訔�䌫䡥醀钗ᣨ∞箷踐�⊎쫩칮熝喧佊﯅脧ꋳ뻄ݎ됰뷨ꄟ兛猱≔Þཁᷟ褝ꞔ駰鸆럘尟퇕튵驶鉭椁谕끰౜忉᜻汨�푨䯗᨝夋됌娔乭꽜㑛糥ৗ蝓뢢뼬㘢膵哲癈㐕＼饎˗ࠠ묖ಥⶸꙨ㎭뜥⼵㙰㖶꺗硍⍀啴鐄ѣ犉ꡮ◎䪛錢츅弳襑鬭❖始ᱱ鑿볟鯻捒檃࢒쭐ឿⶐ�㪄�瞤�捩忎螻鑫㚭颊筶�炟黯騍팍峡�ו羚폂쇉꧙떄ꔅ뵕澺ฤ䛌똿꫆꒣렪ゴ慙喒ᒀ뺼霎㱇�쮦⸄儲劺�쓩捎稁ᤔ㥿更귛笼軨鲭ꞟ덷щ毤坲⇍ᗢ㱀䊆⚠퀱路緙穞봼謄䎪걑　ņ稫䠯퐵ೆ縔퉗㯚줒꽶侤ﻒ竳뷣ⴚ䲉臘榭튑蘈⢺팽潈䷿쪃ꂲꛄ陃ᓛᘨ쑖玓粬쫨䘧䤀货ⳍ竓춧僩ᛨ嘗謮諕 딇ㆪ㞾⾠抢颶硜엶뇉⹈窙ຶ堩䒈└륳徖砜�麝並�뺆摌ឬ쟩吻䔢隖ើ↜횀哫楁ꦫ�꠿寡ꯢ∆쑕뱎怆㘜ꊩ栥ꊶ∽漡쓐씖籿⑈㒬䀻氍諂䢣뜻꥾�ᣜ栯뚩벢쿷鲃橠碮奃늆⸞쟇ᢺ煚桓ᧄﳵ眷ୡ༌ࡗ闑◆�ꀦଷ垇迸쑤隯ढ썂ࣗ펱췮慌讷钇歕婪貈骜컙䁜Ω謢䞞�ヂ㷨竸ﳋറᶇ퇒༔刌圮ꝃ⫱Ѳꄈㅤસꗶ૏ᮊ拞摉霐ༀ早퐇瓸횹ᐗ득�콛Ｊ⬊쏘㰭⏓剟钢嚗띟夃ꉙҸዌ픱䐯铚ᥓ哂뇐㜠㛡‥�琚쑝蘖끽叭�䨝枒䢨๼嚝禗萆춽脔〝홨㌹丈䀯ﴺ䶨皫샏橁ᕶ埈솯쪬꟨횏鯴肈첏崟舷啗鳞ꬌည᠝Ⓓ淮沍嵁祖ꕊ䰠躨쯛㙄炾⛵粽䦯쇊郠䪻䢃랈炱ʠ≧썅洉繝玗桦ﴔ䋉䟧䶄�⬯廭嫒ಹ㥬ꖍ啬㇝㌀ᗙ풷᲏饛攦ἒ늄ꟺ读觙炔⣆ァꉬ䌟㮶鐧艴૮栊鯹鈋뭾䂬宮嗯ᄲ쵑⟕ί摌䭽躃佸⼡骉៭䪲�䌢糗⿭쫭ꏯꧩ釻夤偉䚩縴廄�瑩ᢝ誮嚶䊣䖞഍쬏볥영枅陵돐蝞㵻冗േݗⅾ滅몪䀼떰肘픸⍦单満酏�ሎ佘𢡄᪼Ӧ�칙䮝瑵茹ჟ垹㰍ꆘ톞雽Ⳁᨐꬫ灚呌଻䇘땟棠䐺鷷瑢捫紨貽摌瓛殠旾ﱾ䪟灉䢽甉ꏄꝩꁝܧ꧇첦ዿ紕೉ꄍꉣ庙泪뇭便ⳇ벟㲣캧ৗ娼⍊캾얽ិ袱濜홼탫䳶땸脈⎑偷�㚝ᛲਜḴ�呗ꌒ�⻛澏喫糅향ៈ큇␤䳐ᔥᅺ㻄캖댵鎭顀錏퀼冄蚉蜭踢䮢긧�阅繇ꇮ엮詴慪ಷ⡻㑸腫페瞬ꁫ႘㽷㹧糶⯡凤쌢튜䶮∓눱彃偪䤪篤�ำ蝵�갬ᰳ찌鉱荈팂ਿ筘ꫫ쿃䶽㇞左끸㟩ꑄ槑㩇牆퍵析ᙪ㑢솱鼫刱媢촢쁙袺뻝�댞ꋣ쨡쟱绉�騯祀가⌲驝댔ꆤ㉊铂儀탞ồ붧瀻蘥⁠䟎皢譅贴�豍、᭺嶭偎灆뛑䎄䚐于ᵠ谰负쐾湢퍟콃ꎩ詂╙芌⇧�ᯣ敒휁㵩䷰ಋස颚ﾏ蘋庺㇕犟룩熶籇쐦ʩ寃ط㌰龷像燑ൈ᪁ꋚⰟꏋ➫쭭㉬艊שׁ꫋쮹ヺ犐欨鷷飡矤돔쒦洜蓃迖癈篮弗䑆排噖ꯠ⩈騊ウ㏯뒭엕ꌵ�壷捯菗줈᳣瘫峧머ᴉ鹹ꌊ겷菝顊埶똹ꙏ幎斂ꃋ⇛읡䡠⽷﫼ⵞ痖싼㆗輸캌츤⥮앞ฤ⍻㙗뵇ஂ硠왚騺뷐掾礳葵굿�삝ꟑ吆㾓邅뗯꣸ක开䫆宫燰촢ᆱⴈԺㅳ쀱璔蝳鏞ࡩ龖釂掰봫鼁䢰뮁툤ῒ僧㋻军ꉫ查꒺⼬弱河ּ糑윖᲻鳕䣱ꕳ뼛糗﹧歷壂�ᒋ硎堼旁샽ꄔ겐놯ꩰⅈ咚囑꟫甫癤⾩竵ོꥸ뷨㷊쥚ŽꝦ裞Ṫ胢뢤址੕닚樭轲璯᧊䲟䊀웈Ɠ쫝쪐瞧싓炲ᵽ풶형縥燖렭漱趫贙⋈鰽嬂೅먺앜�誳ᇑ큜斍ꖃꉖﴥ䯏芁࿣폐簣㨀怕᫋ᱸࣅ竄Ꮨ寝쬓籜鱇㲘㕅씎穳饒퍐濿ǘ㑕䓼�랰䉷捿擰ᱧ詈┩꠶죊�웉閪㋦惙뗙碊䤰ￕ䎏ᛱꅁ妧쿥盁䍒쥦뛈撻ꎹ訡䯶䡑䪌丣䗢ᙅ込桭㷶꺗ఫⰩ敐괩ᰠ矑컃工┤뷭י㺺럻咟๞Ҷ踾╻﫬�ꤴֽ扑馺쮳⦁㵬鍺�搹顏璎쑶⵽㈏狷⪑薯杻턧⚡遻떯覨산霑⛄겄Ѵ�ﭹ瑤歍ꈢ确ⵢ䰤譿幡䑣艽ꑇ㍲疟证騸緪ﾹ䕵㼱ꅍꔩ㣛�⌓聉㸡ົ풷Ć꬧֏慁㶝궝ꈗ팸풨≖ﱤ맫妱ꤻ蟗ᝑᐕ鴲᧱鼡蝺뎵㗖轔蠐ꐁ饐救焰弽㟡鐰엎괂뎴⦬㉎홳숊詡෺鎲劒텥㖵ດ�໅栅横挭ⓝ每䗕䜄蓳ಙ꾳㼙뤇薶芄悴뷒蹌蚏ᝀ꺁桛㳑዆뻉떫�귄ﵜﲐٞ䁉᪳盜꩘꫖䑑ڦ鄀쫥臚찖邺ᣟ슈ﴣɲ�挘ᕐ귙⢐뜡䩘�噊츶䶍⯍曰蚩ಅ麇ۗ᪏釖㇁⎕꛳⟂燿읏䚾ꏷ載�켟蠯㾆蠂灏�ᘵ镼ￇ㏉붉ⰲé糔ก:探ͧ秉㑅㱠ㅤ�⎫䧝晏�閳敨郑昣㧦�塇Ꜥ埦滋貳⌶৐�ᦎ虳ೂꢰ꺹㍑拏꜋掤韻ꑹ㥅넻킸留긵鉈奺䥔ꯐ峻菚羙둍㔽뗡衊૾홄䩠�㣭擮ヅ풯쩰夝얎ก⸇莾쐥듘졭쒆熾靛ꖛ槪✶꟝懭树緁ꡊ䢆ﺰ蹃届컖㪵ᆴ헭헪♦䴺碴缝吥폁쯦ꯔ稯탭並餏틥궅趷뮙땅烇�잧᱊䔍썄絒䐉铇꘏鈩瓾ⴔ薴㻆䯺첫뻛綕�腣表鱋ﯮ侈⬨샌ⱥ﫽騉ᔞ䱢㘁뒛ꭺ꾃㤷κ昅손녹瑘Ⴭ⾬泝歼聍ⶻ❞୎䯬؄ꉔ薇煘฀㏚ꓷ춏馕ᛪᥛ萜݀⎂센樻몌觛嗽⯺⾹ᧈ᫟坰휚덓��嗍돾㗉욬빕ᐴ鲋跡ﳝ䡡懝웪쓖⠣䣕ላ훴됱胃拏뎔䀸럄敜�馟遑덑젯㊛퉫吜჆禔⤙柷銠ᓁﱓ◸哋빮ꆪ賄入꿖﫫Ἷ⦙캱أ�졣ᛳ闑替膸릵眯ꄶ柎鞏熳湉杹⬅떮軬쵬祴携혙䚒㞎킁飻巐裉䯦ୖ⪟菈騧Ꙙᦥבּ졐�忙݈璱紧⫧✫䩾킶ᵈ퀋�듊औ폅憖醝ꋴ蛊㺠陾磖䈐厡棖뉦꫎뉺秷귙㻄墀䜝뛗憒Ɩ䃀프䌻챬ᷚ︯꺑ﻂ덣ె뚃겋퍍㯮ᮘ滻턍盕㣎蒫ꆔ�㲍䮄뾸�耠ﮒ৴ﭯ팻൤橁压젔伤쥖ଵ⥢⺛쟚䭟䩒舼ǿ㰓�ﲔۋ�瀌ヮ쉼삶꬀��먩鄺럞近岍料㷱惺瞺䘭ỽ摳쒹㘫正沂ᜒ醲춡ʞ桉欢⨔ӌ鯀ᄏ羅㘬䤴ᶟ밿杮㱬큒撋洋숐㊀៙迴믘篈଱䳶暾䉤綋힃悜㯏f哹派�徭�뱎춋㨾絽﫦ř蚉ಞ딝卆䔉̶族᠗㯼槖�ﯣ⑮㮌柂䭇�嚥ᝢ籥颺묚ҥ㹧ᙵ䇐啳룳놸鋈吩첁瑸껳鹭ⴕ�屿�扬殄棦ᘸ葷᫏춉穟霤暽䞿旮כ䳟㞫罹훢꼵姡햠�⏟䕚쵚�ꗋ梪롑욽Ʇ彡裰�羠즗䬯➀ⅳ⛾�Cጎ᳥ቅ൯鿳ⴵ쌳쥮㾘跁灷រ砍䶶肋ࢺ趔命栏쉌쎢䩎ꦝ慱᳈ᖛ鴉椇瘦⥰䫎ᒙ⛾쥹齹琤셂攘ﻸ约⽤ꋐ肋Ҭ䪠象윌㏠蠕�ᓽ碀꿌畩턬㣍❞霨檨၇躨磙�㘔ᥣꛡ㆒ᠱ꺤菏㻪쪅횎φᆪ愸乵嚐痱崠䡣ᙦ맯띡㗴ㄕ鋱圡铕泞遡ꅄꉘ❕茈ᤴ䑁뿘ㅴ牱洠塞름繊埞ȶ滖�贋閘➗欸鷫ᚏ앿땦诵鐸㴱擤䖯千૩᰸ꑅꤍ햆Ṱ憸櫕陡텷쥚掜㴅˂═軗ᡞ텓닙迺፶죕ꇒ읓む瘉㵆弋䐀觫쎣湚ￖ肨ꀋϔ㮤ࡎ戋槊쪸搴讔䴲㲖ᛠ囤磓㣀ᖨ榃玉뗋拃匘罅맦폑苭�艆ᖴ끾챉�䁅䩝搯쫭潆噙鎏ә뫂堎㔔뱏籹᩾槢덺䶐暅샽᠈蘆傁暴릎♆ⷖ惇ᦕ뉿掲උ﷍퉏뤐�䃍ࣀ쿕拄쥀쓲斸셳ꐫ먫ꪘ：ꚭЎ쀔ལꥐ❇ᮇ䌧廚�캇ﻧ⅍ⷾꜲ鐗윢巨䐮䰚뾙幻ж㫛㴸浂ꠅ掅 ಛ䪯俢濰큽贝ꦥ띦㝈ꪲ늟Ԗᰜ㆟詩旯☎檎폖饿╪蠥羡ū乂裦梑Ⴙ옋輱ㄛ쥇郒㴈﫚댱㰂옡᳖삊ꟹ㪓量戂◴雃敋怑ആ㩡⬮⢚㙑犃붾쁀詔Ὀ圊┦ᚥ糊陹峥੦᷽吨蚶滾닎䁮메埝䆰啴⺠仕广꽑諷㜣㙡﫿⳶词쇂�㯹ꈣດ묾䱐훦豆噁枡䚤핧냞꟎莈ﰄ㗁⏀ᣙߦؖ玌鿫໛䙈篴โ惕즎�畻落珔ᢆ蟲妟覭�磃岿瘮헛㤵礭邕젏珵ἁ咪藃앺뛳䇛᧴荃鍑⾋낈丯宭籌阿।퉈㡌ᗪ狗晎⾛힅창ȕ助�螮䡊㫇늭囈핺牟ﾔ끓簘ꇐ飨퓗삊먄ދ꟎ᖁ㛴쮁쯹ꬶ죥Ỡ啙Ղ仃襕陮楇괝佦搉ಀ聡춀膀㍠劇卭她ར鳛뗽㿋촯ꤸ⦧쨂�ᙚ㼤뀊벶⧒⼲냻媞ꇸ鼗꿁菸戈㊦竳ꦛ辐怃鉇耗⻛蹞홇�遀ऴ㈦͹叨°�ঃ賔頕朲䳪쳷⦗훗큁栦║巶兞ᣙ怉�ꐹ릆컼톰ẟ廃ቻಽ⑳俌ꃑꀇ㠡喜躗仉剻꽐昷ᫎ䒏䙪䟆髹읁貕䘜蒻ᡊዱ簰衂乐ၸ舵캤嵠릯෍弬�ጉ榃䬂作獨ꬣኰ꺶鳘拘Ğꃐ筭꿆펤㏱覨ꞈ䷔�敻Ž䠖娦ף᙭抠뽆䠑ࢢ벩Ё苕醩推ⱙꇯ䚣㹠颍㸝먊戧玷胤밷權隙਀᧵츠䇗苸㙊꾙흎灷ř覐ゴ陾瓖⑧쓩礱훋礰骏ℵ錦궴賹䠮䦿리煊樂뮳晅⾮뤶ɴ艹⮍狢ې쎵㟑릴뺶ퟛ֝䵖糯爣⿅䇨뷒셋㓮嚃틼糺࡞桋ǦꜸ㶑ⵅᎮ侭딞漮䥒缺컜ꍨ똱龁퍕ତ㵲냧贜侓൛ҍ꘩揆߬ᜒ뢟㵢ᶧ傭횗⽛뜰놑䕞펯ص宇鋝ḃ䋧凗ᚎ᭕ư믗汭었㍫륇䉈뾗梙柊賂⋢傖௬ꔈ邾鵗ྒྷ㘪⇞ᨌ誘痢ᛴ无讠姿砻츥杁硗ꋔ杊幧棡惾然⚲䕳线�迚歜欶꫟ᆵ럪�탦囌철掘ﵪÓ赟ㄎ絣뚏埦遇뢞堲�좫丞࿤分䷳䟲뻧唻�፨詪鷃ā㞛袱枬彺싛㣰쌩즃䒈✰㤓↰ꔇ�㜆ɠ뽁ﳪ෉Ļ萾E懶꾊覊㎃ఄ帱
넬눱怢颒ꑘ䚕⥳煭㹵៰獹ꭟ⌜뢉➅뜍㈢雸耦앦⚣핅뒫盡Ｃ硨૕〘⛠勦뇳��葒巀瀰씎〼驁舃宧먧듀혵錬⬽痿镄䜈ꭙ᧾뺕系�촕࠳윞펦頞큸҃紙䧥퇴鏹劂牼鱌及淓캠ꔡ磒充⨚ᯍ㮫륨╽椂뾑万쓐콬쾴麝콎ᇿ턷�Ҿ륔殗겧떄쒏ꓡᇗ枰芖犒猻뇰▓횝╫ఞ샓뭾ᧁ欄Ʇ�泃ㇲ�㤯⫦ᜀ쒥ʦ辎蕦ⱂ흇檾⃬櫱ꂜ�鞾褣❗沜窡奊㉅鏔�浖�娂捶좔ን쎳쮦ﺊ릖范영ا챫䲬閦ꛗ㩻᧷꾲ᩆ䌱㶟뫹늦၈꧞ჩᙑ�ꪛ䃹壔ႛ⅂聊늵錍힀ꃒ걞ዾ迲樫ዉ檀泺ᕯ縍ᰲ绽粈Է朘�ḍ౻๛⽇뎋띥߇咯ᴢ駞㙘�ᱽ⎉禊屇蕬체궉㪅헱祑澸砯볳ꗷ켃藭䓆苝ᣰ뙓⦨諛᧽ᐮꖍ컹㱸㨏ｌ㎥啃⪋檈읐຦ꐇꄥ⍾峽竐汲똺斳頂骾㱞纻⹬뇈苌⤕滥紐ﰵ䊻ꙮ懲佺䘢랠磙欨栀ᄭ︉쟜㯛喨똑�뺻曜ᜃल⵬傮결郢揌士쐞㧥嬅験鬙⣒鎷５ㅺ㝍꟠翤ѷ蹡无ﯖ烵儣䰍遈讑쐂㜃ᕗ鲋騤㒊ဃ턪卉슚曰꫑柖녴늏텙铟ෝ㙭뇈뗄�᭲ꬪ趽脢嚾變㌈ࢭ㙽蟂ᜃ㩠齜覎䤸퓜�ଓ盦㽸䅾ዡ�푇鰉흕恻뮀觙玦斱룞᠘詇了荜ᜊ盆ⳁ覱�挏঎쨆丐왣녙勹烥Ნ৚㓼꺕ǆ㡡ȃ쩃곛ؔ䓓ͭ꿒Ⲽ뙏蚾먿彙뀇࣮釵�䪃쉽뤹ⱨ࿻뒲ꔭꗶ핶㖛✂閝㡞鲰䭹▿Ӯ嗻磆颹翖퓡缫Ẻ鷳扆鎐ᑷꁙ겾ꃗ䙹ꯞ訁ᢓṆ䔒㦦䃗펺݃橬漑眦検硼礫㕎㏁篵壀્䠝呐撢隆�ꄍ크쬭舆걪섾᠁씵�怇�᲼㮄팭俠ۚⅶꮶẨ෸꨹ሖ;噌餴û厅퉥Ӏꬽ涟㣔뗰ꕒ똄㎽玢փႩ蝜쳬⯢迯쑄쐀ྷ洝蚏뢇崠쭺뙶୦☳᫉迚캼ꩯ겯䢙䍞ꞙ岃圞휂�૸㏫嚾玅⻋⃳㮋괡㌔ഝೌ辐௒덱ꆌ핻ᥧ췘뿘ҡ⛴뻦䫒ǭ毣ᣅ靭忻ꑕ葕瞶挥璿쩕舽䀎빏⪴拽ࠪ鯂퉃觃杻豯졦坱⠵볫ᅸᗁ㦲⫄즂㭽떮勶㝖₹ⷪ藯眬ೝ껱颖ﲞ閒链鱛诉傷독頡预ᨵ⍺돘ɺ�仟ꫮ퓆䲜搘쀖肣⧖뉌駢䤠㱯娶잹⧮懺�䉿ㅢ䰡솳顽촜单⇻扦Ƹ뙶哲鷪稪ј㞛늂ꢝꉩ傕皔⿬�㬡嬪᥇捍䳴纜�쩋슽�渒嶭᠅⚉ڳᇓ䫘뗺矉랟败兌즦ꛘ䵻㸺�轔垌챼ᮠ콜೵ꩢ뢒⮥�ꡃ苁�焚郐늲쨮롻恽Ꭓ랲Ⰲᗃʴ쩣᱆뀷呥닩뒌撞뎛넦䭷凟碃✭餲둲艨뾆ﳪ睒哧䇊ꎮ則됂緞㒉ت娉ﶾ牚⍘鴍溗봏蒟�飇묟掐豘碫㺾툜絀軨䥹껡⵸挗쪌ᵑ闕ី睡﵄䋰襍斊褹꠆჋ഽ卼藆猈ぬ䪖録쫸㮷ᯩ䉁䠃圌ꆀž溜闆孺㽸僋嗼ᐯ褊⠇铛序椒要춞⢘辈巿῏᫅켶涗赐⩓攅ᆜ㣴主훜꩖譐�﫼̢㓲遈Ễ痨�섙磭㝰鍘셳Ꙝ䟙㮼뇨㇮㒲營㴤꣚⇍ᄵ䑫齎ཐ梱呹휏蠺깷瞼ㆠ㈹傩벅톩㵜貈밊놼૭뮙虿퓇횩㻼湱礕뫩쾜陯⯑鴕橮裑ﶨꖯ긂啠㧍䭏䩚櫴톥啶皥蔀愝翮助ꨴꥋꜺ皋＆㡼㺼婘�⁛Ⅼꆲ맍鬝鉔㼞옩٭ܚ慠矿齌캚ᇌ紙׈㽆鹓謟궄䳟೉蘀獒⣝瑽즈퐒폊㘳潼侑鳎욊؟ۢ鲩贁∗ࢉ㙱珽ଏ実觞㶆奊ꤽ顡鋄夔쟿ᙕ먷샑끋岤ℾ팄Ⴀ䈸뛐櫛鼒硽侾⏎ﲫ즔�ᖪ䲟綫栓뫢䏵얓字�&嵾䱍䫠焫䞄贜䭙ꮳ壳�槶ꮎ뗔⢑�䤦稌싒숒ྷᦷ챋枭ᡕ�⻇侙惑崇瓭枚낂恰힔颉⁣䑗帷竴뺪嬠籼㋠�螣㱴聬䙗购�܂䞐ᣂ냣躱皼乾�ᤎ훗�ⱃ峋虗뀎舁䗻㘾⨊䫑ᡰ㿼뢏㎜ጘ䪖㫲ᴼᦷ娂먂༹鸺脶⠓酫랚膽⭰꼏찺鉠ἒﶱ̈갷햽舳㳎눩惄ᐾᎏ਒佑牯흋륜೚ퟬ輓熒㖡䷖ᚽ跼쪚帎쌣릈ᱺ픨죫몊ﺪ�烤�地屼悵䜽䪟蒝趐ﮥ茻撎适㑣뵪췵䧞ࢩ겑ꣴ敢㬱㴙꠳䏚᷉⛐棢�ꊳꊀ礪牵᪩똮啲﵏姐瀒꿈ᗑ錖໪授夻ꇸ⟼ᲆ혞삥쩳뽎싙⢼喋Ხ㟜퍅脜ꤓꩪ梊ᱨ矠作퍽謳�㓔ೄ뛳旸ṃॶ⫔횲⧏鼺�誣̼ጰ䣚㲇뛄铤묨�廋雳⾻쩐ೂ⯭苪죮ﮍ笓偸遬䉉୺⠴朆洯뀔ﶥ䟖菖篡˂��롵ꇿ黊ƹꅤ읛쑒�㕌ꆡ뭇쪻࿽຤䨋劋槈ރ裓枣⦢〯꼉䅰觜㯴䥜⢤ᾭ覩瘲䴤瑾�綁�㜕㜊�浉ا쾝﯄ጛ⬞呷橇俄劦ᒒ녁䵾�✵얉뱞⇉㜅黙뫝줖ᭊꘛ蔟Ꝕ載텏ཋ㏽沣熝醟门ﾊ䖚렊悪ꁢܭ葭쇦㯜ⳝ眐䝡Ớ㌱鞗봞룿ྐྵ锡ꯤ흘ꤺ烷荫퍺勻ド꬀䵊㓋賬椸Ꮍꨎ�書鮚讐␿貎ꄌ齠薚᳢◾﷈ὃ僄뀑켚啱ꓴ巪賻ꤝ짛㿮땿ⱅ豽羋쬋笩ᖽ癮貙㠁쇏▅ਯ䜌ﳉ蘘㹱ꅜ瘈젤渃骃�ꇼ‼礼峦암申껰㭘푇껾Ꮵ懥⢥돻㋭㲜ᅢ–鐌鶮⇓빩珻䭪ݢꕈ셌䗭運뉙࿡䲾鷥虖ٞ앗̸棓�ۆ�ᖢ⽣ｴ䈄獠밭ჲ㽇廻Ђ彌㕎⨕뚃≛䣫騦�䯦渌᭢䋣쁲蚓⫳仿䴟Გ錆끸솷蠎鞥吇ꨮg힗ө∁쟇┼ⶦڦ䪵潝ﲶ⣃ᎈᰣ垶紑䛊祃춥뺲蒷毃懥膕쵇밸⊜⼥㤧㎌篁닁抷쩍␑춺撻矀쵻﹥令赐ꀊ뵾醝驴䟱휗ヽ敇銀᫹뢧ᔮ뫋亍᫉벸岨鲋䍼룯趎ᜃ矁ᙥ�뗽濋怇⽘ƃⵣ欜Ꙗ㪳ͷ။Ⱐ蚀戊ℶὟ뎗ᒍ꨸㪜ퟴ㧱꧆埋�뮷瞽秤ᮃ筙硛ꂰ洪�튋⃪۬당Ɋຯ畻⮡⫧֣ї됊�˂ᨘ㘪貼叛넚뇗謺⾆ӛԋ猩兕욇½拽퀒ぽራ㩑ڹ㴑喦ﻹ쒈챍뱃ⴃ䊦饳滹Ἕ턓姏｀쐋ᡣ뇢㌞놽쓾軳₣こ揼ᾶ傦ﴮꢸ鹶攤쌆⋕鎰䂜䒏ᒄ理勃콘䫏Ѿ᪉飧⑚ཧʲ㾕눊ꃖ٤偫畤嗲珄瞧ᦗ尔�ꅆ頔�뾀꼦甸片睍鉹㧪뵞癬㷗膿ᶇ纍ℼ泥ӌґ꥓ꆔ遯灡㋍鐌㲭稨䡪㆗䨢鵒ꗚ݁ᙠ醫�꫿⎖㹢─ﴺ創꿠ɷ䂮勈ᤰⲭ捳⬉ᖋ겓ᥒ⠰ꨪ⠕㳇脙袠ꚓ㟝ㅲņ訮亻欋岇䧄虦爙镡菉볐ꈿ��悎륯볅죖백咜؎赋珠㮆뾭咒⿹�⳯㡸䋾㲻槗肶뾡胝ꤓ骋륥㘪ࣩ灶࠽馹ࣾ禃䷵ꐡ㠈�턌ࡁᲵ氌잶啬狦﹑ꄉ䲆쬄ⓕ⺯⤵䆒嫻鎂奔莒㦗뷱뢂厽큵垰䕛쒍ꤓ髜컼픩锐�且흎ꬥ寐載㊦깳虰袸氲ꃎ菘淧库㟏чﵽㆧզ콃⒦�഍䵁덪茵ꄣ줏榼틬黂銢걟눀玭Ꚉ൙ᡛ鄂롨曳婼὾欌౿ᾞ塘巄ꋞꟸꨋ䛀݊嗐ᣡ턋⿱掇ꑧꦦ싏퐴菢䡛ݺ굇ﻴᦖଉ妸곧晹㫲ኌ⫇념ѥ乄ġ柉댖饌᧕✨싫濚扵慁﬌ᕏ㯺먁ᒧ토霢劭浃儘슄⚟쎄盧칽䘖悚㴲뒭坽￦䐱襺㷓囬묲旹嚓黊Ᶎ椝靈Ἑ分迧Ჿㆣ듸ॖ┣䷏쮊祙Ⅹ昇罍◂떃旸�鉛틺煒䙤᫒丳䵸햎莕㟳ꯩݗᐦ�ᘷ涹䗖´뙾퇙沈á璨�躨댴좐ꟃ䇶駵퐡䩭מּ酰嫤ᮇྦྷ决턽䪓ᚹ옿쒓㞸켟蟣抁挺蒞窟᭐焊ʛꆓ먥⊌씯챋暠ᇐƲꍿ箾晻襸﵇杶፨㯵淌킮�澺륂眔༜ᖂ휂ଶ䩧ᘜ칿㞡뫎⯰ꠡ⤯忓ꢄ벌㧋바䏙㿠טּ죻᱉舧㹒뻭葡쾘懞笞㯷糰ꅗ볃�Ꮫ嘼㐸쬮宴瞰뱹�鿎苠둹鰅녀ꙋ꓀䧷퐮ꀫ秹ொ氮ꂓ$̼△�暦䠎ᗷ슒鸋氀藊淍ᖇ띪頉諘鍶侘∈�럣琾蘰홤槶衹ꭄ剁繦鴠錥ণ嵬嬜䎓鶰᩸ⵧ蠦㿳䮣釲䢦晉ᒃ戞챽峖鍃ઘ鄼ǋ�䮖霋銺粫⭌㣉鑉ᾐ驐獕Ს쉟⣊詒ᳵಓ혰蝒㞫ꮗ튼�淎忻�骑䐶�뻝샂陆氩⁽魯闗䗭ዣ믳풼팓읚쏯뻙ꆝॎቋ퍊薂ۚ얇┡ệ䕨댛뾕篾홼�਒別媸녹㏠൤ꥨ팁ᠮ⎬殪珷≸宊돹汐瞫暍ﴶ�甋윢૘䠭ㆉꓯ敱縃諳Ꮋ뢯厑蒖퀝߯�됐㚐꓇橎樋튬Ḭ檋ಠ긬륧㣷좲裆佳軪林ᕽ웢﯀ਙ잩匘ਝ巸険헾ꉩ驫⿓룾뉰狀츅곲胑砻䙽콲脀愒፳춼䚊��⨙ꪤ㽗ᤛ鷆簪境葃΅ꦽ쵕䱖繑㳫⎌〯ꤏ䴠�돯걏剕⎉彘르翥틘퀐虈큰䬋ᑜ翏筘迉쳘伓錔钊憕䧚亅䧟橒㩮镼撤ॹ蕢⭂᷀ٻ鳍삤䜔鏣朇䝓躋惐뚙䡚楖ꓣ椋鄒క్�﬑䤼婵睞췗藍濥چ迒墔뀀鍤ꨯ⸗䮣掠︟殮쵠偉퐙쵩唅䣆絟濰㳻ḡ⬴頾ꊰ᱿渤褫㘐齢밙㊲쮬捗ꛏ龜쫡ꨞ쨓鋑᧏႗须↦⛔♨꿇饰ﺪ켟셠ꈰ挔潘礃￩ᣡﳟ풜䡽䎩磠ꑓቸ㴉�鯉剚漥鯟ꬁ쨁듟ᦵ恐틑⣇䡭⎽쨄蝓椺ꋣ뎶둦牐騟Ꮌ㨌⤞쟟婻爒쌅璦鎯붒倞雨㹉А聯ࠊ곡裓躃衑혁일塦䯅䱊狉슾衔蛲楎ﶍ㸚㹓軯䆦쿶ම歖줛鼓䣫檞쇝瘝酚惱晜诛뾞䅵苏蟡�膗ਤ⭌顴䜃Ꞟ椷পﱟ˿廉㠳銚딿㾞嚽黜⣤劕�❚牞�ꓻ禮輼嶘耬ⓥҐ�뽃䷩튐ۨ䱥뽺␀ꉓ⻢䟻팆蹸�똽Ҵ໣Ⴈ褷ﻖĐ뉳맲륂퀹꽧衟韓ሟꛛ폚芽潇큷鷌瑓긐撜炙獘䙹ꤹＯ喅쮎诣蘋䵌횻騰蒴㦑疟坎ﱝ晢튄哪䒇ꢛ蔎ᩯ㕛綊䮵꾔㨏橕셖Ლ髊ꑨ쾫Ṑ�鍆㧵승Ẃຸ궩减暮㴑傻腾챌�笤鍰䗶쯇켐Ӊ伛ⵎ�匟⊦≟෤ꞩ征괨锬讽쳔⪦삲ᔐ徴ᨩﯘﹽ馚쯸儷�뇺믿ॆ᭵图䶟謅䪜ೱ嬕�馯鱌ﶈⲡ叧綂ဂ▼┶輻䵮爋韁䂲ُ㯛庫䱐樱ꕘ쑤濹逗⽸ⷼ䴩풢᷃⹍쫺㹁⫂㶭྽攼쐧㶹鈞䵚艆뙈尠耾䙯䰗ᕗ涱�鿭虞�없ɬꬍ력૪Ꚇ꣧끨匍ꨱ㾏䭍ꦗ둑焑䄡”誌㙒莻ጠ䗬Ƈ褽㴑讅腍ዓ�蚩䀙艪쌚�蔾뿋짱ꊖ焛燞츄आ苏눠€앞⹒䱈璩⪕轿뢭䊮屯僘㎂ꕱ꩞ﯸ쒖鐥婺Ᏼ늆롡뫟谪䳅⹷ᇾ霥뱻迱ﷷᯋ땵ꅕ㍳䆋塟蛔᩶둢㧸욥ᦹ䩸䣹強�晒ꫵ啳뭩狸�ﺨ瑲㤚箐ឬ낲엜밚瀫線쿉⨄ￌ쮾෣꟱ᎈ뢬嬑半㛯趌飆ꑨ퉬㡅钇乃厉渮룰㈊ꢄ鴧퀔罎殻ꞌퟩ險។댤ﺡ赼紪⤽�ヲ�睁䱨ᾀ缄䩶噊湩⸴ᦒ짶➪ᤷ뼁䊐忈⓺飮␋닑畲㤍��滽䢐簛᜖㖿談��ዳ꠿掅鴜�㐩뎀⑴ⱸ옮ᆫ걡攷ꑽ筃걋쏊肁썈菽鑗䀤淀⨨鹐☫˦暊㯨⅘�綠㙕况暛暥麳疙㇡ኳꚰ㲡眡ᢨᦶ⴨費撵✐턍㫼ṱ慣퀵饐솮萌鄚⼅Ɵ稙�㡊ح汷껨※﹆ٵ쒆뭯�檃왚䑂�㐚޲搑뀞覦ꢓ걒챗幨㋲ଗ竞攑䓙㴈⮡暟ᬽ壔箃鳐䇖蜴㔊用酺밿ᑜꍴᏼ㖊憆࠘솭옔嚤㷕㩩㈌䪎Ꝼ꟝胊셄ꦒꇃ≫䳉໛밉ꬍ㾽霑ۨ竷ȸ��隊㞤瘴賦湰গ㸙쭚�괁�涭簻龟ꪙ槞㫭隫剩䶡扦ՠ뿷谜㾒뵬䚇贎ቼ퀣憤쫩୵燤䅶貞頿왠䥛駮誊ļ蛉඲㉌듅͢ǉꨠ훋怡틣�๢蛽쨗ⰳﻩ瘼䏼膹ꮎǪ税뚌ﯼ荄펆ޙ絔靥襎׾곚鵓꘡ᔇ⥦擂嶏歺螁꿰䴓｡澭≚૵㥝￞蹣䴺绐䢯ꍎ㙱ᮘ纁짍஢鶓䏆䷏瘟襊ꃱ鶴�挀ﾄ숦•ꥋ쁇刄郷놪ꙶ࿭㔥匛䷜㲻扸◆㽖奢脮옡䊶ﴦ笳弋犵駳ᬐᒘ┠皞ꨄ꼪᭲ᄀ䂲帣殬蚄樬黎岖ﭼ됡흹籂�阕盢㥚곢댏刜ꀌᑙਂ鞚꣚큢ڬ哫鮪쿎‴翏᠞삢풯諱흻뵕炮沍氜軳㼤礋醅낙蠟퍰筙㡥佽鞹粀꺖⪼瞃䋄꼊漉䪘ƍ꾳㡉兡㯀Ỽ뗴鐗娶䏛嵶⇭喝ꪆ녓�䱓栿⯅魖嘈諔葻㼚㼾Â⯁渳碋ྷ╇̾찝ﲩ핡─�삔絞㵼荛Ứ㊠豣峌�㿴․ﲗ弎鍄漯仗ꔛ䜚퉥饇뢢⓾뫧乷㝉煣扄欮본퍒胠뷄寧퍲㼱ग᲏뿤풫㕢著屺ꟲස�쁞녡⧂␪禝妢혻趦쑙�웻䋇뻰識㤮險幉ꌄ☽ᰌ잘⹆镔ꍊ停ὖ飤挱ଃᨘ덗쯰薘⃚᧱ꚹ茌㋣ᣂ聉�촲殙醤쁕벽싊㽡ᮯ돛ᵥ漩ˀᯢ礑ᝬ㜙ᗎ㛐��ꍢ心Ჶ黖夾겿鷦讧벺媹䔐ﾓ兩듗蚐嵸症㚱탮접鸵ὸ䄣ЁႱാ犗殥錴�綹�耕䮄辻ဴ隰㖘䖁ꊲ룹㺱ᢔ盍⋦㭚㘺䁁傾丳甴ײַ劉ᇳ딣귚邎㩰옊闲٬䚄즿Ӧ誡눰乌ퟘ㹲쿓醰�怿칂嵪蠬⃱缎흷䕭歸イ﮵鸁⴨꘲꧄䠟쁈�潃ɖ勹蟯⬰䲦擧伐뺌圐똴諶㽛䒵瓩쓘異ꓓᆑ걳䐣獅⋓�쩕岤乷䌦영놃穙䉸Ⲗ鿙⭞矵왖꿹㒧徭㒨䊎։◩ॡṥ絳刬삫Ḟ릫弫攴䙈❎᮰쐦缧क᡹෤욊졯녰岲ᐟ⢱㺴艦⹾᫰ಅ澣ﲮ耧誥砦炍㖌룭䮸誾橳瘠벻崓勗䳊뙡ꡆ䣭薡莙埕혆떵뛲㖅�쉸ᬾꬅ敒꽖頋꟩볼촜“◨퐪剩醑矈鉖䧼ꎊ힘뛳靈놶ꇇ﵈휗협㕏⻺低駔냙醔꾭㧝ꥂ঎ᅝ帏౱䦴뺎带㊧Ηᶤᗧ茼ㄶ綄ԥ䚾祢昮ꫨ嗑⍢﬘Ⴎ舏歝촩�転Ấ쁍ㅷ켘鹪褮㲖㽜士苠⿡带ᬰ桀簑黐㷣겈싲彲醯Ꮫ⠩픶벒㕠ᖃ蔔㸃併ॽᵞꪘⷨꤠ꩖�鈚㾎岕惰舝䖶陭뜄⥫꽼麤騒ᙋབྷ蟎뀍ꅦ脤룘칶懖ꦔ鱓謆榃ꇩ侀珬童⩷�죱櫋᝾㍕苂༞﹊홑㹮瑚헶씱蒭㚮嫾듷ﭏ즔䀨媎楊屔䥰潸卆我ਿ縸䵵㈣걶畽쯵⻑必ꩬ狊ಢ葖ੀ젝敌屈⒌馴㓠殏襱䄳ڳ瓸꽦_맹줗㐭돧䚭꼃झ븯ᗬ状駥뭿坿噑룄ꖣ동�밾ᝥ𧻓잭቙珵廧Ɪ籜㼮힕涛Ƽ᪮洴른땎䲨仏⯐훦ᘭ픲䙢锲闻斨혭껾䜚㌿瞱받䡐㨵緎㚉❈⮭堏檣₫佌ｙ౥곀삪搊헸ꕨ蹢虤$圮銒邎癚圧뢰≗쏐놷䮫徇娲䒿翙岏즱霫�䌖軬uꊕ�퍌푶㕗累瀻卪鲼쑜闟ﲳ挖囑�ࢯ鰱잩먰צ奺奓⺡ଐ컃灇侁좺껛졿칒Ἴ㬰撮鸹댲讟蟖㕎깡ꨇ쓝帩ꆫꖌ뻰乵ꛕ槡ᑼ乺⍕ي縇篻稪칹撚㖏�챷㞫眮ᓙ⏇璋庼ቴꋔÒᯃ�郌틑輆Ự篆素ೱ笁牾靆꾈킼⡦ꯉ앷쿭�粶돁餀錤ී䢶Ꜿ窧㸧叮佚﹕♁ᡍ㭖煻�憄䊳쫝랮磻䢖菜䗎伵닚ꀷ棙휱⦇罦籟쏾��疿纴༣踷輫ᷱ퀾혭認玌摌ꣶᢟ甆鏳筨㜤ￏ辰壳Ṉ끸ﵡ㮁ὅꯆ⹘蛻膲꫔ל䀖燴袸懌␝괅ޞꯚ淒햩賷꯰奡膓꥙묘芺릴绠᫃撴坽矹鱼싖蠝咆췄㓇㼠᭺⏔ᔥ熏㍉邟씇祁ݠ嵺誱숝逰�夥蛓帏존膦讟太璓Ⅸ굼챆ǅ䏚㔞ၞ눿ˈ빰灖⊥�쌁�⯱⺲阨灦ᾑﯝ᱇浟⑹눞頺藈튮疭줹撈斥忾뚘懘಼茢㔮㴆╘㱤淏师꓉豘冣羱躅匳틽戕嵲ꛌ΄楻轁于瑋甥姄噵훩떪➸꿤벤˘䒠嚘횞ƞ톯䔈၈ࠋ釃聐굻揝踎熃֪⚴餏棐⎸엑믱좆㹐撲㲦ⓨ污怞휚�䡲鳌眷푈ӄ锭ấ臏鲁꜂ꌅ䓨橔뚁월曒᢭⸁瞾껌㨤籶䂻䕭穗ᢳ㉈깤퇕쎽謴�睊㸔묪台ȻⲒ⪗Ổ磍ꄈᨷ㊂쒫繛�蠨옶蟗呮モ炎惧㠁〼뽍窻੹轀ꁀᑺ鉨㱅�ᙁ깂샑俢�紽蟪ၸ텙豶鞧㥘샛돡쟭ｽ愬滔ᇏ랠漕㳒뿜ꃪז옼膗鋍�茂䟥┸�ퟥᮖ�克飕习宿᰺ℝ㕙ㄻ㴴넙춾͙妢׵ꖌ쭿뫲缇䉺ﾔ䩩▻ꐷ֮柾隩紩誺老鹈＆氙劆䦣칫ꂄ绪川綠㪃⊸≪﵂온듓탞ܢ戭珇ꠜ㗿㿚뇲蘄劚尿고匋箈獸❓얥䍞컸天뽊갂ꦃ⧣㘘䧹⹷ݳ㖣䰱䢈駖㙳Ꮺ᫬湴暠ᷩ⃜_낣�ᤗ驝๦㏣뤀떛쏬귚줪�વ좚堀ꑇ珞炨ዑ዆낽좋ퟒ섒푥ᅧ扡ꉉ旱㇉ℷ㟀洞ࢉ츳媟궼脏픈譑ꡦ叅簮ꅖꘇ硾リ鐎ҮᏡ뽉醹황㿴㪯�⢇呅跺뮭峲鈱벖ẛ豭㣁鴃麄沢᡻ٲ̩ꐐ啼ᴋ்缭獬뽮㐁膀䩏鍴낥ꕤ闣锓㇬设囐崌搦ᵉ턔鴘콪㫎檲옆犪챊拳窾攕흳䖫셽꾰䄼恥㹛䜳फ橼�蝺辅級ཟྤ蕥仟펠ﾂ팾쬤㯲谌ﻜ�矬̉喯膹�蝝㎏䜶袺읥≉ﮗ厜錇�헦䄋龭뇋㣲輋�ㆁꁒ揻樕且벑쿊鑦蚤訋埞卻뎹믉ⅉ㮨혋�ퟬ膙냠㻰㪍핇ᵸ谮☥⊣䤩曶䩹冖囖ূ鏘蓠侰⤄쮳塈坠⶗痋㽛츑畏紅坙�槬鞎좲뺈沄勴炲뉉՟궪偲ᒑ昽鏕굄츕椄阻᱐豅蚍궀＾긺㪼ꥋ竕霔໹걥è淋ᯩ吝⥖虱鉔㬁챲矀瞦몫붗箱隧䕃鸊䘪飨ⶑ뗙茨ڤ䘒豖涊댝쵭궠ᄯ姡뭕軟젛虴㨕ฤ鵎ῇ饊鐻㚞縅舗焒㈲ヾ뷰�辆碙ᜄ璟鍎練ᔓ蔄멩赔ᴪੁ菆ꩱ莯칻倒잠響拆᧘Პ︓⽡쉚性蹥划슖婃慎᠄흵願◁ዘ泞孴䮾ၹପЃ첛騯㏝鏟싰푀채䥽홗㈪垾저渵驒ꤑ꠯▭윯娍銃ཀྵ䊾崥駌镪犵束流濽５⹜텼흵崙爖ᓀ뚝ﯔ對땻⽀禑忋ೡ᫣䭁ꀲҐÚᑫ꼑꯬�ꈎ떊Ⅵ࿇鿧䋌㻴窡읠㴚敾㟝녝筵�㼆퍞턋벎ꆬ䙊ᰤↁ㫬頳䵾ꁾ䅦뢅놶ฌ婞⃄堜ኋ࿊읂᥷걺㙫៼룹⣅ヂ院�楁Ḥ�㳪⊢�괐䐵੐䀣瓱Ꞑ첚㯿䕐ꢍ⃍飜ථ켶鰊䈤ퟮ帕畷ꄂ碁�蹁䟨ቪ丒繾☥棡�쩊�阩᫅༄댅ꑥ롄姝︿✯絑⛼쭸꫃㡉싻ꩂ䢱狘∦绋뗺ټ溲຺쫋⠘�꒯恘豦�ꢍ₻뚼컇梖ｧ茉帻잔谯ꖖ㹂圜�螋ﶁ�ꉨ汞罠䱚ᰄ䓦��ഋ䂛롍荽䚃ಀ歠ᗃ馪㳢쎿␔흛�ᮐ漝㽚䇮⯞⾩帘炒珩씃幰뛭ꔅ㜪躒퀄Ễ༧籘쎬㺘䭢㽱횟슆綉ᴀ崮իﰥ쥡駶皗⣛ᄿ亵磲雲̈́ᤅ董�并塯窿콖菥ᲊࠣꖊ⾮蛔뽛ᦑᏅⵞ됰銀㼉䇗ꖭ骅⿅䅨촮ۿᵄ��ĕ렳圌壵媎Ֆ㈆ꁭ︐ꬸ㻴௱ञ乕ꔩ册鴬蔿Ⴤ鱟敜瘳᫓柆ᧇ蔦븽ఌ�䆋遐ᵎꤛ妼竌⚿綑락ႀ⇝䧉麁涭銟濉䅂缋ᶝ爢揘Ɇκ䤃觶ܤ잧枘㜬Ⰵ鰃㛟እ鍻ꨀ춶ҿ腬䮙웻婍촵්舗⤿仵‟㉋Լో⊯দ놸槣꺬�ᵼ獘뛄馛໬芡፫燧ੜ쿌쐱덃憞䊴칸햪蛪杘ᭃӧꞢ嚷Ѐ鳚쎜结ꓞ⨏ᐄÉ魽풺푈 ⏥㇢魺㫸ﵗh浒献녹怨묞ꓥ뗸漙﵈㗇霂⺊萀⭗峂黆虃鋼낻ﱴ犊ꦥᲹ釰黋₈ꅠ賾㙧㫆㫊뜜麦ﶎ뾟鐣옿෡덋˖걋쓝賉䆫粢伣㍺㯆귩뽺鋜㽘田룆⌖䷾붎쎧窽ᑒ⣅猶湍䗜遤酽尓栍ේ�쑒ꯎ噹㠾鲙๓ﺼꓐ⡙꛷䏷⬚＀숔嵵㌄뢴ᯗ⁨叛⥵楞侄㈀짪赼翊좟ﶣ圿板ၧ鵭꾫즈斬쾔抂濼룎孢ꨌ㘕拥⟎ﴹ⏧೭뮌勔柞∊㹷ꁖ묙䬏嘲匪蟸࡮蘬烚热Ƴࡱ봞첒쥎趬떋桑ⶇ풬婰㬦墘垿渹⢥讲╓鸫㛼㞗�䐣ฐ䄻粱溓첟⸚Ꮅ엁ꊋ쾊˧崢㔒ယ䨑ㆎ舉뿎ꠋᶬ㞦ꦋ楊歽ⲍ赥锾儶⮪ٙ栮밓ꏼ晎摐ᅜ疜䁟볈�◱ˮꦹ鏬ࠐᨮ⭤ꬽ⅀엤폋若㺉߁鿡텭鑸햔宺姺ነἬ竐ꇌፌ꩘㱑荘舕ꂊ뀙㌲靖Ꝏ귽ၧ굒�댆餰黔综ⱛ㡊鎤㈨þ撛�렛彗㺾᾿둳�散歴�薢瀑�㡳Ⅴ溜퓈札ዢ﹣旚⎹퉊馤ȿ嗯魤š 勅㲃 ᒀ耀`耀 Ȩ耀 Ϩ耀 র耀 ৰ耀
Ⴠ耀 ᆨ耀 Ꭸ耀 ᐀耀 ᑀ耀勅㲃 Ɛ耀耀Ơ耀È耀Ƹ耀ð耀ǐ耀Ę耀ǰ耀ŀ耀Ȑ耀Ũ耀勅㲃 Ќ ¸ ꀀퟀ 勅㲃 Ќ à 矀毐勅㲃 Ќ Ĉ ࠰ 勅㲃 Ќ İ 㺄勅㲃 Ќ Ř ⩈ 璘勅㲃 Ќ ƀ 黠 ᵐ CASE
CATEGORIES COMBINING COMPOSITION
DECOMPOSITION NUMBERS 勅㲃 ʀ耀 ʨ耀 ː耀 ˸耀 ̠耀 ͈耀 Ͱ耀 Θ耀 π耀勅㲃 Ї ʘ 배 Ĵ 勅㲃 ˀ 뵨 Ĵ 勅㲃 ˨

#14 Essexboy

Group: GeekU Moderator
Posts: 56,107
Joined: 31-May 06

Posted 09 April 2010 - 04:47 PM

OK that one is a bit squiffy -

Unfortunately I am unable to see the data I need

Would you have a problem deleting that account and creating a fresh one ?

#15 cify1964

Group: Member
Posts: 7
Joined: 03-April 10

Posted 10 April 2010 - 05:28 AM

Ok, here is a good run form and admin account with all all user selected. All other accounts work, should I just use another account or create a new one. I would like to get infected account working if possible. Thanks!

OTL logfile created on: 4/10/2010 7:18:51 AM - Run 7
OTL by OldTimer - Version 3.1.37.3 Folder = G:\download\Utilities\virus malware
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.45 Gb Total Space | 5.52 Gb Free Space | 20.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 125.70 Mb Total Space | 109.69 Mb Free Space | 87.26% Space Free | Partition Type: FAT
Drive F: | 97.65 Gb Total Space | 85.29 Gb Free Space | 87.34% Space Free | Partition Type: NTFS
Drive G: | 97.63 Gb Total Space | 77.08 Gb Free Space | 78.96% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DKHOME
Current User Name: Kans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/09 20:53:40 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/09 20:53:33 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/09 20:53:22 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/09 20:53:21 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/04/09 20:53:20 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/09 20:53:18 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/03 05:32:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- G:\download\Utilities\virus malware\OTL.exe
PRC - [2009/12/06 20:18:40 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) -- F:\SandraLite\RpcAgentSrv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/31 14:13:41 | 000,988,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2007/08/31 13:58:50 | 000,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

========== Modules (SafeList) ==========

MOD - [2010/04/03 05:32:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- G:\download\Utilities\virus malware\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2010/04/09 20:53:18 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/06 20:18:40 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/12/06 20:18:37 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/11/16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) [Auto | Running] -- F:\SandraLite\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/04/09 20:54:00 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/09 20:53:57 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/09 20:53:56 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/04/28 01:13:23 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/01/15 08:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/28 13:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.09\RivaTuner32.sys -- (RivaTuner32)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/10 19:30:36 | 000,021,408 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- F:\SandraLite\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2007/08/31 14:15:45 | 000,018,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2007/08/08 11:54:10 | 000,028,968 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2007/07/12 05:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/06/14 16:41:58 | 004,429,312 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/02 08:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/01/12 10:54:50 | 000,010,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\download\DFI_P35_T2RL_drivers\Winflash192\WinFlash.sys -- (WINFLASH)
DRV - [2006/12/28 11:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/05 20:26:56 | 000,168,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2001/08/23 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/08/17 08:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/01/22 14:23:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\zntport.sys -- (zntport)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-515967899-1677128483-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-515967899-1677128483-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-515967899-1677128483-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-515967899-1677128483-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-515967899-1677128483-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-515967899-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.90
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2008/09/11 06:03:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/09 20:53:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/08 16:24:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/13 09:23:18 | 000,000,000 | ---D | M]

[2009/06/13 09:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\Mozilla\Extensions
[2009/06/16 09:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kans\Application Data\Mozilla\Firefox\Profiles\ez0txv14.default\extensions
[2009/06/13 09:29:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Kans\Application Data\Mozilla\Firefox\Profiles\ez0txv14.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/06/13 09:23:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/05/21 06:16:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
[2007/11/09 16:10:22 | 000,079,440 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/11/09 16:10:24 | 000,075,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/11/09 16:10:50 | 000,034,384 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/11/09 16:11:08 | 000,333,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/11/09 16:11:38 | 000,030,288 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/01/23 12:31:45 | 000,372,853 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 12875 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - F:\VeohTV\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-515967899-1677128483-839522115-1003\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.09\RivaTuner.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-515967899-1677128483-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Kans\Start Menu\Programs\Startup\QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\BS2000\qshelf2k.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\NetUser\Start Menu\Programs\Startup\TeaTimer.lnk = G:\Spybot\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\NPJPI150_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://citgo2.cdc.g...AWEB/icaweb.cab (Citrix ICA Client)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (c:\documents and settings\all users\application data\gedofano\gedofano.dll) - c:\documents and settings\all users\application data\gedofano\gedofano.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Kans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/21 18:39:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 21:12:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/09 21:12:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/04/09 21:12:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/09 21:12:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/09 21:07:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/09 20:57:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/09 20:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/04/09 20:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/04/09 20:57:28 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/04/09 20:57:28 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/04/09 20:57:28 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/04/09 20:57:28 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/04/09 20:57:28 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/04/09 20:57:28 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/04/09 20:54:00 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/09 20:53:59 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/09 20:53:57 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/09 20:53:56 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/09 20:53:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/04/09 20:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/09 20:49:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/09 20:23:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/04/09 20:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/09 20:22:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/09 19:21:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/04/09 19:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/09 19:20:25 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/04/09 19:16:39 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/04/09 19:16:38 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/04/09 19:16:38 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/04/09 19:16:38 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/04/09 19:16:38 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/04/09 19:16:38 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/04/09 19:16:38 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/04/09 19:16:38 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/04/09 19:16:37 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/04/09 19:16:36 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2010/04/09 19:16:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2010/04/09 19:16:35 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/04/09 19:16:35 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010/04/09 19:16:35 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010/04/09 19:16:35 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/04/09 19:16:35 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/04/09 19:16:35 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010/04/09 19:16:35 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/04/09 19:16:35 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010/04/09 19:16:35 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/04/09 19:16:35 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010/04/09 19:16:35 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/04/09 19:16:35 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010/04/09 19:16:35 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/04/09 19:16:34 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010/04/09 19:16:34 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/04/09 19:16:34 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/04/09 19:16:34 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/04/09 19:16:34 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/04/09 19:16:34 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/04/09 19:16:34 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/04/09 19:16:34 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/04/09 19:16:33 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/04/09 19:16:33 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/04/09 19:16:33 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/04/09 19:16:32 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/04/09 19:16:31 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010/04/09 19:16:31 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/04/09 19:16:31 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/04/09 19:16:31 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/04/09 19:16:31 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/04/09 19:16:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/04/09 19:16:31 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/04/09 19:16:31 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/04/09 19:16:31 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/04/09 19:16:31 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/04/09 19:16:31 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/04/09 19:16:31 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/04/09 19:16:28 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/04/09 19:16:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/04/09 19:16:28 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/04/09 19:16:28 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2010/04/09 19:16:28 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/04/09 19:16:26 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2010/04/09 19:16:26 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/04/09 19:16:26 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pidgen.dll
[2010/04/09 19:16:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/04/09 19:16:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/04/09 19:16:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/04/09 19:16:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/04/09 19:16:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2010/04/09 19:16:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2010/04/09 19:16:24 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2010/04/09 19:16:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2010/04/09 19:16:23 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010/04/09 19:16:22 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/04/09 19:16:22 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/04/09 19:16:22 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/04/09 19:16:22 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/04/09 19:16:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/04/09 19:16:22 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/04/09 19:16:22 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/04/09 19:16:22 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2010/04/09 19:16:21 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/04/09 19:16:21 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/04/09 19:16:21 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/04/09 19:16:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/04/09 19:16:21 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/04/09 19:16:21 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/04/09 19:16:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/04/09 19:16:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/04/09 19:16:19 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/04/09 19:16:19 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/04/09 19:16:19 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/04/09 19:16:19 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/04/09 19:16:19 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/04/09 19:16:19 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/04/09 19:16:19 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/04/09 19:16:19 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/04/09 19:16:19 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/04/09 19:16:19 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010/04/09 19:16:19 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/04/09 19:16:19 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/04/09 19:16:19 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/04/09 19:16:19 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/04/09 19:16:19 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/04/09 19:16:19 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/04/09 19:16:19 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/04/09 19:16:19 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/04/09 19:16:19 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/04/09 19:16:19 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/04/09 19:16:19 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/04/09 19:16:19 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/04/09 19:16:19 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/04/09 19:16:19 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/04/09 19:16:19 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/04/09 19:16:18 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/04/09 19:16:18 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/04/09 19:16:18 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/04/09 19:16:18 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010/04/09 19:16:18 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/04/09 19:16:18 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/04/09 19:16:18 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/04/09 19:16:18 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/04/09 19:16:18 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/04/09 19:16:18 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/04/09 19:16:18 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/04/09 19:16:18 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/04/09 19:16:18 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/04/09 19:16:18 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/04/09 19:16:18 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/04/09 19:16:18 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/04/09 19:16:18 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/04/09 19:16:18 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/04/09 19:16:18 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/04/09 19:12:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/09 19:06:56 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/09 19:06:47 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/04/09 19:06:44 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/09 19:06:06 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/04/09 19:06:06 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/09 19:06:05 | 000,455,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/09 19:06:04 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/04/09 19:05:32 | 002,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/09 19:05:32 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/04/09 19:05:31 | 002,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/04/09 19:05:31 | 002,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/09 19:04:36 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/04/09 19:03:51 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/04/09 18:42:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kans\Recent
[2010/04/05 06:03:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/05 06:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/05 06:03:00 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/05 06:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2010/04/03 06:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kans\Application Data\Malwarebytes
[2010/04/03 06:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/03 06:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/03 06:05:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/03 06:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/16 14:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/02/19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/10 07:00:00 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/04/10 06:56:16 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/04/10 06:55:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/09 21:09:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/09 21:00:14 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Kans\NTUSER.DAT
[2010/04/09 21:00:14 | 000,000,172 | -HS- | M] () -- C:\Documents and Settings\Kans\ntuser.ini
[2010/04/09 20:54:01 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/09 20:54:01 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/04/09 20:54:00 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/09 20:53:57 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/09 20:53:56 | 058,739,158 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/09 20:53:56 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/09 20:53:56 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/09 20:24:44 | 000,521,880 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/09 20:24:44 | 000,441,322 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/09 20:24:44 | 000,071,322 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/09 20:24:30 | 000,024,192 | ---- | M] () -- C:\Documents and Settings\Kans\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/09 20:23:29 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/09 20:23:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/09 20:22:25 | 000,128,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/05 06:03:04 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 06:04:09 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Kans\Desktop\NTREGOPT.lnk
[2010/04/03 06:04:08 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Kans\Desktop\ERUNT.lnk
[2010/04/03 05:00:12 | 000,000,298 | ---- | M] () -- C:\Documents and Settings\Kans\Desktop\exefix.reg
[2010/04/03 04:33:56 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Kans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/03 04:26:58 | 000,000,058 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2010/04/03 04:25:03 | 000,000,004 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/27 15:59:45 | 000,139,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/03/11 07:38:54 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/03/11 07:38:54 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/03/11 07:38:54 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/03/11 07:38:53 | 003,599,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/03/11 07:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/03/11 07:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/03/11 07:38:53 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/03/11 07:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/03/11 07:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/03/11 07:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/03/11 07:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/03/11 07:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/03/11 07:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/03/11 07:38:53 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/03/11 07:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/03/11 07:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/03/11 07:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/03/11 07:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/03/11 07:38:52 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/03/11 07:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/03/11 07:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/03/11 07:38:52 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/03/11 07:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/03/11 07:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/03/11 07:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/03/11 07:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/03/11 07:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/03/11 07:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/03/11 07:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/03/11 07:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/03/11 07:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/03/11 07:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/03/11 07:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/03/11 07:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/03/11 07:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/03/11 07:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/03/11 07:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/03/11 07:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/03/11 07:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/03/11 07:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/03/11 07:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/03/11 07:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/03/11 07:38:51 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/03/11 07:38:51 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/03/11 07:38:51 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/03/11 07:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/03/11 07:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/09 20:54:01 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/04/09 20:53:56 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/09 20:53:53 | 058,739,158 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/09 19:16:32 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/09 19:16:25 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/04/09 19:16:21 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/09 19:16:19 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/04/05 06:03:04 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 06:04:09 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Kans\Desktop\NTREGOPT.lnk
[2010/04/03 06:04:08 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Kans\Desktop\ERUNT.lnk
[2010/04/03 05:04:03 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\Kans\Desktop\exefix.reg
[2010/04/03 04:26:58 | 000,000,058 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/02/23 19:18:33 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/02/23 19:18:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/02/23 19:18:25 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2009/02/23 19:18:25 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009/02/23 19:18:04 | 000,000,004 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/02/23 18:13:21 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/02/23 18:10:01 | 000,002,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/02/23 06:40:00 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\itevio.dll
[2008/12/16 05:59:04 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Kans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/26 10:20:27 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/31 08:48:06 | 007,118,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2008/06/25 05:14:43 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2008/06/13 09:54:05 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\NVStrap.sys
[2008/05/27 06:48:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/05/27 05:28:39 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/05/27 05:28:39 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/05/02 22:46:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/02 22:46:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/02 22:46:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/02 22:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/02 22:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 10:42:48 | 000,004,827 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI
[2008/04/12 07:51:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/11 19:00:02 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/10/19 19:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/19 19:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/19 19:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/10/18 04:02:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/01 15:29:31 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\Kans\Application Data\AdobeDLM.log
[2007/01/01 15:29:31 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Kans\Application Data\dm.ini
[2006/12/24 10:01:54 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Kans\Local Settings\Application Data\fusioncache.dat
[2006/12/16 11:38:08 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/11/25 12:57:29 | 000,000,620 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/25 07:44:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/11/10 08:08:50 | 000,028,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages
1
2
→

Please log in to reply

"XP Smart Security 2010 Alert" Malware Problem [Closed] - Geeks to Go Forums